win32: trojan.gen?

Hello guys,

I was looking to the detection list of Avast, and realized that sometimes they detect some malware as win32:trojan.gen, or win32:trojan.gen {delphi or vb}, something like that…

What it means? Its happen when avast found a malware with heuristics? Or its the name that avast gave to it?

Looking in vgrep, you verify that this name win32:trojan.gen is used for a lot of virus that other companies detect too… For example win32:trojan.gen for avast, can be 10,20 or more virus for Avg, or for Virusscan,etc…

Please, can someone clarify to me?

Thanks for you time,

Elminster

It’s the name given by avast.
There isn’t an international convention for virus names.
As you posted, some ‘translation’ list of virus names you can find here: http://www.virusbtn.com/resources/vgrep/

It’s a generic name given by avast! for malware such as trojan-like.

But I still don’t understand and have no idea why using too much generic name, why don’t give them a specific name. In my malware collection avast! detects so many trojan-like malware as Win32:Trojan-gen [xxx] and I think some of them should get a specific name.

For example, if some Win32:Trojan-gen [xxx] is very hard to remove and cannot be removed by avast!'s general method (delete, boot-time scan, ect.) so what an average users can do? if they don’t know the exact name of that trojan. :frowning:

Yeah, I totally agree.

If the detection is not by heuristics ( So Avast will not have a definition to it) , I see no point in give the same name for different viruses… Different viruses should have different names, so the user can take an specific action to remove a malware that do not leave your machine using just an antivirus as you said… :-\

By the way, Avast have any kind of heuristics? ???

Thanks for your time, :smiley:

Elminster

Only for email detection (Internet Mail provider and Outlook plugin).
There is not Heuristics for the Standard Shield (and other modules).

As Technical said and from the statement of the developer, avast! has no so-called heuristics in on-access/on-demand scanner but avast! has some kind of special method to detect unknown malware (especially trojan) and I believe that some of Win32:Trojan-gen [xxx] has been automatically generated by that special method (so-called generic detection) of avast! from time to time.

This is some interesting threat about this topic

http://forum.avast.com/index.php?board=2;action=display;threadid=4979

Hope this helps :slight_smile:

Since 2 days, I am trying hard on the internet to find out what could be the name (or reference) of the win32:trojan.gen {delphi} detected by Avast (0513.1) in the file C:\Windows\spoolsv.exe ! My problem is that the symptoms I have differ from all what I learnt till now about the possible infections that might reside in a spoolsv.exe ???

http://forum.avast.com/index.php?topic=12420.0

By the way, is there a trusted on-line site to analyze a malware in a file?

Thanks, Kerim

By the way, is there a trusted on-line site to analyze a malware in a file?

http://virusscan.jotti.org/

–lee

Thank you… lee16 :slight_smile:

I can’t try it right now because the infected PC is not the one I am working on.

Hello all,

Really thanks for the info about heuristics. I didnt know that avast! didnt heuristics, and to be honest, its not a problem for me… :slight_smile: I think that a guy, called Pavel, said that it doesnt work, and I totally agree with him… Heuristics usually help a lot less than it should… And usually make the software more heavy resource user… Maybe the fact that Avast doesnt have heuristics is one of the responsibles to make it light in system resources…

Just one more thing, if one day, I found a malware called win32: trojan.gen, should I send it to Avast, so they can analize it and give an specific name, or the trojan.gen is a malware already know by Avast and it is your final name?

Thanks for your time,

Elminster

He’ll be honored with the word guy ;D
In fact, the Webmaster here… :wink:

If you have any doubt, send the file.
Just don’t expect an answer for each sample sent… Alwil does not answer to them all… just a few of them can receive this treatment.
Thanks to Karel (the virus analyst) 8)

Hey Technical,

Thanks for your answer.
I didnt realized that Pavel worked here. I hope he dont mind about the “guy” word. Hehehe… It was used in a good meaning… :wink:

Thanks for your time,

Elminster