7 Replies Latest reply on Mar 27, 2011 10:41 PM by yippeekaiyay

    So what is this? W32/Generic.worm!p2p

      Ran a scan and got a detection for this. I looked it up on McAfee and saw it was connected with Kazaa/file sharing. And now I'm majorly confused because I don't have Kazaa or any file sharing program. I don't file share? I scan everyday and usually my system comes out clean. I watch the websites I go on because I've had problems before when it concerns going to websites and picking up nasty things. I've picked up crap before on music lyrics websites. So anyway...I really do try and stay on the few sites I know are safe.

       

      Is this a false flag or something? I've scanned a couple more times after the first pick up and my system appears to be clean again. Thanks for any/all help.

        • 1. Re: So what is this? W32/Generic.worm!p2p
          k3tg

          Sometimes even the common everyday websites we use consistantly have an occasion where a malicious file can disguise itself to the point to where it goes undetected even with your software being up to date. Since you ran a scan and McAfee detected this and reported it to you from the scan, it sounds to me as though you are going to be ok.

           

          Required Reading - Home User Assistance Malware Troubleshooting

           

          I have included this document from McAfee to assist you with any further virus or malware issues should any more suspicious activity show up on your computer. Please be sure to follow the steps in the document and get another opinion from the McAfee Stinger scan which is mentioned in the document.

           

          You may also want to get another opinion from this free program http://www.malwarebytes.org/mbam.php by installing it on your computer and check for the latest updates and then run a scan and let it clean anything it may find and reboot the computer.

           

          Let us know if these scans find anything additional that might need further attention

          • 2. Re: So what is this? W32/Generic.worm!p2p

            Hi,

            Thank you for the reply and for the help. I appreciate it.

             

            I guess if I had to take a guess on where I might've picked something up at...I guess I'd say it might've been Live Journal's website. I have an ad blocker on my browser. It seems like LJ is an expert at loading things underneath (like scripts). I had a No_Script add on for Google Chrome. I removed the Chrome browser a few weeks ago and downloaded Iron.  As far as I know, I don't think this Iron browser has an add-on like that.

             

            Thank you for the link to the article. And I've had Malwarebytes for a good number of years. It's an excellent program. I use it after I use McAfee. I saw the detection on McAfee, it was removed and quarantined. I cleared all cookies, restarted the computer, ran McAfee again and it came out clear. I moved over to Malwarebytes and let it scan on "full". It came up clear.

             

            I think I'll be okay. I'm not really having problems with the computer. No slowness or anything. Really does seem to be acting okay. Thank you again.

            • 3. Re: So what is this? W32/Generic.worm!p2p
              k3tg

              You are most welcome and I am glad to be of help to you. When you feel satisfied that the issue has been resolved would you please take a moment to check either Correct Answer or Helpful Answer as others who may experience something similar on their computers may be able to see what steps we took in finding answers to your issue(s)

               

              Good Luck

              • 4. Re: So what is this? W32/Generic.worm!p2p

                I received this detection yesterday when attempting to run hijackthis.exe (version 2.0.4). McAfee detected generic.worm!p2p. I'm not sure if it's the same file detected by McAfee for the original poster. I've submitted a sample to McAfee's WebImmune service because I believe it's a false positive, although their automatic detection also says generic.worm!p2p. I had run a full scan the day before with DAT 6295 and had no problems. I use hijackthis every day and have never had an issue with it. The real-time scanning had intiially prevented me from running the executable, and I later restored it to see if a scan of the folder would also detect it.

                 

                I did some research and found some notes of interest. Apparently in 2005, the author of hijackthis said the program was detected as generic.worm!p2p by McAfee. I've seen the post referenced on a number of sites. Here's one. http://www.techsupportforum.com/forums/f112/hijackthis-virus-42574.html A google search on the search string "hijackthis generic.worm!p2p" without the quotation marks generates more results on this.

                 

                I also downloaded hijackthis.exe (version 2.0.4) from Trend Micro's site (free.antivirus.com/hijackthis) and submitted the executable directly to VirusTotal. It generated the following result. http://www.virustotal.com/file-scan/report.html?id=5dca5dad7a63810dacee7f38c098a 7b2d68617bf8175f05147e44d19dfa57a04-1301196089

                You'll see when you view the scan result that only McAfee picks it up with the 6296 and later DATs.

                 

                I hope we can get some kind of resolution. A family member of mine also had the same detection as of today (using the 6296 DAT from 3/25/11) for the same hijackthis version.

                • 5. Re: So what is this? W32/Generic.worm!p2p
                  Peacekeeper

                  Stirred them via another path this will be fixed asap from what I have been told.

                   

                  He will update this thread when he hears the fix has happened

                  • 6. Re: So what is this? W32/Generic.worm!p2p
                    vinoo

                    Thanks for reporting. This is a confirmed false and will be fixed in today's 6298 DAT release.

                    • 7. Re: So what is this? W32/Generic.worm!p2p

                      I've received the 6298 DAT, re-downloaded HJT and had no issue running it. Thanks for the rapid response!