Trojan horse Dropper.Small.15.BP

Discussion in 'malware problems & news' started by NathanB, Oct 11, 2005.

Thread Status:
Not open for further replies.
  1. NathanB

    NathanB Registered Member

    Joined:
    Oct 11, 2005
    Posts:
    6
    I got the trojan horse Dropper.Small.15.BP from a music download. I am using free AVG 7.0+Firewall It found the virus but wont deleat from computer only cleans it. I know there are ways to deleat it by going through the registry and is what i would like to do. Can anyone show me the steps? im running WinME. Help would be vary greatful. :)
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Hi NathanB and welcome to Wilders.

    Can u post the path of the file or description?

    Did u try to delete the file in safe mode?

    I'm not comfortable doing things in the registry so if it was me, i would post a HijackThis log over here,

    http://gladiator-antivirus.com/forum/index.php?showforum=170

    then wait for the malware experts to give recommendations on any nasties found. ;) :D


    snowbound
     
  3. NathanB

    NathanB Registered Member

    Joined:
    Oct 11, 2005
    Posts:
    6
    i understand you not wanting to do it through the registry...I just havent found a program to completly remove it without forking out those green slips. I havent tried to remove it in safe-mode either. Although i doubt Free AVG will really remove it.
    As far as the file path you requested it is located in C:\_RESTORE\TEMP\A0006148.CPY 32KB:cool:
    I will also try the SpyBot method.....Thx
     
  4. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    The path indicates it's in your System Restore.

    Just disable System Restore, reboot, renable it, and that should take care of it. ;)

    Don't forget to create a new restore point when u are finished.

    If u are unsure, here's how,

    http://www.pchell.com/virus/systemrestore.shtml


    snowbound
     
  5. NathanB

    NathanB Registered Member

    Joined:
    Oct 11, 2005
    Posts:
    6
    So just by disabling it and reinabling it will remove it?
    I did so, however it still remains in my AVG vault. Does this mean that its still in my system?
     
  6. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Yes disabling System Restore will remove the virus.

    Are u saying u did another scan with AVG after u were done?

    Iam not familiar with AVG but it should come up clean with a scan afterwards.


    snowbound
     
  7. NathanB

    NathanB Registered Member

    Joined:
    Oct 11, 2005
    Posts:
    6
    I had done a scan before this morning and tried to find out how disable and deleat it. Its been in my virus vault(Qarinteen) It gave me the option to clean it.(I DID)...however it remained in my vault. I did what you told me and turned restore off and rebooted....however it was still in the vault.
    AS OF NOW....i deleated it out of the vault with my restore turned off and Im running a virus scan and....HMM seems to have fixed the problem..NO VIRUS FOUND....Man thats good news.....hey, Thank you vary much...:D
     
  8. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    Your Welcome. :)

    The ones in restore are always the easiest to erradicate. :D

    My posting style is not the greatest but thankfully, it all worked out in the end. :)


    snowbound
     
  9. Mere bag'O'shell's, right Snowy? :D

    GF
     
  10. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
    U got it GF! :D



    snowbound
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.