WIN32:trojano-1756[trj]

[emy80]

Hello! I'm new to this forum and I'd like to ask some questions:

I've installed Avast Home Edition on Monday and started a scan of my laptop after updating the virus definition. The scan found this trojan:

WIN32:trojano-1756[trj]

 in a file in this directory:

C:\totalcmd\tcmdr_crk.exe

That's a directory I've never used since I don't use the program Total Commander. I'm not even sure it does. It's a software installed from my tech I think. 
That's the text string taken from the log file:

30/01/2006   21.23.28   1138652608   Xxxxx   3996   Sign of "Win32:Trojano-1756 [Trj]" has been found in "C:\totalcmd\tcmdr_crk.exe" file. 

(I've just deleted the user name and put Xxxxx in there; just for privacy)
After reading the Avast warning message I put that file in the Virus Chest and deleted it. So far no problem.
But today Avast opened another warning message saying there was the same trojan in the following folder:

C:\System Volume Information\_restore{01CA3531-1673-4B3B-B249-04C8B8EA14DC}\RP76\A0032305.exe

That's the entire text string:

01/02/2006   13.55.54   1138798554   SYSTEM   1520   Sign of "Win32:Trojano-1756 [Trj]" has been found in "C:\System Volume Information\_restore{01CA3531-1673-4B3B-B249-04C8B8EA14DC}\RP76\A0032305.exe" file.

So I put that too in the Virus Chest but I left that there.
After doing this I've changed the folder options unchecking "hide file extentions" and "Hide system files" and run a search to see if there was a file named Trojano. But I didn't find anything.
So I disabled the System Restore option and rebooted my pc to delete the restore points. Then rebooted it in safe mode and, after logging in as administator I've run another virus scan. The scan didn't detected anything.
Since the trojian wasn't in my C:\WINDOWS or C:\WINDOWS|system32 folders does it means it's gone. The scan didn't detected anything but I culdn't find info about this trojan.

I have Windows XP professional edition installed in the laptop. But in the past I had Windows NT. And I run Avast HE in the Italian language. So I'm not sure I made myself clear here. 
I'm not sure when I got this trojan since in the past I've used other antivirus softwares that didn't detect anything. 
I'd like just to know if it's possible for this trojan to spread in other files even if the two file it infected are gone now.
Thanks. And sorry if this is so long.
Emy80

[Spiritsongs]

   Hi Emy80 :

      What you have/had is a "trojan", not a "virus", though at
      times the dividing line can become blurred. As a malware
      fighting "companion" to Avast, I would encourage you to
      install, then run "Ewido", available from www.ewido.net .
      This is one of the Premier trojan detecting & removing
      programs and "reverts" to  a FREE program after the 10-
      14 day "trial" ends. There is a "tutorial" at :
      www.greyknight17.com/spy/Tutorials/ewidoQuickGuide.pdf
     

[DavidR]

The only effective way to remove infected files in the C:\System Volume Information folder (windows protected storage used by system restore) is to disable system restore and reboot, this clears all restore points. Once your system is clean enable system restore and reboot again.

[emy80]

thanks for your support!   
I've disabled system restore. I don't plan to use it. I thougth It was already disabled but I think my father changed the setting.
I've already done two boot scans and another scan yesterday. Everything is ok. I've installed Zone Alarm free firewall and Spybot S&D and I have MS Antyspyware. I was thinking to install Ewido. Will it give me conflict with all those other softwares already installed?
Thanks.
Emy

[essexboy]

thanks for your support!   
I've disabled system restore. I don't plan to use it. I thougth It was already disabled but I think my father changed the setting.
I've already done two boot scans and another scan yesterday. Everything is ok. I've installed Zone Alarm free firewall and Spybot S&D and I have MS Antyspyware. I was thinking to install Ewido. Will it give me conflict with all those other softwares already installed?
Thanks.
Emy

Short and sweet - No

[DavidR]

System Restore may not be perfect, but if you are going to keep it disabled you either need something to cover what it does or have a comprehensive back-up/recovery plan.

Welcome to the forums.

[DavidSma]

Hi,
I was so pleased to find forum and especially the section on viruses and worms.
A friend has been driven mad with WIN32:trojano and it seemed that nothing would get rid of it.    After reading Spiritsongs topic I told him to follow his advice re Ewido.      This he did and for the first time in ages this annoying problem had gone.
Brilliant and Thanks   
David

[DavidR]

It is advisable to have a multi level approach to your system security and programs that specialise in diferent areas, Ewdio is good in the trojan detection, other tools for anti-spyware/adware are advisable.

If you (or your friend) haven't already got this software (freeware), download, install, update and run it.
1. Ad-Aware
2. Spybot Search and Destroy
3. Spywareblaster Don't install this until you are clean.

Welcome to the forums.