Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.Win32.GenericIBT


  • Please log in to reply
3 replies to this topic

#1 watz

watz

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 20 May 2010 - 06:27 AM

Good morning, Vipre has detected Trojan.Win32.GenericIBT. This is what Vipre found Windows\system32\spool\prtprocs\w32x86\b000016b8.dll and it is currently quarantined in Vipre. What is the best way to delete this trojan?
Windows XP Media Center version 2002 svc pack 3.
Vipre version 4.0.3248
Thanks for the great help I am about to receive!
watz

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,095 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:51 AM

Posted 20 May 2010 - 07:55 AM

When an anti-virus or security program quarantines a file by renaming and moving it into a virus vault (chest) or a dedicated quarantine folder, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat until you take action to delete it. One reason for doing this is to prevent deletion of a crucial file that may have been flagged as a "false positive" especially if the scanner uses heuristic analysis technology. Heuristics is the ability of a scanning program to detect possible new variants of malware before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as suspicious or infected. If that is the case, then you can restore the file and add it to the exclusion or ignore list. Doing this also allows you to view and investigate the files while keeping them from harming your computer. Quarantine is just an added safety measure. When the quarantined file is known to be malicious, you can delete it at any time usually by launching the program which removed it, going to the Quarantine tab, and chosing the option to delete.

You didn't say what Vipre product you are using. This Quick Start Guide explains the quarantine store and how to manage quarantined items on page 15.

If using Windows XP, quarantined items are store in C:\Documents and Settings\All Users\Application Data\Sunbelt\AntiMalware\Quarantine.
In Vista quarantined items are stored in C:\ProgramData\Sunbelt\AntiMalware\Quarantine.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#3 watz

watz
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:06:51 AM

Posted 20 May 2010 - 10:09 PM

It's a home version Vipre antivirus with a trial version of the Vipre firewall. I opened the quarantine and deleted it That was easy! Knock on wood.
Thanks for the info, much appreciated.
watz

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,095 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:51 AM

Posted 21 May 2010 - 05:48 AM

You're welcome.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users