Author Topic: Win32:Trojano - Explanation Please  (Read 3843 times)

0 Members and 1 Guest are viewing this topic.

Jasman

  • Guest
Win32:Trojano - Explanation Please
« on: December 09, 2004, 03:07:39 PM »
I see many Avast users are getting Win32:Trojano alerts. I've gotten a Win32:Trojano-119 [Trj] warning on an executable in a version of the BartPE I was downloading. Ewido later identified the file I'd moved and renamed with Avast (after I disabled Avast) as TrojanDownloader.Small.gl.

Only Avast continues to find the file within the iso archive. I guess I'll either abandon this BartPE or try to strip out the offending trojan.

Just thought I'd add a little information about this particular Trojano alert in Avast. Maybe others should try using Ewido to scan mystery files saved and renamed in the Avast directory. I still know nothing about the offending file I found, but I do know it's identifiable by at least 2 programs and has a name.

whocares

  • Guest
Re:Win32:Trojano - Explanation Please
« Reply #1 on: December 09, 2004, 03:21:21 PM »
Hi,

what exactly was the filename orf the executable where avast detected this ?

and WHERE did you download BartPE from ...(Web-Address/URL??) ?

Some Info:
Trojano-119

you might want to scan the file with JOTTI for other opinions: see "VirusRemoval" below for link (avast standardShield needs to be paused for this) ;)

Jasman

  • Guest
Re:Win32:Trojano - Explanation Please
« Reply #2 on: December 12, 2004, 03:16:03 PM »
The problem file was actually in a copy of Advanced Rar Password Recovery, within the ISO. No matter. I edited it out of the ISO. That wasn't a program I would need anyway. The copy was posted on ed2k. Somebody else's compile of a BartPE boot disk.

After I actually confirmed that it known problem with Ewido and a-squared (which identified it even more specifically), I thought I'd post to say that Avast has a problem with naming things it identifies. Others complain it finds things that aren't actually viruses or malware, but it's probably far more common for the program to find actual problems but give a meaningless identifier that just confuses people (and that has no reference on the web).

whocares

  • Guest
Re:Win32:Trojano - Explanation Please
« Reply #3 on: December 12, 2004, 03:49:33 PM »
Others complain it finds things that aren't actually viruses or malware,

but it's probably far more common for the program to find actual problems but give a meaningless identifier that just confuses people (and that has no reference on the web).

@1)
"Malware" is a wide field which doesn't comprise only "viruses", trojans or worms, but also Adware, dialers, "spyware", PMS/PMA/unwanted tools etc ect pp
 if it's not malware what avast finds, then it's a false positive

@2) Well of course it has a reference on the web (see above)
except if it's brand-new or not itw/wide-spread

true, avast's own virus-list on its HP is not the most detailed, and Detections like "Trojan-gen" or "Trojano-xxx" aren't exactly helpful for the layman, but would e.g. "Win32.Small.gl" with no further descriptive link help you better (see vgrep) ?

it's just not possible to have detailed info for every possible minor malware for avast (or they'd have to stop writing malware-detection-signatures and just write malware-descriptions in the future)
 ;) ;)
« Last Edit: December 12, 2004, 03:53:09 PM by whocares »