Trojan horse Generic5.GUH

Trojan horse Generic5.GUH
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Anti-Virus Software    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Trojan horse Generic5.GUH sobriquet 08-10-2007
Posted by sobriquet on August 10, 2007, 7:23 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

Hi.
AVG recently started complaining about a file that supposedly was
infected with "Trojan horse Generic5.GUH". I fear I have already run
the executable on a Vista Premium laptop and XP pro (SP2) pc before
AVG was able to detect it.
Does anyone know of any detailed online info about this security
threat and maybe specific instructions how to remove it?

Thx in advance & kind regards, Niek


Posted by David H. Lipman on August 10, 2007, 7:48 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

|
| Hi.
| AVG recently started complaining about a file that supposedly was
| infected with "Trojan horse Generic5.GUH". I fear I have already run
| the executable on a Vista Premium laptop and XP pro (SP2) pc before
| AVG was able to detect it.
| Does anyone know of any detailed online info about this security
| threat and maybe specific instructions how to remove it?
|
| Thx in advance & kind regards, Niek

Unfortunately Grisoft's virus encyclopedia leaves much to be desired. Therefore
I doubt you
find specifics on this "generic" Trojan.

However, you can submit a sample to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition,
unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.

Once we see what other anti virus vendors declare this file to be, we may be
able to check
their respecitive libraries and see what this Trojan is all about.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by sobriquet on August 10, 2007, 9:43 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
wrote:
>
> |
> | Hi.
> | AVG recently started complaining about a file that supposedly was
> | infected with "Trojan horse Generic5.GUH". I fear I have already run
> | the executable on a Vista Premium laptop and XP pro (SP2) pc before
> | AVG was able to detect it.
> | Does anyone know of any detailed online info about this security
> | threat and maybe specific instructions how to remove it?
> |
> | Thx in advance & kind regards, Niek
>
> Unfortunately Grisoft's virus encyclopedia leaves much to be desired.
Therefore I doubt you
> find specifics on this "generic" Trojan.
>
> However, you can submit a sample to Virus Total
--http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against many different AV vendor's scanners.
> That will give you an idea what it is and who recognizes it. In addition,
unless told
> otherwise, Virus Total will provide the sample to all participating vendors.
>
> You can also submit a suspect, one at a time, via the following email URL...
> mailto:scan@virustotal.com?subject=SCAN
>
> When you get the report, please post back the exact results.
>
> Once we see what other anti virus vendors declare this file to be, we may be
able to check
> their respecitive libraries and see what this Trojan is all about.
>
> --
>
Davehttp://www.claymania.com/removal-trojan-adware.htmlhttp://www.ik-cs.com/got-a-virus.htm

Thx for the help.
Somehow I can only submit the file compressed in rar format (Vista
won't let me send the exe file itself). I've also mailed it as a
rarred attachment to scan@virustotal.com (with "SCAN" as the subject).
The file is a patch for a program that was downloaded from eMule
(program + patch). Needless to say, I know p2p is risky, not to
mention illegal (at least in the Netherlands where I live, as far as
copyrighted software is concerned). But I also know that sometimes
patches occasionally get falsely identified as trojans or malware.

Here are some preliminary results from virustotal.com:

File Trojan_horse_Generic5.GUH.rar received on 08.11.2007 03:26:06
(CET)


Result: 4/32 (12.5%)

Antivirus Version Last Update Result
AhnLab-V3 2007.8.9.2 2007.08.10 -
AntiVir 7.4.0.60 2007.08.10 -
Authentium 4.93.8 2007.08.10 -
Avast 4.7.1029.0 2007.08.10 -
AVG 7.5.0.476 2007.08.10 Generic5.GUH
BitDefender 7.2 2007.08.11 -
CAT-QuickHeal 9.00 2007.08.10 -
ClamAV 0.91 2007.08.11 -
DrWeb 4.33 2007.08.11 -
eSafe 7.0.15.0 2007.08.10 -
eTrust-Vet 31.1.5050 2007.08.11 -
Ewido 4.0 2007.08.10 -
FileAdvisor 1 2007.08.11 -
Fortinet 2.91.0.0 2007.08.11 -
F-Prot 4.3.2.48 2007.08.10 -
F-Secure 6.70.13030.0 2007.08.11 -
Ikarus T3.1.1.12 2007.08.10 Trojan.HackTool.Patch.A
Kaspersky 4.0.2.24 2007.08.11 -
McAfee 5095 2007.08.10 -
Microsoft 1.2704 2007.08.11 HackTool:Win32/Patch.A
NOD32v2 2450 2007.08.10 -
Norman 5.80.02 2007.08.10 -
Panda 9.0.0.4 2007.08.10 -
Prevx1 V2 2007.08.11 -
Rising 19.35.42.00 2007.08.10 -
Sophos 4.19.0 2007.08.01 Troj/Patch-F
Sunbelt 2.2.907.0 2007.08.11 -
Symantec 10 2007.08.11 -
TheHacker 6.1.7.166 2007.08.10 -
VBA32 3.12.2.2 2007.08.10 -
VirusBuster 4.3.26:9 2007.08.10 -
Webwasher-Gateway 6.0.1 2007.08.10 -
Additional information
File size: 7979 bytes
MD5: 2b8744a5413f15117ba1434cb4938b01
SHA1: 06a5910083563fb5350dd5d2281ca4e22d7022c7


Posted by joe black on August 10, 2007, 10:44 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

