Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 - Trojan Horse Dropper


  • Please log in to reply
18 replies to this topic

#1 ndonaldson2912

ndonaldson2912

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 27 November 2015 - 07:40 AM

Hi all,

I have a Dell inspiron laptop running Windows 7 home prem. 64 bit.

I have ran Malwarebytes and it is detecting infected files called trojan.horse dropper.msl

However, Malwarebytes will hang whenever it is close to finishing scanning the system files. It does it both in normal and safe modes.

Can anyone help. Is there another tool I can use?

ndonaldson2912


Edited by hamluis, 27 November 2015 - 09:29 AM.
Moved from Win 7 to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:04 AM

Posted 27 November 2015 - 08:18 AM

Please run TDSSKiller.
 
Please download TDSSKiller from here and save it to your Desktop.
 
The log for the TDSSKiller can be very long.  If you go to the bottom of the log to where you find Scan finished you will see the results of the scan.  If it shows Detected object count: 0 and Actual detected object count: 0, this means that nothing malicious was found and you will not need to post the log.
 
1.  Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
 
tdss1_zps90132559.png
 
2.  Check Loaded Modules, Verify Driver Digital Signature, and Detect TDLFS file system.
 
If you are asked to reboot because an "Extended Monitoring Driver is required" please click Reboot now.
 
tdsskillermultiple_zps472c18eb.png
 
3.  Click Start Scan and allow the scan process to run.
 
tdss4_zps6792a13c.png
 
4.  If threats are detected select Cure (if available) for all of them unless otherwise instructed.
 
***Do NOT select Delete!
 
Click on Continue.
 
tdss5_zps98fc5887.png
 
5.  Click on Reboot computer.
 
Please copy the TDSSKiller.[Version]_[Date]_[Time]_log.txt file found in your root directory (typically c:\) and paste it into your next reply.
 
Note:  The log may be very long.  You may need to break it into parts to post the whole log.
 
=================
 
Emsisoft Emergency Kit
 
Please download Emsisoft Emergency Kit and save it to your desktop. Double click on the EmsisoftEmergencyKit file you downloaded to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click the Extract button at the bottom. A folder named EEK will be created in the root of the drive (usually c:\).

  •  
  • After extraction please double-click on the new Start Emsisoft Emergency Kit icon on your desktop.
  • The first time you launch it, Emsisoft Emergency Kit will recommend that you allow it to download updates. Please click Yes so that it downloads the latest database updates.
  • When update is complete, click Malware Scan. When asked if you want the scanner to scan for Potentially Unwanted Programs, click Yes. Emsisoft Emergency Kit will start scanning.
  • When the scan is completed click Quarantine selected objects. Note:  This option is only available if malicious objects were detected during the scan.  If this is the case select Delete selected.
  • When the threats have been quarantined, click the View report button in the lower-right corner, and the scan log will be opened in Notepad.
  • Please save the log in Notepad on your desktop and post the contents in your next reply.
  • When you close Emsisoft Emergency Kit, it will give you an option to sign up for a newsletter. This is optional, and is not necessary for the malware removal process.

================

Please run AdwCleaner
 
Please download AdwCleaner and install it.
 
When AdwCleaner opens you will see an image like the one below.
 
adwcleaner11_zps48314883.png
 
Click on Scan to start the scan.
 
Once the search is complete a list of the pending items will be displayed.  If you see any which you do not want removed, remove the check mark next to it.  
 
Click on Clean to remove the selected items.  If you have any questions about any items in the list please copy and paste the list in your topic so we can review it.  
 
You will receive a message telling you that all programs will be closed so that the infections can be removed.  Click on OK.  The computer will be restarted to complete the cleaning process.
 
When the cleaning process is complete a log of what was removed will be presented.  Please copy and the paste this log in your topic.
 
=================

Please run the ESET OnlineScan

This scan takes quite a long time to run, so be prepared to allow this to run till it is completed.

***Please note. If you run this scan using Internet Explorer you won't need to download the Eset Smartinstaller.***

ESET Online Scanner

  • Click here to download the installer for ESET Online Scanner and save it to your Desktop.
  • Disable all your antivirus and antimalware software - see how to do that here.
  • Right click on esetsmartinstaller_enu.exe and select Run as Administrator.
  • Place a checkmark in YES, I accept the Terms of Use, then click Start. Wait for ESET Online Scanner to load its components.
  • Select Enable detection of potentially unwanted applications.
  • Click Advanced Settings, then place a checkmark in the following:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click Start to begin scanning.
  • ESET Online Scanner will start downloading signatures and scan. Please be patient, as this scan can take quite some time.
  • When the scan is done, click List threats (only available if ESET Online Scanner found something).
  • Click Export, then save the file to your desktop.
  • Click Back, then Finish to exit ESET Online Scanner.

Edited by dc3, 27 November 2015 - 08:20 AM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 buddy215

buddy215

  • Moderator
  • 13,131 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:07:04 AM

Posted 27 November 2015 - 08:20 AM

You need to start a topic in the Malware Removal Forum.

 

Please follow the instructions in the Malware Removal and Log Section Preparation Guide starting at Step 6.

  • If you cannot complete a step, then skip it and continue with the next.
  • In Step 6 there are instructions for downloading and running FRST which will create two logs.

When you have done that, post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.

Start a new topic, give it a relevant title and post your log(s) along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. If you cannot produce any of the required logs...start the new topic anyway. Explain that you followed the Prep. Guide, were unable to create the logs, and describe what happened when you tried to create them. A member of the Malware Removal Team will walk you through, step by step, on how to clean your computer.

After doing this, please reply back in this thread with a link to the new topic so we can close this one.

 

DO NOT bump your new topic. Wait for a response from one of the Team Members.


