Hello,
I’m a new member to this forum who’s recently had a first-time virus detection experience. Unfortunately, I’m not the most tech savvy individual, and I deleted the items under alert, which I have since learned may not have been the best course of action. Given this and the information I’ll provide below, I have several questions/concerns I hope you’ll be able to address.
INFORMATION
1. Detected via: Standard Manual Scan
*Also via background scanner when I opened the folder containing the program (AoA AudioExctractor.exe) and its various compliments
2. Source/Avast log report (slightly modified):
11/07/2008 9:29:55 AM USER Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\AoA Audio Extractor\AoAAudioExtractor.exe" file.
11/07/2008 9:32:05 AM SYSTEM 1916 Sign of "Win32:Trojan-gen {Other}" has been found in "C:\Program Files\AoA Audio Extractor\AoAAudioExtractor.exe" file.
11/07/2008 9:48:32 AM USER Sign of "Win32:Trojan-gen {Other}" has been found in "C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP242\A0033550.exe" file.
Note: I don’t really remember what the initial notification said, but the word ‘Worm’ was mentioned when the various alerts came up.
3. I downloaded the program early 2008 -- maybe Feb/Mar
4. I haven’t noticed any unusual performance problems, activities or changes since installing the program in question
QUESTIONS
1. Since I’ve had the infected program for about five months now, and have been running manual system scans (often in thorough mode), I can only presume the positive hit is a result of some new definition that I obtained in my latest update (which was today). Given that Avast has been missing the problem for so long, how do I know if Avast has gotten everything that needs getting?
2. I tried to do a bit of research on the problem, and, while I’m not terribly experienced, one of the things I came across was mention that it might be a back door function of some kind. I’m fairly certain the limited financial information on my computer hasn’t been harvested, and I haven’t noticed any functional problems or oddities with my computer, but is there any way to tell if some third party has been rummaging around and/or making changes to my system?
3. Looking back, I’m a little bit concerned about deleting the 'C:\System Volume...' item. Do you think it might be a problem, and should I try to take steps to bring it back (perhaps perform a system restore)?
4. Finally, I actually found the program that was infect quite useful to have, and, although I didn’t use it terribly often, I wouldn’t mind having it back. I’m not sure where I initially downloaded it from (although I don’t tend to be very adventurous with such things), but, thinking back on how I came found it and obtained it, I think it’s possible I may have picked up a tainted version (it is freeware, after all). Do you know some place I can go to enquire about the program, whether it intrinsically contains malicious software or whether it might be ok from more reputable sources? Also, if I do decide to re-download it, is there some way I can do it in a secure fashion, so that I can scan the download/program before allowing it to live freely on my computer?
Thanks for the help.