> Result: 4/32 (12.5%)
>
> Antivirus Version Last Update Result
> AhnLab-V3 2007.8.9.2 2007.08.10 -
> AntiVir 7.4.0.60 2007.08.10 -
> Authentium 4.93.8 2007.08.10 -
> Avast 4.7.1029.0 2007.08.10 -
> AVG 7.5.0.476 2007.08.10 Generic5.GUH
> BitDefender 7.2 2007.08.11 -
> CAT-QuickHeal 9.00 2007.08.10 -
> ClamAV 0.91 2007.08.11 -
> DrWeb 4.33 2007.08.11 -
> eSafe 7.0.15.0 2007.08.10 -
> eTrust-Vet 31.1.5050 2007.08.11 -
> Ewido 4.0 2007.08.10 -
> FileAdvisor 1 2007.08.11 -
> Fortinet 2.91.0.0 2007.08.11 -
> F-Prot 4.3.2.48 2007.08.10 -
> F-Secure 6.70.13030.0 2007.08.11 -
> Ikarus T3.1.1.12 2007.08.10 Trojan.HackTool.Patch.A
> Kaspersky 4.0.2.24 2007.08.11 -
> McAfee 5095 2007.08.10 -
> Microsoft 1.2704 2007.08.11 HackTool:Win32/Patch.A
> NOD32v2 2450 2007.08.10 -
> Norman 5.80.02 2007.08.10 -
> Panda 9.0.0.4 2007.08.10 -
> Prevx1 V2 2007.08.11 -
> Rising 19.35.42.00 2007.08.10 -
> Sophos 4.19.0 2007.08.01 Troj/Patch-F
> Sunbelt 2.2.907.0 2007.08.11 -
> Symantec 10 2007.08.11 -
> TheHacker 6.1.7.166 2007.08.10 -
> VBA32 3.12.2.2 2007.08.10 -
> VirusBuster 4.3.26:9 2007.08.10 -
> Webwasher-Gateway 6.0.1 2007.08.10 -
> Additional information
> File size: 7979 bytes
> MD5: 2b8744a5413f15117ba1434cb4938b01
> SHA1: 06a5910083563fb5350dd5d2281ca4e22d7022c7
>

The fact that some of the more reputable products did not alert would
suggest it may be a false positive, very typical of AVG.



Posted by Dustin Cook on August 11, 2007, 12:29 am
If you were  Registered and logged in, you could reply and use other advanced thread options
@registered.motzarella.org:

>
>> Result: 4/32 (12.5%)
>>
>> Antivirus Version Last Update Result
>> AhnLab-V3 2007.8.9.2 2007.08.10 -
>> AntiVir 7.4.0.60 2007.08.10 -
>> Authentium 4.93.8 2007.08.10 -
>> Avast 4.7.1029.0 2007.08.10 -
>> AVG 7.5.0.476 2007.08.10 Generic5.GUH
>> BitDefender 7.2 2007.08.11 -
>> CAT-QuickHeal 9.00 2007.08.10 -
>> ClamAV 0.91 2007.08.11 -
>> DrWeb 4.33 2007.08.11 -
>> eSafe 7.0.15.0 2007.08.10 -
>> eTrust-Vet 31.1.5050 2007.08.11 -
>> Ewido 4.0 2007.08.10 -
>> FileAdvisor 1 2007.08.11 -
>> Fortinet 2.91.0.0 2007.08.11 -
>> F-Prot 4.3.2.48 2007.08.10 -
>> F-Secure 6.70.13030.0 2007.08.11 -
>> Ikarus T3.1.1.12 2007.08.10 Trojan.HackTool.Patch.A
>> Kaspersky 4.0.2.24 2007.08.11 -
>> McAfee 5095 2007.08.10 -
>> Microsoft 1.2704 2007.08.11 HackTool:Win32/Patch.A
>> NOD32v2 2450 2007.08.10 -
>> Norman 5.80.02 2007.08.10 -
>> Panda 9.0.0.4 2007.08.10 -
>> Prevx1 V2 2007.08.11 -
>> Rising 19.35.42.00 2007.08.10 -
>> Sophos 4.19.0 2007.08.01 Troj/Patch-F
>> Sunbelt 2.2.907.0 2007.08.11 -
>> Symantec 10 2007.08.11 -
>> TheHacker 6.1.7.166 2007.08.10 -
>> VBA32 3.12.2.2 2007.08.10 -
>> VirusBuster 4.3.26:9 2007.08.10 -
>> Webwasher-Gateway 6.0.1 2007.08.10 -
>> Additional information
>> File size: 7979 bytes
>> MD5: 2b8744a5413f15117ba1434cb4938b01
>> SHA1: 06a5910083563fb5350dd5d2281ca4e22d7022c7
>>
>
> The fact that some of the more reputable products did not alert would
> suggest it may be a false positive, very typical of AVG.
>
>
>

Sophos is a very reputable product, and it too alarmed on it. If you have
the time, I'd also like a copy of the rar file. I'd be happy to analyze
it.


--
Dustin Cook
Author of BugHunter - MalWare Removal Tool - v2.2c
email: bughunter.dustin@gmail.com.removethis
web..: http://bughunter.it-mate.co.uk
Pad..: http://bughunter.it-mate.co.uk/pad.xml


Similar ThreadsPosted
Generic5.BZD trojan horse... July 22, 2007, 1:01 pm
trojan horse August 18, 2006, 7:49 am
Trojan horse Proxy.DGD June 20, 2006, 1:21 am
Backdoor Trojan Horse December 6, 2006, 5:53 am
trojan horse - sysmon.exe October 29, 2007, 3:12 pm
Trojan horse Dropper.Small.15.0. June 5, 2005, 8:45 am
Trojan horse Downloader.Generic.ML June 15, 2005, 4:32 pm
Trojan horse Dropper.Small.24.A0 October 21, 2005, 8:26 am
south korean trojan horse October 30, 2005, 11:03 am
Trojan Horse Downloader.Generic2.CCY Help Please! June 21, 2006, 12:13 pm

The site map in XML format XML site map

Contact Us | Privacy Policy