win32:trojan-gen

in my avast log viewer under warning section it says sign of win32:trojan-gen found THREE TIMES ONE in temp docs other two say

windows\system32~.exe"file ive scaned my computer everything seems to be wokin fine so i canttell if i have a virus or not need ADVICE PLEASE

you placed these in the Chest- right??
if not update avast and schedule a boot time scan- move hits to chest and post the boot time log here

In either case

create a file C:\suspicious
copy these three there
go on line to “virus total”
use the “search” to navigate to your new folder and upload the three files one at a time
report back

they wouldnt move to my chest from the start n ive been trying to move them to my chest but i cant cant seem to move them from my loger to my chest

anyone know how to schuled a boot time scan n move items from ur logger to ur chest

Are you using Windows XP/Vista?
Scheduling the Boot Time Scan

Click on the Menu button.
Choose Schedule Boot Time Scan.
Doing so displays a dialog allowing you to schedule virus scanning.
Check Archives, if you want scan all the archives.
Specify whether all the disks or just a specific folder should be scanned.
Select Advanced options for scheduling details.
Select how to automatically process infected files (suggestion: send to Chest)
Choose how to automatically process infected system files (suggestion: ignore/do nothing)
Click the Schedule button to confirm the settings.

xp hey tech i did every thing u said scaned all local disks it said no infect found so when scanwas done i tried single file scan i put word for word except SIGN OF win32:trojan-gen found i put c:windows then .file whatever the whole thing said but when i entered it it said error find the correct pathso i couldnt do single scan thanks for the help though

let’s get a second opinion
scan with malware bytes online Rogue Remover
then with
malware bytes anti malware

post back if they find anything

It’s a strange file, does not seem to be a false positive…

I suggest:

  1. Disable System Restore and then reenable it again.
  2. Clean your temporary files.
  3. Schedule a boot time scanning with avast with archive scanning turned on. If avast does not detect it, you can try DrWeb CureIT! instead.
  4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
  5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
  6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
  7. Immunize your system with SpywareBlaster or Windows Advanced Care.
  8. Check if you have insecure applications with Secunia Software Inspector.

i tryed dr cureit malwarebytes online rogue remover n anti-malbytes stil nothing but said everything was fine i deleted all temp files cookies schuled scan rebooted the only thing is there are files in my virus chest its just that they dont match up with the names or dates of any of the files in my loger n the ones in my VIRUS CHEST say they have no virus n computer still working lso everytime i run any malwarebytes or drcureit i turn off my avast im i suppose to turn avast off

Maybe you’re seeing files that were there at System folder, clean ones, there for backup purposes automatically by avast.

I can only suggest full computer on-line scanning:
Kaspersky (very good detection rates)
ESET NOD32
Trendmicro housecall
F-Secure
BitDefender (free removal of the malware)

when i do any of these scanning of viruses should i have my avasst off because ive been turning my off every time i do a scan

Some people say yes, you will avoid two antivirus at the same time fighting for detection.
Other ones will say you should never turn off the resident protection.

I’m among the second group of people :wink:

I’m among the first ;D
You can still have the web shield enabled, whilst pausing the standard shield and you should also have your firewall keeping your connection stealthed.

It isn’t only just about clashed but duplicate scanning which will slow the overall scan duration.

Hi there. I think this filename maybe related to a backdoor trojan.

http://forum.avast.com/index.php?topic=36633.0

the latest on my find after tryin kapersky, eset nod32, computer ok scan said then trendmirco housecall that one wanted me to take out avast so i stoped finally f- secure came up with results 1 malware found said it was a tracking cookie n in the process of scan of steps cleaning system was the finsh button it said system was cleared but when i went to my avst logger the entries were still there so i think the quest continues

jtaylor 83 i need to download the program to a disk first cause icant acess the internet from safe mode i tried but i havent had any problems wit the computerlike nosie n stuff just doing this is so time consuming man i fell asleep during a scan woke up to it being done

I think we meant for you to complete ONE of the AV scans
and all we found was a tracking cookie
good job
get some sleep
on Tech’s list
either Super Antispyware or #5 check for rootkits

ON the avast off question I’m with DavidR

I did not know that TrendMicro wanted Avast Removed- thanks

which program are your trying to download?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:40:08 AM, on 8/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMConfig.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMProcess.exe
C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://roadrunner.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM..\Run: [Lexmark X1100 Series] “C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe”
O4 - HKLM..\Run: [SunJavaUpdateSched] “C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe”
O4 - HKCU..\Run: [MSMSGS] “C:\Program Files\Messenger\msmsgs.exe” /background
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra ‘Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra ‘Tools’ menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra ‘Tools’ menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra ‘Tools’ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?e=1218835128594&h=70874d75b11a3fdba7d4c1320a8cdd45/&filename=jinstall-6u7-windows-i586-jc.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} (TSEasyInstallX Control) - http://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files\Micro Innovations\Wireless Keyboard & Mouse Driver\KMWDSrv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


End of file - 7057 bytes

Tracking cookies aren’t a security issue but a minor privacy one, periodically clean out your cookies is more than enough.

What entries are you talking about ?
The avast logger (if you mean the avast log viewer) is a list of historical data of the activity, scans, detections, etc. than have been made and any data in there is just that, text data it isn’t the file or a new detection.

If they are reporting your system is clean and an avast scan doesn’t detect anything then your system is clean.

Or are you saying avast is still detecting something ?
If so what is the file name, location and malware name of the detection (e.g. the same as the original post, etc.) ?

DAVIDR heres my info

8/12/2008 7:39:10 PM 1218595150 Jesse 1584 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\TKOT536F\load[1].exe” file.
8/12/2008 7:42:33 PM 1218595353 Jesse 1584 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\system32~.exe” file.
8/12/2008 7:42:52 PM 1218595372 Jesse 1584 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\WINDOWS\system32~.exe” file.

these entries are in my avast log viewer in the warning section when i was on the web avast pop up said malware found n this is where avast stuck them i just figured since it said sign of trojan-gen i might of had a virus so i beem doing all this scanning but every time it says the computer is fine except one time it said it found malware or cookie found n i installed that spyware program n it just said treats were cookies quarantine them so i did computer has been working fine n no problems that day on the web with that trojan-gen thing so i guess ive been sweating over nothing thats everything