Dropper virus

I am fighting a Trojan Horse Dropper.small.11.z virus. I am using AVG and it says that the virus is in my windows/system32 folder and it is named
??ool32.exe I have tryed to delete it, virus vault it, heal it, but to no avail. I have gone in and restarted my computer in safe mode, turned off system restore, and ran AVG again. AVG says that it deleted the file/virus. Also I have deleted all history, cookies, etc. Even emptied my recycle bin. After re-boot, and turning system restore back on the AVG pops up the alert of the virus again. Please help, this F#$%ing thing is driving me crazy! Thanks, Matt------- P.S. My operating system is XP pro.

 

Hi, try this with another AV (download a free trial, turn off avg)

1. Disable System Restore.
2. Update the virus definitions.
3. Restart the computer in Safe mode.
4. Clear Internet Explorer History and files.
5. Run a full system scan and delete all the files detected.


Free Trial AV's;

Nod32

Kaspersky

Panda

(only use one AV at a time on your PC to avoid conflicts)

 

Thanks, I'll give that a try

 

ok, tried that and the other av programs didn't pick anything up. There is one thing that I forgot to mention---when I go in to look for the virus
??ool32.exe in the directory, it isnt there. I have show all files turned on, and hide all files turned on also. I uninstalled AVG and re-installed later and it still pops up the detection. Any other suggestions? Thanks, Matt-------

 

Hi, try running Antispyware software (Adaware, Spybot or Microsoft Antispyware), see if that fixes it or using regedit find:

HKCU\..\Run: [Yfrjzvc] C:\WINDOWS\System32\??ool32.exe

Try and delete it manually

 

Hi, I run spybot S&D every time I start my computer and that doesn't help. I ran the registy fix and the registy mechanic, and that didn't help either, however, I didn't register it because it costs 30 bucks. So, it says it won't fix all the problems it picked up. Should I spend the money? Also, the AV only seems to pop up the detection when I open internet explorer. I also ran the search in the find files and folders again in the windows/system32 directory again and it can't find the file ??ool32.exe. Any other ideas? Thanks, Matt

 

Hi,

Try to follow instructions about Sysclean:

https://www.wilderssecurity.com/showpost.php?p=380693

Good luck.

Regards

 

Ok, tried that and it is still poping up. Maybe it has to do with a glitch in the free edition that I am using. I would email them but they don't have support for free edition users. Willing to try anything else you have up your sleeve. Thanks, Matt---------

 

I would suggest following the comprehensive steps found in General Cleaning.

If these steps do not resolve your situation, you will need to download and run “Hijack This” found here and post your log at one of the forums found at A-SAP. The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

The steps mentioned in General Cleaning use software that ought to be part of your security, as an absolute minimum. Once your system is clean, please don’t hesitate to ask further about using these and other security software to protect your computer.

Hope this helps...

Let us know how you go.

Cheers

 

Try uninstalling AVG, delete the reg keys and entries found in program files.
If you still wish to use AVG download a fresh copy and update it, see if it still picks up the problem.


If your still stuck run Hijack this post the log at another fourm, u can not post logs here anymore.

 

That same thing happened to me with AVG, which I quit using right after that. It can't heal it, it can't really DO anything, so it is still in the vault, and will continue to show up!
Get rid of your copy of AVG like Sweetie told you.

Use Black Spear's Cleaning Instructions and that should keep you from having any more trouble with it.

It was very frustrating, I know, why tell you about something it can't get rid of?

Get a good Trojan program too!

Don't download another AVG it will start all over again, find another AV, BitDefender is free, Avast! has a free AV or trial one, if $$ is a concern.

Hope you come back free and happy!
Marja

 

Maybe try downloading AVG 7.0 Professional Trial Edition, then delete it after 30 days.

http://www.grisoft.com/

That's what I do usually when I get a trojan horse or a virus. I know so because the system slows down a considerable bit. AVG 7.0 should have the appropriate definitions file to remove your trojan horse "Small". Afterwards, go to the Virus Vault and remove it.

Unfortunately, I had the same problem with another "Small" trojan, but it's to do with AVG's free version; it doesn't allow you to delete some traces of viruses, which is why it keeps cropping back up on your computer. Try the 7.0 version instead.

Also, try Ad-Aware SE free edition (darn good; gets rid of most spyware) or even as a safeguard against viruses/trojans/hackers/spyware/adware, SpywareBlaster.

Otherwise, try running regedit, and then go to HKEY_CURRENT_USER, click SOFTWARE and then try to find the folder which the virus (or trojan) has infected, and delete it. Make sure you back THIS up with System Restore i.e. before you make any changes, create a System Restore point, then attempt to delete the file/key. (Skip this step if the file is in the WINDOWS directory, which I think you said that it was).

Afterwards, I suggest searching in Microsoft's search engine ".pf" (without the quotes) to remove any traces of the virus/trojan.

If you have System Restore on at any time whilst removing this trojan horse, turn it off! System Restore unfortunately backs-up most files, and it might also backup the trojan file with it. Of course, after you successfully remove it, you can switch it back on again.

Search up TEMP in "All files and folders" with hidden files included, go to C:/Documents and Settings/YOURNAME/Local Settings/Temp and remove the troublesome .tmp file (if you can find it and if it is there).

Ignore this post if it is of no use to you.

Hope this works out okay.
Davo.