Dropper.small?

Discussion in 'NOD32 version 2 Forum' started by Nuke, Jul 16, 2007.

Thread Status:
Not open for further replies.
  1. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    I am not sure how this got onto my system because I am careful with my surfing habits and I do not download attachments. I will do a full scan with Nod32 shortly along with going over to Trend Micro to get a second opinion. Any input would be appreciated.
     

    Attached Files:

  2. codpet

    codpet Registered Member

    Joined:
    Jul 8, 2007
    Posts:
    28
    It's probably that Poison Ivy Trojan I submitted for analysis the other day.. That thing was a very tiny Trojan program (11kb in size or so).
     
  3. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    What you're waiting for, buddy? Ditch it! It's a trojan downloader.

    Who knows how it got there... It's a heavy guesswork, and if someone knows that, it should be you.

    I would only suggest disabling system restore, scanning in safe mode, deleting the nasty. Reboot and reenable system restore.

    Cheers.
     
  4. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    Thanks for the replies. I did get rid of it. I have been using PCs since 1989, and I have never had a virus or a Trojan. My most recent download, which was a few days ago, was for the full version of Dragon 9.5 from the Nuance website. I did another scan with AVG Anti-Spyware and it came up clean. I also deleted all my cache files, history items, unprotected cookies, plug-ins and activeX controls. So far Dropper.small has not reared its ugly head again. If Dropper comes back after I have tried your suggestions, I think I will scorch the Earth (wipe the drive) and reinstall Windows. I am really careful with what I do or where I go on the Net and it just bugs me that I would get a Trojan.
     
  5. sparx

    sparx Registered Member

    Joined:
    Jan 10, 2007
    Posts:
    60
    The file was located in your system restore image directory. Who knows how long it's been there.
     
  6. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Good. You killed the beast. Kudos.
    I was just wondering - NOD detected it as well, right?
     
  7. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    Hi, Nick. I just deleted it out of AVG. I have been working at the PC so I have not had time to run NOD32 yet. I will be finished with my work in about 20 minutes and then I will do a scan with NOD32. I will let you know the results.

    Thanks again!
     
  8. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    The answer is no. I ran AVG Anti-Spyware and it found Dropper.small. I deleted it from AVG. After that, I ran Nod32 and the results were 0 threats found. I did an online scan over at Trend Micro and it found 3 potential vulnerabilities. It turns out that I needed to do my Microsoft "Office" updates. There were critical updates for Microsoft word and Excel. I think it should be Microsoft's responsibility/job to inform me about these office updates. I usually do them about every three or four months. Maybe OpenOffice is a better alternative.

    I was a little surprised that this Trojan got through Nod32 defenses. I am reading through the threads here and it looks like I may need to uninstall Nod32 and then reinstall using Blackspears extra settings.o_O

    No rest for the weary.
     
  9. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Well, that's why NOD was unable to detect it.;) It was gone...

    Have you actually performed a manual scan with NOD32 before deleting a trojan with AVG? Trojan was found in system restore, so on-access scanner (AMON) was helpless about it.

    You don't have to reinstall, just apply the settings.

    Cheers
     
    Last edited: Jul 18, 2007
  10. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    Hi Nick, this was my first Trojan, so the answer is no. One thing I have not done is clear all my restore points and then do a scan with Nod32. As far as I can tell, Dropper.small is gone.
    After doing a little more reading I realized that I could scroll down the page and add the extra settings where needed.

    Thanks for your help!

    If it didn't crash, it wouldn't be a computer.
     

    Attached Files:

  11. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    Well, the malware is gone, so it really doesn't matter. I believe NOD32 would've detected it. You don't have to delete all your restore points, they're fine.

    Cheers.
     
  12. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    You should always delete your restore points once you are infected, it is likely and possible that the infected files and registry keys will be restored if you ever use them, if your AV searches them and deleted the files from the restore point then you won't be able to use it anyway.
     
  13. Nuke

    Nuke Registered Member

    Joined:
    Sep 19, 2006
    Posts:
    134
    Location:
    USA
    Restore points have been deleted. Will be running Nod32 pronto.

    Thanks!
     
  14. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    1,596
    Location:
    Singidunum
    That would only be valid for the restore point on which the malware was found. It's OK to delete that restore point, sure.
    But you don't have to delete all restore points just because one was infected... with this kind of malware.
     
  15. flyrfan111

    flyrfan111 Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1,224
    Yes you would, because restore points are cumulative(like doing a differential back up), once you delete something from one of them, none of the points after that will work, because they rely on the points before them.
     
Thread Status:
Not open for further replies.