TROJ_SMALL.FO can't find how to get rid of it or what damage it can do

Discussion in 'Trojan Defence Suite' started by srschulz@execulink, May 1, 2004.

Thread Status:
Not open for further replies.
  1. srschulz@execulink

    srschulz@execulink Registered Member

    Joined:
    May 1, 2004
    Posts:
    1
    Location:
    London, ON
    undefined
    Sorry for any mistakes. I'm new at this.

    I just updated my Virus-Scan yesterday. Today I decided to do an overall virus-check and came up with the TROJ_SMALL.FO (at least it looks like a period between the L and F). I have been unable to find this virus listed in the usual places. When I looked for the file that it is in, found several mentions of a similar virus in the same file at this site: WINDOWS/TEMP/XWXLOAD.EXE (I know they should all be backslashes but I have no driver at the moment for my international keyboard and some things just aren't available.)

    Can anyone tell me what this virus might do and especially how I might get rid of it? So far I can't see that it has interfered with anything that I've tried to do. But who knows what's going on in the background. I'm very new at getting rid of viruses, so I'll need very explicit instructions if necessary.

    Thanks to anyone that can help.
     
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Googled around a bit more. I see only trendmicro mentioning that filename in it's definitions at the moment, but no description about it.
    So i googled on your filename too.
    Seems it might be a downloader, eventueally, which we dealth with recently if it is the same kind: TrojanDownloader.Win32.Small.eh, W32/Lowx.A@dl
    (see Gavin's explanation on the other small.ff
    https://www.wilderssecurity.com/showthread.php?t=27747
    The file is TrojanDropper.Win32.Small.ff, and drops ADWARE known as TrojanDownloader.Win32.Rameh.b - which is related to F1organiser.com)
    so probably family of it.
    http://computercops.biz/modules.php?name=Forums&file=viewtopic&p=122431
    http://uk.trendmicro-europe.com/ent...detail.php?id=58333&VName=TROJ_LOWX.A&VSect=T
    Does the trendmicro description make any sense? Anyway, please first of all post your HJT log so we can see what more to be done and look for.
    And to be sure, please locate the file and zip it and send it to submit@diamondcs.com.au just like Pilli said, there might be more involved reading the trendmicro story IF it is the same.
     
    Last edited: May 2, 2004
  5. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Small isn't a family, its a generic name given to trojans, downloaders, droppers, whatever - when they are SMALL in size :)

    Just wait on the ASViewer or HJThis log, all will be revealed. If I get a sample of it I'll let you know just WHAT it does
     
Thread Status:
Not open for further replies.