Infected Win32/TrojanDropper.VB.NGP - NOD does not remove.

Discussion in 'ESET NOD32 Antivirus' started by coiter, Feb 3, 2009.

Thread Status:
Not open for further replies.
  1. coiter

    coiter Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    37
    NOD blocks it from spreading to the network, but it wont remove it. Any scans on the system and it says there is nothing there. but still it fills the log.

    TTP filter file ~Link removed. No links to malware or possible malware allowed here.~ Win32/TrojanDropper.VB.NGP trojan connection terminated - quarantined

    Real-time file system protection file C:\WINDOWS\system32\sdsxdshd.exe Win32/TrojanDropper.VB.NGP trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE.

    Need help removing this, and why doesnt NOD remove it, when it detects it?
     
    Last edited by a moderator: Feb 3, 2009
  2. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    I don't think v3 can clean it, this needs v4 to be cleaned. But please edit your post and mung your malware link so people don't click it. Changing it to hxxp will suffice.
     
  3. CoolShady

    CoolShady Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    19
    This.

    Either that or download another program that will delete it.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    A log from SysInspector would shed more light. Please send it to samples[at]eset.com with this thread url in the subject. I assume there's a dll injected into explorer.exe that keeps downloading the malicious file.
     
  5. coiter

    coiter Registered Member

    Joined:
    Mar 4, 2008
    Posts:
    37
    cant find any other programs that will delete it, and im sitting on a 256 kbit satelite link, so there is a limit to what i can download.

    there is a registry entry that is run after every reboot, that runs a file from the "recycler" folder. and puts the file in there somewhere and other stuff. Temporarty internet files downloads the EXP, then ther eis shdsdsh.exe fiel that goes into windows\system32\ folder.

    i have tried superantispyware, spyware doctor, ad-aware, prevx.
    the typical download and scan, pay if you wanna clean it.

    searched google, but hardly any hits on the malware. and removal procedures.
     
  6. CoolShady

    CoolShady Registered Member

    Joined:
    Feb 1, 2009
    Posts:
    19
    1. Download and install Malwarebytes. Google it.

    2. Boot your computer up in safe mode.

    3. Run a full system scan using Malwarebytes and let it do it's thing.

    4. Let us know the outcome. :thumb:
     
  7. Brummelchen

    Brummelchen Registered Member

    Joined:
    Jan 3, 2009
    Posts:
    1,732
    Biggest mistake in the world - no av-program can remove anything.
    av-programs can protect to be infected - but they are still worse in cleaning.
    so microsoft themselfes wrote that a infected system cant be cleaned

    admin words: backup backup backup!!!

    And - the windows built-in system recovery is NO backup.
     
  8. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    Please follow this advice, SysInspector is a small program that should download ok on your link.

     
Thread Status:
Not open for further replies.