NOD blocks it from spreading to the network, but it wont remove it. Any scans on the system and it says there is nothing there. but still it fills the log.

TTP filter file ~Link removed. No links to malware or possible malware allowed here.~ Win32/TrojanDropper.VB.NGP trojan connection terminated - quarantined

Real-time file system protection file C:\WINDOWS\system32\sdsxdshd.exe Win32/TrojanDropper.VB.NGP trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE.

Need help removing this, and why doesnt NOD remove it, when it detects it?

I don't think v3 can clean it, this needs v4 to be cleaned. But please edit your post and mung your malware link so people don't click it. Changing it to hxxp will suffice.

{QUOTE-> I don't think v3 can clean it, this needs v4 to be cleaned. But please edit your post and mung your malware link so people don't click it. Changing it to hxxp will suffice. <-QUOTE}
This.

Either that or download another program that will delete it.

A log from SysInspector would shed more light. Please send it to samples[at]eset.com with this thread url in the subject. I assume there's a dll injected into explorer.exe that keeps downloading the malicious file.

cant find any other programs that will delete it, and im sitting on a 256 kbit satelite link, so there is a limit to what i can download.

there is a registry entry that is run after every reboot, that runs a file from the "recycler" folder. and puts the file in there somewhere and other stuff. Temporarty internet files downloads the EXP, then ther eis shdsdsh.exe fiel that goes into windows\system32\ folder.

i have tried superantispyware, spyware doctor, ad-aware, prevx.
the typical download and scan, pay if you wanna clean it.

searched google, but hardly any hits on the malware. and removal procedures.

1. Download and install Malwarebytes. Google it.

2. Boot your computer up in safe mode.

3. Run a full system scan using Malwarebytes and let it do it's thing.

4. Let us know the outcome. :thumb:

Biggest mistake in the world - no av-program can remove anything.
av-programs can protect to be infected - but they are still worse in cleaning.
so microsoft themselfes wrote that a infected system cant be cleaned

admin words: backup backup backup!!!

And - the windows built-in system recovery is NO backup.

Please follow this advice, SysInspector is a small program that should download ok on your link.

{QUOTE-> A log from SysInspector would shed more light. Please send it to samples[at]eset.com with this thread url in the subject. I assume there's a dll injected into explorer.exe that keeps downloading the malicious file. <-QUOTE}