Home Malware Programs Trojans Trojan.Win32.Generic!BT

Trojan.Win32.Generic!BT

Posted: February 5, 2010

Trojan.Win32.Generic!BT is a common generic detection used by certain anti-malware scanners as well as a fake infection alert used by rogue security programs. Since rogue anti-malware programs that make heavy use of this detection may also use Trojan.Win32.Generic!BT for frequent false positives, you may not need to worry if you see Trojan.Win32.Generic!BT show up in a scanning result. However, if you see Trojan.Win32.Generic!BT warnings as part of a system pop-up or experience other problems such as browser hijacks or crashing applications, you may have a rogue security program on your PC. Removing Trojan.Win32.Generic!BT-related threats require the use of real anti-malware programs under controlled circumstances.

The Three Faces of Trojan.Win32.Generic!BT

As a generic detection name for a variety of Trojan threats, Trojan.Win32.Generic!BT is used to label different types of trojans according to the whims of each manufacturer of anti-malware software. There are three circumstances in which you may see Trojan.Win32.Generic!BT warnings appear, and they all require slightly different solutions.

  • Trojan.Win32.Generic!BT may be a real Trojan threat. This is usually the case if the threat is detected by multiple types of scanners, although the name used may not always be Trojan.Win32.Generic!BT. Other ways to determine a real threat from a natural file include examining the file size and location, along with whether or not it's running as a memory process. If Trojan.Win32.Generic!BT is a real Trojan, then your computer is at risk for other malware attacks and generally reduced security.
  • Trojan.Win32.Generic!BT can also be a false positive from a well-meaning anti-malware scanner that incorrectly identifies a file. In this case, you can ignore the Trojan.Win32.Generic!BT detection and set the scanner to ignore the file, so it will not clutter up any other scan results. If a threat detection of Trojan.Win32.Generic!BT only appears on a file that you think is harmless, use a backup scanner to see how it reacts to the same possibly threatening file – this will allow you to confirm or discard your suspicions.
  • Most notably, Trojan.Win32.Generic!BT is a popular fake detection used by rogue security programs that are only pretending to be anti-malware software. You can tell a rogue security program from a real one by looking for simple signs:

    – Does the scanner make frequent requests that you purchase a registration key?
    – Do you have other security programs crash with a warning from this scanner?
    – Do you see unsafe website warnings in your browser that link back to this scanner's website?
    – Is your web browser unable to access most websites or redirected towards this scanner's website on a regular basis?
    – Does this scanner start during Windows startup without an option to disable this behavior?
    – Does the scanner try to avoid being uninstalled?
    – Does your scanner have a poor reputation on the Internet from independent sources?

If you say yes to many of these questions, then the scanner is most likely a threat and not a real anti-malware product. Trojan.Win32.Generic!BT warnings from rogue security programs can be ignored, since rogue security programs can't detect real Trojans or other kinds of malware.

A Triple Response to the Triple Threat

Since the circumstances around Trojan.Win32.Generic!BT can differ so drastically each major scenario requires different actions to be taken to fix your PC.

  • If Trojan.Win32.Generic!BT is a genuine Trojan, you should switch to Safe Mode and use your choice in high-quality anti-malware programs. Safe Mode is an important step that prevents Trojan.Win32.Generic!BT from remaining active in the background. Assume that Trojan.Win32.Generic!BT is still around until you've deleted Trojan.Win32.Generic!BT, rebooted, and then launched another scan that comes up empty.
  • If Trojan.Win32.Generic!BT is a false positive, just set the software in question to avoid scanning that particular file. Alternately, you can ignore the detection or switch to a different scanner. Most reputable anti-malware products have relatively few Trojan.Win32.Generic!BT false positives.
  • If Trojan.Win32.Generic!BT is part of a rogue security program's attack plan you should try to remove the threat itself. This can be done through the same means by which you would use to remove a real Trojan.Win32.Generic!BT infection. You should also be careful to avoid websites related to these rogue security programs until you've finished cleaning your PC since they may attack you with trojans through browser exploits.

3 Comments

  • Anonymous says:

    Trojan.Win32.Generic!BT
    I have detected this Trojan to be on my mother's computer; after removing the original "{whatever-it-was}.ZIP" file, PC Pitstop's PC Matic still reports that it is lurking somewhere. Booting to Safe Mode, and limiting the system to essential M$ files and other items that I KNOW are supposed to be in the list of "Services"/"Startup" (using M$config) seems to help, though I do not find the folder in 'Explorer' or the system registry. Having done what I can, where do I go for a (free) comprehensive analysis of the items (checked or not) listed in the two tabs of MSconfig? I know that at least one of the UNchecked (and most likely more than one) items runs the Trojan. I need to be able to "restore" the PC to full functionality, though will not re-enable the effects of this bug to continue, by trial-and-error. My mother is a basic home user, that can't see why she needs any more than M$XP's firewall...maybe she'll reconsider now--who knows. I had put AVG Free on her PC, as prior to this, she was a sitting duck; she may feel though that (at least AVG, if not any) anti-virus is useless. I had been working on this problematic escapade for several hours, running every AV/AM/AC program that any user has access to, before PC Pitstop finally gave me the NAME of what I am dealing with. In short: the manual removal instructions seem to not apply, and I cannot find a cleaning program (quick fix) to run, and be done with it. PLEASE HELP !

  • Anonymous says:

    I downloaded and used Ad-Aware Free to locate and remove the problem files. I just did this yesterday, so hopefully it is completely gone.

  • Guadalupe Conely says:

    I found the registry entries and deleted them, but how do I detect and delete the security files?

Loading...