Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dropper Small - Trojan


  • Please log in to reply
6 replies to this topic

#1 alkan

alkan

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 25 July 2007 - 05:53 PM

a scan with avg anti spyware reported finding dropper small , which it deleted. i disabled system restore. went into safe mode and scanned with the following :- super antispyware, spybot, a squared, avg anti virus 7.5 and again with avg anti spyware. nothing was found. i rebooted into normal mode and re-ran avg anti spyware, again nothing was found. i have not, as yet enabledm system restore until i have a clean pc.
my query is, are there any other steps i can take to ensure that the trojan has been removed , or can i assume the removal has been successful after the clean scans.

BC AdBot (Login to Remove)

 


m

#2 buddy215

buddy215

  • BC Advisor
  • 12,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:20 PM

Posted 25 July 2007 - 06:39 PM

The security experts here at BC advise not to delete your restore points until your computer is malware free.
From the info you have furnished I would say you successfully removed the malware. It would be safe to set a new restore point.

How do you think this got on your computer?

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#3 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:20 PM

Posted 25 July 2007 - 06:40 PM

First thing i would suggest is to re-enable your system restore.
Like they say...... even a bad restore point is better than none at all.

Trojan.Dropper is a generic term for a type of trojan. Droppers simply "drop other files" which are usually trojans.

'Dr Web' seems to have good results with this type of trojan.

Please download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer into SAFE MODE" using the F8 method.
To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with DrWeb-CureIt as follows:
  • Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
  • Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan tab" and UNcheck "Heuristic analysis"
  • Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
  • Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
  • When done, a message will be displayed at the bottom advising if any viruses were found.
  • Click "Yes to all" if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
    (This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
  • Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop. ( just in case you ever need it)
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
See if this helps.

BBPP6nz.png


#4 alkan

alkan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 26 July 2007 - 04:59 AM

thanks for advise on drweb-cureit. will be using it as advised and see what it produces.
what is the best software for preventing trojans infecting the system, i.e. a real time scanner. ive avg anti-spyware with real time scanning, which obviously didnt prevent the tojan installing. would there be a problem with running more than one real time scanner together.
i dont know how i got the trojan, as i only visit a small number of sites for my hobbies, clay shooting, football, and travel sites. the wife is mostly on employment agency sites and e-bay. i scanned with superanti spyware and a squared 3 days ago and had clear reports.
i will post reult of scan

#5 Starbuck

Starbuck

    'r Brudiwr


  • Malware Response Team
  • 4,146 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midlands, UK
  • Local time:06:20 PM

Posted 26 July 2007 - 06:04 AM

what is the best software for preventing trojans infecting the system, i.e. a real time scanner.

It's not easy to say which is the best.... they all have their strengths and weakness's.
At the end of the day... it's what works for you.
Try out a few and see which you think is best.

would there be a problem with running more than one real time scanner together.

As long as they don't conflict.
On one of my pc's, i have:
Counter Spy
Windows Defender

Both running in real time and i haven't had a problem.

i dont know how i got the trojan

You'll never stop it completely, all you can do is minimize the risk of getting them.
Things like:
Making sure that windows is up to date.
Run a good 3rd party Firewall.
Keep your Anti-Virus protector up to date.
Run an Anti-Malware program in real time.
Scan regularly with other anti malware programs.
Make sure that your pop up blocker is turned on.


There's guide here that might help......
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/

BBPP6nz.png


#6 buddy215

buddy215

  • BC Advisor
  • 12,608 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:12:20 PM

Posted 26 July 2007 - 06:26 AM

If you didn't click on a link in an email, IM or open an attachment then you might of got hit by a "driveby". It is becoming more common. Using P2P is another risky way of getting malware.
To add to what Starbuck has provided, the best prevention against "drivebys" is using the Firefox Browser with NoScript extension.

“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss

A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”


#7 alkan

alkan
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 26 July 2007 - 09:20 AM

have run drweb-cureit as directed, given clean bill of health so assuming trojan gone.
protection comprises of :- router, firefox browser, avg anti virus (free), avg antispyware (paid for running in real time), superantispyware (free), spyware blaster (paid for), a2 (free), spybot (free), ad-aware 2007 (free), zone alarm (free), windows defender, all of which i update and use on a nearly daily basis. i must be paranoid.
thanks to you both, buddy215 and starbuck, for your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users