Do I have an active worm here??? (GBPOLL.EXE related)

Hello,
Can anyone here help me out? (To see the forest for the trees again )

Since a few weeks I occaisonally encounter a message when starting up my PC, about not being able to execute GBPOLL.exe -or something like that(didn't copy the actual message, sorry, but it must ring a bell with you folks-I figure ).
After doing a bit of searching I understand it's got something to do with ROXIO software, and its capacity to restore (GoBack) previous setup.
Simular to sytem restore in XP

I also see virus- and worm warnings in my quest with Google.
On sophos.com I found this:

"W32/Agobot-CN is a worm that spreads via network shares. The worm also includes backdoor functions, allowing a remote intruder access to and control over the computer via IRC.
In order to run automatically when Windows starts up the worm copies itself to the file msconfig32.exe in the Windows system folder and may add registry entries referring to the file to:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\

W32/Agobot-CN copies itself to available network shares. The worm uses a list of login names and common passwords to gain access the network shares.

The worm will terminate processes with the following names:
...
GBPOLL.EXE
..."


WHAT IS THIS?
Do I have a worm active here? And if so, can anyone shed some more light on this or tell me what to do and/or where to go ? I just don't know enough of this stuff (yet).

Thanks in advance!
grtz,
slammer

P.S. I will read about wormguard while waiting on reply

 

Hi slammer!

Try an online virus scan, for example Housecall:

http://housecall.trendmicro.com/


If that comes out clean, crosscheck with another one, for example Panda ActiveScan:

http://www.pandasoftware.com/activescan/com/activescan_principal.htm


Else you could try deinstalling and reinstalling the GOBACK Stuff...

If the problem persists you could post an Hijackthis!-Log in the corresponding Wilders Forum for the Pros to look at

Greetz

Storm

 

Hi!

GBPoll.exe belongs to Roxio's "GoBack" software - a wonderful program now owned by Symantec. I personally couldn't live without it! It's better than System Restore in WinXP. The following is a description of the program:

"Roxio's GoBack software allows you to revert back to a previously working state on you hard drive if you install a new program and your system goes faulty - performing the same functions with extra features as System Restore on WinMe/XP systems. Disable before running Scandisk or Defrag. Not required for WinMe/XP users, recommended for Win9x/NT/2K users."