Tom's Guide | Tom's Hardware | Tom's Games
![]() |
![]() |
![]() |
I get this alert from NOD32:
"
Time Module Object Name Threat Action User Information
04/07/08 06:23:36 Kernel file C:\Program Files\Replay AV 8\ReplayAV.exe probably a variant of Win32/Genetik trojan
"
1. I have REPLAY program fo more then a year and now it became a threat? is it a real threat?
2. What the damage it can cause?thank you

I would use jotti to get a comprehensive scan from multple AV engines.
This might help you to rule out a false positive or assess the threat level it poses.
Click here to go to Jotti Online Malware Scanner
It is designed to scan single files.
Upload the ReplayAV.exe

A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found Suspect code-parts (probable variant)
Kaspersky Anti-Virus
Found nothing
NOD32
Found probably a variant of Win32/Genetik (probable variant)
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothingand the conclusion:
POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)

It looks to be a false positive.
Seeing the majority of scanners didn't recognise anything wrong with it, and the only other scan (Ikarus
Found Suspect code-parts (probable variant) indicates it detected suspicious code.This more than likely has been detected through heuristic scanning which can produce false positives when the sensitivity is set too high.
As far as I know NOD32 uses quite intensive heuristic scanning techniques.

A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found nothing
Ikarus
Found Suspect code-parts (probable variant)
Kaspersky Anti-Virus
Found nothing
NOD32
Found probably a variant of Win32/Genetik (probable variant)
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothingand the conclusion:
POSSIBLY INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database) (Note: this file was only flagged as malware by heuristic detection(s). This might be a false positive. Therefore, results of this scan will not be stored in the database)

than you for your help.
I will treat it as false positive.
What is the typical behaviorof/damage of Win32/Genetik trojan?

After a quick look online other posters with Win32/Genetik trojan detections had Vundo / virtumonde infections coupled with it. Most modern malware piggyback other viruses and / or trojans in with them.
The Vundo malware is highly aggressive and if infected with it you definitely know. There are continuous pop-ups. Configuration settings have been changed or disabled. eg Task manager has been disabled, No access to the Run box in start menu, Control Panel removed, wallpaper and screen saver changed... are just a few of the symptoms.
If you are looking for a second opinion on the health of your operating system you can run an online scan for peace of mind.
A couple are listed at the link below. Step #3.

![]() |
![]() |
![]() |

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.
| Ads by Google |