Endpoint Protection

 View Only

  • 1.  PLEASE HELP! trojan.gen.2

    Posted Dec 04, 2011 03:43 PM

    Hello. I have vista and today when sep 11 runs the scheduled scan it detected the trojan.gen.2 in my "back-up files".

    1. trojan.Gen.2 - filename: backup.zip- risk type:compressed file - action: log only "the file was left unchanged"

    2. Trojan.Gen.2 - filename: keygen.exe - risk type: file;compressed file - action: quarantined "the file was quarantined succesfully"

    however the quarantine is empty!!!

     

    I run again a full scan and this trojan appeared again in the same file!!

     

    What I can do? If I deleted the files...the trojan will disappear? Thanks!
     



  • 2.  RE: PLEASE HELP! trojan.gen.2

    Posted Dec 04, 2011 05:54 PM

    Hi Stefanos,

    Can you post the exact entry from Risk History?

    Depending on the path, what you are describing may be normal. Here's an artice about one possioble cause:

    Cannot repair, quarantine, or delete a virus found in the _RESTORE or System volume information folder

    Article: TECH99567

    Article URL http://www.symantec.com/docs/TECH99567

     

    Hope this helps!!


     



  • 3.  RE: PLEASE HELP! trojan.gen.2

    Posted Dec 04, 2011 09:06 PM

    RE: What I can do? If I deleted the files...the trojan will disappear?

    Delete the compressed file in question. This will make the trojan disappear. Keygen softwares are used to bypass product registration or authenticity confirmation. So many of similar softwares are viruses or trojans.

    The source either has a way of recreating itself or requires specific access rights for editing. Check the Event Logs and see if there are Symantec decomposer errors.



  • 4.  RE: PLEASE HELP! trojan.gen.2

    Trusted Advisor
    Posted Dec 05, 2011 07:36 AM

    Hello,

    Could you let us know the path of the file??

    Are these files located in a CD/DVD??

    Also, what version of SEP 11.x are you carrying??

    This could happen when these files are on a CD/DVD from where the SEP could not delete the files.



  • 5.  RE: PLEASE HELP! trojan.gen.2

    Posted Dec 06, 2011 07:40 AM

    Thanks for your responses. The file is located in C:\backup. I run SEP in safe mode and it detected the trojan and deleted it. Am I safe now?



  • 6.  RE: PLEASE HELP! trojan.gen.2

    Posted Dec 06, 2011 07:53 AM

    That usually does the trickl. &: )

    If you have any suspicions there may be a lingering infection, do run the SEP Support Toooll with Load Point Analysis checked.  That can highlight any files that are unusual, etc.



  • 7.  RE: PLEASE HELP! trojan.gen.2

    Posted Dec 06, 2011 12:21 PM

    Mick2009 what do you mean with "trickl" ? The english doesn't my native language.



  • 8.  RE: PLEASE HELP! trojan.gen.2

    Posted Dec 06, 2011 05:48 PM

    Hello stefanos,

    "Does the trick" is an English idiom.

    It means "accomplishes what you want to accomplish."

    Regards,

    James