What does "sign of" a trojan mean?

Discussion in 'malware problems & news' started by souzapet, Mar 5, 2008.

Thread Status:
Not open for further replies.
  1. souzapet

    souzapet Registered Member

    Joined:
    Nov 24, 2003
    Posts:
    13
    Location:
    uk
    Hi,
    I have an XP (SP2) machine. I have recently installed Comodo V3 (before that I used Sygate) and have Avast, spywareblaster and spywareguard installed.

    After a thorough scan by Avast it warned me that there was "a sign of" win32:gaobot-2435[trj] in my C:\system volume information/system restore{......

    I thought I had selected to move it to the virus chest, but a scan the next day showed that it had only moved into an Avast data file, so this time I made sure I moved it to the virus chest.

    I regularly scan my machine with Spybots and Adaware and recent scans did not show up anything nasty and I *thought* I was a safe surfer as I'm always very careful with all downloads - always scanning first, never opening unexpected emails, etc. so I can't think how this trojan got onto my machine. Why would it be in system restore?

    I don't know what a "sign of" this trojan means - does it mean my machine *has* been compromised? and if so, do I need to do other checks to make sure it's all clean now?

    Subsequent scans with Avast have all been clean and I've googled to see if it might have been a false positive but have not found any other instances.

    If anyone can give me any advice on this or any kind of explanation I'd be very grateful.

    Thanks,
    Souzapet
     
  2. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Sounds like at one time you were infected or at the least had something on your system that resembled the mentioned trojan. May very well have been a FP. Since it`s location was in system restore probably the easiest way to rid yourself of it would be to disable system restore. Then re-enable it. This should effectively rid yourself of it. I dis-able sys. restore by default as there is always a chance of it storing unknown\currently undetected infections and then being used to restore a system with an infected restore point.

    Besides, even if it harmless(?) as long as it resides in a restore point who wants it on their system any ways?
     
  3. ccsito

    ccsito Registered Member

    Joined:
    Jul 27, 2006
    Posts:
    1,579
    Location:
    Nation's Capital
    "sign of" means that the scanner came across something that looks like malware. Whether this is true or a false positive would require more examination. System restore is the file directory that stores snapshots of your system over time and allows you to go back to a certain day in case you need to recover something you lost or if you want to go back to a certain point. The object in question was saved to system restore on a particular day (most likely on the day it was downloaded or added to the system). Some virus scanners do report false positives, so you may not have an actual infection. Once, my Antivir program indicated that a file associated with a graphics program that I had on my system for several years was infected with something. I don't think the message was correct, but I went ahead and quarantined the file anyway since I stopped using the graphics program.
     
  4. souzapet

    souzapet Registered Member

    Joined:
    Nov 24, 2003
    Posts:
    13
    Location:
    uk
    Thank you Thunderz and ccsito. At the end of January I was downloading something from a friend (who had obviously been infected without knowing it) and my anti-virus gave me a warning about a worm, so I stopped the download immediately. Maybe there was a trace left or something, I don't know; later scans (admittedly not "thorough" ones) showed up clear, but maybe a trace was left in a system restore point?.
    It's been a while since I purged the system restore points, so thank you for that suggestion: it's all cleared out now and I'll scan my machine again just to be sure it's clear.
    Your help and explanations are much appreciated: thanks again.
    souzapet
     
  5. ThunderZ

    ThunderZ Registered Member

    Joined:
    May 1, 2006
    Posts:
    2,459
    Location:
    North central Ohio, U.S.A.
    Glad we could help. When you do your next scans do the "complete", "deep" scans. Or however your scan programs describe them. Will of course take a little longer but worth the peace of mind. :D
     
Loading...
Thread Status:
Not open for further replies.