Dropper.small?

I am not sure how this got onto my system because I am careful with my surfing habits and I do not download attachments. I will do a full scan with Nod32 shortly along with going over to Trend Micro to get a second opinion. Any input would be appreciated.

 

It's probably that Poison Ivy Trojan I submitted for analysis the other day.. That thing was a very tiny Trojan program (11kb in size or so).

 

What you're waiting for, buddy? Ditch it! It's a trojan downloader.

Who knows how it got there... It's a heavy guesswork, and if someone knows that, it should be you.

I would only suggest disabling system restore, scanning in safe mode, deleting the nasty. Reboot and reenable system restore.

Cheers.

 

Thanks for the replies. I did get rid of it. I have been using PCs since 1989, and I have never had a virus or a Trojan. My most recent download, which was a few days ago, was for the full version of Dragon 9.5 from the Nuance website. I did another scan with AVG Anti-Spyware and it came up clean. I also deleted all my cache files, history items, unprotected cookies, plug-ins and activeX controls. So far Dropper.small has not reared its ugly head again. If Dropper comes back after I have tried your suggestions, I think I will scorch the Earth (wipe the drive) and reinstall Windows. I am really careful with what I do or where I go on the Net and it just bugs me that I would get a Trojan.

 

The file was located in your system restore image directory. Who knows how long it's been there.

 

Good. You killed the beast. Kudos.
I was just wondering - NOD detected it as well, right?

 

Hi, Nick. I just deleted it out of AVG. I have been working at the PC so I have not had time to run NOD32 yet. I will be finished with my work in about 20 minutes and then I will do a scan with NOD32. I will let you know the results.

Thanks again!

 

The answer is no. I ran AVG Anti-Spyware and it found Dropper.small. I deleted it from AVG. After that, I ran Nod32 and the results were 0 threats found. I did an online scan over at Trend Micro and it found 3 potential vulnerabilities. It turns out that I needed to do my Microsoft "Office" updates. There were critical updates for Microsoft word and Excel. I think it should be Microsoft's responsibility/job to inform me about these office updates. I usually do them about every three or four months. Maybe OpenOffice is a better alternative.

I was a little surprised that this Trojan got through Nod32 defenses. I am reading through the threads here and it looks like I may need to uninstall Nod32 and then reinstall using Blackspears extra settings.

No rest for the weary.

 

Well, that's why NOD was unable to detect it. It was gone...

Have you actually performed a manual scan with NOD32 before deleting a trojan with AVG? Trojan was found in system restore, so on-access scanner (AMON) was helpless about it.

You don't have to reinstall, just apply the settings.

Cheers

 

Hi Nick, this was my first Trojan, so the answer is no. One thing I have not done is clear all my restore points and then do a scan with Nod32. As far as I can tell, Dropper.small is gone.

After doing a little more reading I realized that I could scroll down the page and add the extra settings where needed.

Thanks for your help!

If it didn't crash, it wouldn't be a computer.

 

Well, the malware is gone, so it really doesn't matter. I believe NOD32 would've detected it. You don't have to delete all your restore points, they're fine.

Cheers.

 

You should always delete your restore points once you are infected, it is likely and possible that the infected files and registry keys will be restored if you ever use them, if your AV searches them and deleted the files from the restore point then you won't be able to use it anyway.

 

Restore points have been deleted. Will be running Nod32 pronto.

Thanks!

 

That would only be valid for the restore point on which the malware was found. It's OK to delete that restore point, sure.
But you don't have to delete all restore points just because one was infected... with this kind of malware.

 

Yes you would, because restore points are cumulative(like doing a differential back up), once you delete something from one of them, none of the points after that will work, because they rely on the points before them.