Dropper.small.5.BQ?--help please!

Discussion in 'Trojan Defence Suite' started by ScottD, Jul 24, 2004.

Thread Status:
Not open for further replies.
  1. ScottD

    ScottD Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    2
    I have been infected apparently with a Trojan Horse virus that AVG 7.0 pro identifies as:
    "Dropper.small.5.BQ" with a path of "C:\windows\system32\W32_SS.exe".
    I have been trying to get rid of this for days and have scanned the forums here and tried deleting the file, healing it in AVG, moving to the virus vault, etc. I don't know how I got this and the only AV product that seems to detect this is AVG. A online scan at mcafee came up clean as did a scan by TDS3. I was already infected though according to AVG before installing TDS3. I don't know where to turn on this. Some of the other things I've noticed since infection is Windows Media Player no longer starts and Zone Alarm pro seems to have intermittant problems starting. Also a program called "Windows NT" asks for permission through ZAP to send email when I shutdown. Do I have a problem that can be solved without a new install? Thanks for any help on this.
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi there and welcome in the forum.
    Did you close down AVG completely when scanning with TDS or the online scanners?
    To close AVG open it's GUI, uncheck all the marks andclose the GUI again, it's systray icon should be greyed out now and now please do another scan with TDS (fully updated and all scanoptions in the scan control checked and all unnecessary programs closed to give TDS full access and speed up the process). When it's finished right click one of the alarms and save to text; please paste that scandump.txt into your next posting.
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    In addition To Jooske's reply did you try removing the file in Safe mode? After a reboot, press F8 a few times just before windows atartsto load to get into safe mode. Select "Safe mode without networking" do a search for the file,

    The reason that you cannot delete it normally is because it is running.
    Safe mode only runs essential system services when loaded.

    Before you delete it would you please ZIP the file up and send it to submit@diamondcs.com.au Then delete it

    HTH Pilli
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hoped to do that via TDS :D
    But your advice is right Pilli, and probably the quickest way to deal with it. (for that testing purpose you might like to leave the zipped version on your system for TDS to look at it and give yourself a big grin deleting it from the alerts console, such a great feeling!)

    Are you sure in Safe Mode AVG is really not active in no way hiding any finds and from sight anymore?
    Make sure folder options are set to show all hidden files and extensions too, btw.

    Looking forward to your scan results! (you might like to keep that scan alerts bottom console in TDS up after the scan and posting your scandump.txt.
     
Thread Status:
Not open for further replies.