“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 27 November 2015 - 08:22 AM

Unfortunately the laptop is not booting now. I got a bsod stating bad system config. Have tried booting in several modes none of them working. Is it a case now that I need to do a complete reinstall

#5 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:04 AM

Posted 27 November 2015 - 08:41 AM

Instructions for a Windows 7 Repair installation.
 
A Windows 7 Repair Installation will require a installation disc for the specific version you have installed.  If you have the installation disc needed to do the repair installation scroll down to Part B and follow the Repair Installation Instructions from there.
 
If you don't have the installation disc you can download a ISO image which you can use to create a bootable installation disc at the Microsoft Software Download
 
You will need your twentyfive alphnumerical product code to make this download.  If this is a OEM computer you will have to contact the manufacturer of your computer to get the product code. 
 
Once you have the download you will need to burn the ISO image to a disc.
 
Part A
 
How to burn ISO image using Windows Burn Disk Image.
 
Notice:  This applies only to Windows 7 and Windows 8, earlier versions do not have this.
 
1.  Place a blank DVD in the tray of your optical drive and close the tray.
 
2.  Right click on the ISO file on your desktop
 
3.  Click on Burn disc image.
 
4.  In the image below you will see Disk burner:, this should be set to the optical drive you want to use.  Click on Verify disc after burning if you want to Windows to verity the disc image after burn.  Click on burn.
 
burndiskimage1_zpsb502b181.png
 
5.  In the image below you can see that the green progress bar, when the image is finished burning the bar will be filled.
 
burndiskimage2_zps17a9d6ff.png
 
6.  After the image has been created click on Close
 
Please note:  In order to boot from the installation disc you may need to change the boot order in the BIOS so that the DVD drive is the first device and the HDD/SSD is the second device.
 
Repair Installation Instructions
 
Part B
 
1.  Place the installation disc in the tray of the CD/DVD drive, close the tray and restart the computer.
 
2.  You will be prompted to press any key to start the installation, I find the space bar handy.
 
At this point the setup process will load files, this will take several minutes.
 
3.  You will now need to choose the  Language, Time, currency format, and Keyboard or input method that you'd like to use.
 
After this is done click on Next.
 
w71_zps6dbda47e.png
 
4.  Click on the Repair your computer link at the bottom-left of the Install Windows window.
 
This link will begin the Windows 7 System Recovery Options.
 
w72_zps2a656a0c.png
 
5.  System Recovery Options will now search your hard drive(s) for any Windows 7 installations.  This will take several minutes.
 
No participation is required on your part at this time, wait till it has finished and the next window opens.
 
w73_zpsd5483f05.png
 
6.  Choose the Windows 7 installation that you'd like to perform the Startup Repair on, then click on Next
 
w74_zps490f9a17.png
 
7.  Click on the Startup Repair link from list of recovery tools in System Recovery Options.
 
w75_zps9941e858.png
 
For a future reference, there are several other diagnostic and recovery tools available in the Windows 7 System Recovery Options including System Restore, System Image Recovery, Windows Memory Diagnostic, and Command Prompt.
 
8.  The Startup Repair tool will now search for problems in the system files.
 
If Startup Repair finds a problem with any system files the tool may suggest a solution which you will need to confirm, or may solve the problem automatically.
 
w76_zps3dd75d83.png
 
9.  Startup Repair will now attempt to repair whatever problems it found with system files.  
 
Note:  If Startup Repair did not find any problems with system files you won't see this step.
 
w77_zpsd8be95eb.png
 
Important: Your computer may or may not restart several times during this repair process.  This is normal, you should allow it to continue until you see the Restart your computer to complete the repairs window. 
 
10.  Click on Finish, this will restart your computer.
 
w78_zpsd49257fb.png
 
It is possible that the Startup Repair will not be able to fix the problem.  If the Startup Repair tool determines this, it may automatically run the the repair after your computer restarts.  If it does not automatically run the repair but you are still having problems with Windows 7 repeat these steps to run Startup Repair again manually.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 27 November 2015 - 08:56 AM

The product key under the laptop has wore away. Will DELL provide me the key over the phone?

#7 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:04 AM

Posted 27 November 2015 - 09:03 AM

At this point you don't need the product key.  

 

Please do what I've suggested.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#8 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 27 November 2015 - 09:33 AM

I was able to run start up repair, however, no issues were found. Computer will still not boot

#9 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:04 AM

Posted 27 November 2015 - 09:53 AM

You evidently did not read the first part of my initial post for using the Repair Installation.  I requested that once to got to step #7 to select Command Prompt in the System Recovery Options, and then to type sfc /scannow in the command prompt, then press Enter.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#10 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 27 November 2015 - 09:56 AM

Will go through your instructions again, thank you.

#11 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 27 November 2015 - 10:29 AM

As said before in my previous comment, I cannot provide my product key as it was wore away from under the laptop. Microsoft will not allow me to download an ISO without this information.



#12 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:04 AM

Posted 27 November 2015 - 10:52 AM

The instructions I posted to download a Windows 7 ISO file state that if this computer is a OEM product you will have to call the manufacturer to get the  product key.


Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#13 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 27 November 2015 - 10:54 AM

DELL UK stated they are unable to provide product key.....I need to purchase a reinstallation disk 



#14 ndonaldson2912

ndonaldson2912
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:04 PM

Posted 27 November 2015 - 10:57 AM

Even when I enter a product key from an OEM Operating System, Microsoft refer me to the manufacturer's website. They will not release ISO links for OEM product keys...


Edited by ndonaldson2912, 27 November 2015 - 10:57 AM.


#15 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,470 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:05:04 AM

Posted 27 November 2015 - 12:30 PM

Is this computer still under warranty?


Edited by dc3, 27 November 2015 - 12:33 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users