Nod32 finds Win32/TrojanDropper.Bridge.A trojan in TDS Directory?

report from Nod32. Doing and evaluation in the TDS software and NOD comes up with this while scanning:

C:\Program Files\TDS3\xDynamic\TDS.Unpk\start.exe   Win32/TrojanDropper.Bridge.A trojan

 

Hi Mingus,

That is the place where TDS-3 temporarily puts files to unpack.

Were you doing a full system scan with TDS-3?
Usually in that case I would recommend to temporarily close down your resident AV.

Did TDS-3 give you any warning about that file?

I see in the primary list of TDS-3:
TrojanDropper.Win32.Bridge

Do you have the registered version of TDS-3 or the evaluation version of TDS-3?

Did you update the Trojan-definitions (Radius-file) for TDS-3 to its latest version (today)?

Could you please send that file start.exe to both ESET and DiamondCS so they can have a look at it?
Thanks !

Regards, Jan.

 

Hi and welcome!
Like Jan pointed out, the file in the Unpk is a copy of the original which is somewhere else on your system if it was not deleted yet. Did you clean out alarmed files with that same name? In that case yoy should be clean after deleting this copy.
In most cases files prom that Unpk folder are deleted after scanning, or after the next scan, while you can also do it manually yourself if an occasional file was not deleted from that folder.

 

evaluation. did download and install the update manually. I believe Nod already has this one in their definitions?

Could of been that i had already run it once, decided to disable system restore, came back and this was in the cache.

Will TDS more or less get rid of associated registry entries also? what if someone ran an A/V program and deleted all the trojan files, but left all the registry entries?

sure is hard to post to this board

 

NOD32 and TDS both have it in their definitions.
Did TDS not alarm on it again or did you delete it by now?
did you also check all the scanoptions in the scan control?
After disable system restore in the clean situation -- reboot -- enable system restore and manually make a new restore point please.

Registry associations will probably only be there if the file was executed.
In that case it's very advisable to get the AutostartViewer from the (free) products at DiamondCS site or if you feel more comfortable with the HijackThis with all options up and post your log so experts can help you look for anything suspicious more.

 

ive had the same thing happen.nod32 detected it i could not delete or rename with nod 32.so closed down warning and did full system scan with tds-3 nothing showed.a few minutes later nod32 detects again...

 

Locate the file, zip it and send to submit@diamondcs.com.au Thanks. Might be another variety.