Win32.Zorro trojan

Avast Free Antivirus / Premium Security
1

Hi, I got an Avast notification that it found Win32.Zorro trojan (cpcscan.dll).

I can’t seem to find any info on this on the web. I moved it to the Avast virus chest and deleted it.

Operation of my PC seems normal. What is the virus and should I be worried about any future effects it may have?

Thanks.

2

You have done the right thing, ‘first do no harm’, send virus to the chest and investigate. But having deleted it right away from the chest kills that good decision you made, you might as well have deleted it on detection.

Deletion isn’t really a good first option (you have none left), ‘first do no harm’ don’t delete, send virus to the chest. There is no rush to delete anything from the chest, a protected area where it can do no harm.

Anything that you send to the chest you should leave there for a few weeks. If after that time you have suffered no adverse effects from moving these to the chest, scan them again (inside the chest) and if they are still detected as viruses, delete them.

The reason it could be a bad detection, as this file name could also be a legit file, http://www.spywaredata.com/spyware/malware/cpcscan.dll.php of Crucial Technology, Inc. depending on its location ?

So doing this investigation whilst the file is in the chest would allow for restoration if it was found to be a false positive detection.

3

Thanks for the reply David.

The link that you posted I found but didn’t make a lot of sense when I first viewed it. Now it does.

If Avast idendifid it as a Win32.trojan, why does the link say its safe?

Some good advice regarding moving to the chest. I suppose my knee jerk reaction is “get the damn thing off my PC”. Over reaction on my part!

4

The link is just showing that there are possibly legitimate files of this name and I tend to search on a file name and see what the associations are, like are there any for legit files or are they all references to malware. If there are any legit references then further investigation is necessary.

You could had you still got the file done a down and dirty check of the file size of yours against those in the link.

You could also have uploaded it to a multi-engine scanner for confirmation, etc.
You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently over 30 different scanners.