Dropper virus

Discussion in 'malware problems & news' started by Matt, Feb 22, 2005.

Thread Status:
Not open for further replies.
  1. Matt

    Matt Registered Member

    Joined:
    Feb 21, 2005
    Posts:
    5
    I am fighting a Trojan Horse Dropper.small.11.z virus. I am using AVG and it says that the virus is in my windows/system32 folder and it is named
    ??ool32.exe I have tryed to delete it, virus vault it, heal it, but to no avail. I have gone in and restarted my computer in safe mode, turned off system restore, and ran AVG again. AVG says that it deleted the file/virus. Also I have deleted all history, cookies, etc. Even emptied my recycle bin. After re-boot, and turning system restore back on the AVG pops up the alert of the virus again. Please help, this F#$%ing thing is driving me crazy! Thanks, Matt------- P.S. My operating system is XP pro.
     
  2. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi, try this with another AV (download a free trial, turn off avg)

    1. Disable System Restore.
    2. Update the virus definitions.
    3. Restart the computer in Safe mode.
    4. Clear Internet Explorer History and files.
    5. Run a full system scan and delete all the files detected.


    Free Trial AV's;

    Nod32

    Kaspersky

    Panda

    (only use one AV at a time on your PC to avoid conflicts)
     
  3. Matt

    Matt Registered Member

    Joined:
    Feb 21, 2005
    Posts:
    5
    Thanks, I'll give that a try
     
  4. Matt

    Matt Registered Member

    Joined:
    Feb 21, 2005
    Posts:
    5
    ok, tried that and the other av programs didn't pick anything up. There is one thing that I forgot to mention---when I go in to look for the virus
    ??ool32.exe in the directory, it isnt there. I have show all files turned on, and hide all files turned on also. I uninstalled AVG and re-installed later and it still pops up the detection. Any other suggestions? Thanks, Matt-------
     
  5. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi, try running Antispyware software (Adaware, Spybot or Microsoft Antispyware), see if that fixes it or using regedit find:

    HKCU\..\Run: [Yfrjzvc] C:\WINDOWS\System32\??ool32.exe

    Try and delete it manually
     
  6. Matt

    Matt Registered Member

    Joined:
    Feb 21, 2005
    Posts:
    5
    Hi, I run spybot S&D every time I start my computer and that doesn't help. I ran the registy fix and the registy mechanic, and that didn't help either, however, I didn't register it because it costs 30 bucks. So, it says it won't fix all the problems it picked up. Should I spend the money? Also, the AV only seems to pop up the detection when I open internet explorer. I also ran the search in the find files and folders again in the windows/system32 directory again and it can't find the file ??ool32.exe. Any other ideas? Thanks, Matt
     
  7. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
  8. Matt

    Matt Registered Member

    Joined:
    Feb 21, 2005
    Posts:
    5
    Ok, tried that and it is still poping up. Maybe it has to do with a glitch in the free edition that I am using. I would email them but they don't have support for free edition users. Willing to try anything else you have up your sleeve. Thanks, Matt---------
     
    Last edited: Mar 2, 2005
  9. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I would suggest following the comprehensive steps found in General Cleaning.

    If these steps do not resolve your situation, you will need to download and run “Hijack This” found here and post your log at one of the forums found at A-SAP. The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

    The steps mentioned in General Cleaning use software that ought to be part of your security, as an absolute minimum. Once your system is clean, please don’t hesitate to ask further about using these and other security software to protect your computer.

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
  10. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Try uninstalling AVG, delete the reg keys and entries found in program files.
    If you still wish to use AVG download a fresh copy and update it, see if it still picks up the problem.


    If your still stuck run Hijack this post the log at another fourm, u can not post logs here anymore.
     
  11. Marja

    Marja Honestly, I'm not a bot!!

    Joined:
    Mar 8, 2004
    Posts:
    4,553
    Location:
    In the Vast Fields of My Mind
    That same thing happened to me with AVG, which I quit using right after that. It can't heal it, it can't really DO anything, so it is still in the vault, and will continue to show up!
    Get rid of your copy of AVG like Sweetie told you.

    Use Black Spear's Cleaning Instructions and that should keep you from having any more trouble with it.

    It was very frustrating, I know, why tell you about something it can't get rid of?

    Get a good Trojan program too!

    Don't download another AVG it will start all over again, find another AV, BitDefender is free, Avast! has a free AV or trial one, if $$ is a concern.

    Hope you come back free and happy!
    Marja:cool:
     
  12. Icewind

    Icewind Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    90
    Location:
    G'day! I'm Australian
    Maybe try downloading AVG 7.0 Professional Trial Edition, then delete it after 30 days.

    http://www.grisoft.com/

    That's what I do usually when I get a trojan horse or a virus. I know so because the system slows down a considerable bit. AVG 7.0 should have the appropriate definitions file to remove your trojan horse "Small". Afterwards, go to the Virus Vault and remove it.

    Unfortunately, I had the same problem with another "Small" trojan, but it's to do with AVG's free version; it doesn't allow you to delete some traces of viruses, which is why it keeps cropping back up on your computer. Try the 7.0 version instead.

    Also, try Ad-Aware SE free edition (darn good; gets rid of most spyware) or even as a safeguard against viruses/trojans/hackers/spyware/adware, SpywareBlaster.

    Otherwise, try running regedit, and then go to HKEY_CURRENT_USER, click SOFTWARE and then try to find the folder which the virus (or trojan) has infected, and delete it. Make sure you back THIS up with System Restore i.e. before you make any changes, create a System Restore point, then attempt to delete the file/key. (Skip this step if the file is in the WINDOWS directory, which I think you said that it was).

    Afterwards, I suggest searching in Microsoft's search engine ".pf" (without the quotes) to remove any traces of the virus/trojan.

    If you have System Restore on at any time whilst removing this trojan horse, turn it off! System Restore unfortunately backs-up most files, and it might also backup the trojan file with it. Of course, after you successfully remove it, you can switch it back on again.

    Search up TEMP in "All files and folders" with hidden files included, go to C:/Documents and Settings/YOURNAME/Local Settings/Temp and remove the troublesome .tmp file (if you can find it and if it is there).

    Ignore this post if it is of no use to you.

    Hope this works out okay. :doubt:
    Davo.
     
    Last edited: Mar 12, 2005
Loading...
Thread Status:
Not open for further replies.