PDA

View Full Version : How dangerous is "sign of" a trojan?



momnewbie
2008-03-05, 00:26
Hi
I'm normally a very safe surfer and take great care when online, so I was amazed when a recent thorough scan of my computer with Avast said there was a Sign of a Trojan [WIN32:GAOBOT-2435]in C:\system volume information\restore ......

I meant to move it to the chest, but when I scanned the next day, it told me the same "sign" was in the Avast data file - this time I made sure I quarantined it in the virus chest.

Further scans have come up clear, but I don't know if my machine has now been compromised in any way. How dangerous is it that it was a "sign"? I don't understand what that means; I guess I'm asking if I need to run lots of other tests to make sure.

I run XP (sp2); Comodo v3, Avast. I also have Spywareblaster and spywareguard installed and recent scans with spybots and adaware have been clean.

Any recommendations you have would give me further peace of mind.

Thank you,
Momnewbie

pskelley
2008-03-06, 15:07
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Hi momnewbie, from the limited information you provided I can't tell you much, see this:
http://www.microsoft.com/security/encyclopedia/details.aspx?name=Win32%2fGaobot
http://www.google.com/search?hl=en&q=WIN32%3AGAOBOT&btnG=Google+Search

That can be one of many trojans, and depending on which one can be a very dangerous security breach. It sounds like your antivirus program removed it and System Restore was infected. The trojan can not return from System Restore unless you use that Restore point that is infected. You need to make sure the trojan is removed from your computer. You can follow these directions:
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx
To clean your System Restore files and then run a complete system scan with your antivirus program to make sure it is gone. I suggest you run a good online scan also for an extra check.

The best thing to do would be to read and follow the directions posted above and pinned to the top of this forum and post:

Provide:
a) The HJT log.
b) The Kaspersky log report.

so we can check to be sure you are safe.

Thanks

momnewbie
2008-03-09, 22:07
Hi,
Thanks for the reply. I read the links you gave me- and they terrified me! The Trojan I've showed a "sign of" could do really bad things!
In the meantime, I've done a number of scans since my post both using my own antivirus (Avast) as well as online, (Kaspersky) and both showed up clear.
I'd already purged my system restore points (oops!), so will keep a careful eye on what's happening on my machine, and if I'm worried by anything, I'll come straight back to this site and take you up on the offer of a safety check.
I really appreciate your help and can only say, keep up the good work!:)
Thanks,
Momnewbie

pskelley
2008-03-09, 22:10
Thanks for taking the time to provide some feedback for me:bigthumb: Here is information that may help you in the future.

Some good information for you:
http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html
http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx

Here is some great information from experts in this field that will help you stay clean and safe online.
http://users.telenet.be/bluepatchy/miekiemoes/prevention.html
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml

http://www.malwarecomplaints.info/

Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.