Sophos found "troj-Psyme-DT" but Webroot didn't????

  • 13 August 2012
  • 1 reply

Userlevel 1
So I was doing a tune up on a PC and I was told it had some viruses on it and it was very laggy. I installed free Sophos Virus Removal Tool just to see what was going on before I installed Webroot in case there was stuff that the free tool couldn't remove. I did the scan, and sure enough it had like 11 assorted trojans and malware. It took it all off but one. It was labeled "troj-Psyme-DT" so I installed Webroot, but it found NOTHING. I scanned with both of them like 3 times and both had the same result. So I found where exactly the trojan was located; in a folder on Symantec Antivirus that I just recently uninstalled. (Ironic huh?)
Can I just delete the folder C:Program FilesSymantec Antivirus since I no longer have the program to get rid of the trojan?
Also, the PC its on has Windows XP with service pack 3 if that helps.

Best answer by JimM 13 August 2012, 21:46

View original

1 reply

Userlevel 7
Hi there, and welcome to the Webroot Community :)
The answer to this question is going to be the same as the one I provided here earlier today when asked about why Webroot didn't find another threat for the same reason.  I'd encourage you to read that response as well.  We won't look in that folder by default during a standard Deep Scan, because the items sitting in there are inert and harmless unless they are run.  In which case, if they were run, the shields would catch them.  If you had done a Full Scan, it would have found the threat, but it's not really necessary to do that.  A threat is only truly a threat if it stands to threaten you.  Since the file has no chance of being automatically run, it is ignored by default.
Plus, if you're finding it in your Symantec directory, there's a good chance the file exists in Symantec's quarantine, meaning it's already been dealt with.  And to answer your question regarding the Symantec directory, it's probably fine to delete the folder if you've already uninstalled the program, but I can't give you a firm answer on that since it's another company's antivirus software.  The best people to ask that question would be Symantec if you want to be positive.