Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan detected: Trojan.Win32.Genome.yucx


  • Please log in to reply
1 reply to this topic

#1 MatPancha

MatPancha

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 03 April 2012 - 01:40 PM

As of last night the computers on my network all seem to be infected with Trojan.Win32.Genome.yucx.

Nothing I'm finding online via Google searches is giving me any information. I have Kaspersky Enterprise Space Security and it is detecting and notifying us of Trojan.Win32.Genome.yucx, but its not disinfecting/quarantining/deleting it.

It appears this trojan is downloading other viruses (for example in this screenshot there's a file c:\windows\system32\qjtgicnv.t).
A few other alerts we've been getting related to this same trojan is:
Event Infected objects detected happened on computer xxxxxxxxx in the domain xxxxxxx on Tuesday, April 03, 2012 2:15:17 PM (GMT-05:00)
file C:\WINDOWS\system32\rhmpa.w: detected Trojan program 'Trojan.Win32.Genome.yucx'.

Event Infected objects detected happened on computer xxxxxxxxx in the domain xxxxxxx on Tuesday, April 03, 2012 2:23:51 PM (GMT-05:00)
file C:\WINDOWS\system32\qjtgicnv.t: detected Trojan program 'Trojan.Win32.Genome.yucx'.

and on and on.

The root cause appears to be the trojan, but we're not finding any steps on removing it. Any help would be greatly appreciated.

Posted Image

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,914 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:50 AM

Posted 03 April 2012 - 01:50 PM

Hello according to this post it may be a false positive.

http://forum.kaspersky.com/lofiversion/index.php/t101399.html



This is possibly a False positive. We should double check it before we take action.

Lets' upload this file for a second opinion on what it actually is..

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
<filepath>suspect.file

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


NOTE:
For submission to a specific anti-virus vendor see Submitting Virus Samples: How to Submit a Virus.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users