"Win32:Trojan-gen {Other}" Help & Enquiery

Hello,

I’m a new member to this forum who’s recently had a first-time virus detection experience. Unfortunately, I’m not the most tech savvy individual, and I deleted the items under alert, which I have since learned may not have been the best course of action. Given this and the information I’ll provide below, I have several questions/concerns I hope you’ll be able to address.

INFORMATION

  1. Detected via: Standard Manual Scan

*Also via background scanner when I opened the folder containing the program (AoA AudioExctractor.exe) and its various compliments

  1. Source/Avast log report (slightly modified):

11/07/2008 9:29:55 AM USER Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\AoA Audio Extractor\AoAAudioExtractor.exe” file.

11/07/2008 9:32:05 AM SYSTEM 1916 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Program Files\AoA Audio Extractor\AoAAudioExtractor.exe” file.

11/07/2008 9:48:32 AM USER Sign of “Win32:Trojan-gen {Other}” has been found in “C:\System Volume Information_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP242\A0033550.exe” file.

Note: I don’t really remember what the initial notification said, but the word ‘Worm’ was mentioned when the various alerts came up.

  1. I downloaded the program early 2008 – maybe Feb/Mar

  2. I haven’t noticed any unusual performance problems, activities or changes since installing the program in question

QUESTIONS

  1. Since I’ve had the infected program for about five months now, and have been running manual system scans (often in thorough mode), I can only presume the positive hit is a result of some new definition that I obtained in my latest update (which was today). Given that Avast has been missing the problem for so long, how do I know if Avast has gotten everything that needs getting?

  2. I tried to do a bit of research on the problem, and, while I’m not terribly experienced, one of the things I came across was mention that it might be a back door function of some kind. I’m fairly certain the limited financial information on my computer hasn’t been harvested, and I haven’t noticed any functional problems or oddities with my computer, but is there any way to tell if some third party has been rummaging around and/or making changes to my system?

  3. Looking back, I’m a little bit concerned about deleting the ‘C:\System Volume…’ item. Do you think it might be a problem, and should I try to take steps to bring it back (perhaps perform a system restore)?

  4. Finally, I actually found the program that was infect quite useful to have, and, although I didn’t use it terribly often, I wouldn’t mind having it back. I’m not sure where I initially downloaded it from (although I don’t tend to be very adventurous with such things), but, thinking back on how I came found it and obtained it, I think it’s possible I may have picked up a tainted version (it is freeware, after all). Do you know some place I can go to enquire about the program, whether it intrinsically contains malicious software or whether it might be ok from more reputable sources? Also, if I do decide to re-download it, is there some way I can do it in a secure fashion, so that I can scan the download/program before allowing it to live freely on my computer?

Thanks for the help.

Could be a false positive. But to be sure, can you try to upload the file to VirusTotal and post the results?

And halcyon, Did you download it from the main site hxxp://www.aoamedia.com or any other site?

Jtaylor83,

Like I said, I told Avast to delete the program(s) when it notified me about them during the scan. So, unfortunately I won’t be able to send the suspect AoA software anywhere. (I’ll know better for next time, not that I’m particularly hoping for a next time.) I’m also not sure where I downloaded it from. I came upon it when I was searching for a freeware program that could extract audio from flash videos. Of the various programs I came across during the search, it seemed like it was highest quality and most trustworthy. (I don’t tend to go too far out on the proverbial limb when it comes to downloads and Internet activity, and even this was something of a foray for me.) Still, I can’t remember what channel I obtained it through. It’s certainly possible it wasn’t from the official website… I suppose all of this isn’t much help. Sorry.

You could have sent the file to the Virus Chest where it can’t do no harm instead of deleting it.