Trojan-dropper.W32.Paradrop.a

Discussion in 'malware problems & news' started by ghodgson, Oct 4, 2005.

Thread Status:
Not open for further replies.
  1. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    I ran a scan on my Win XP m/c yesterday with A squared and it found the above trojan, as part of Khooker.exe. Thinking it may be a FP I also ran Ewido but this also found it. It is listed as Khooker.exe, a file that is installed with SIS system VGA drivers. I googled it and many sites said this KHOOKER ,exe is a useless file and delete it. So I quarantined it with Ewido. I then googled for Trojan-dropper.W32.Paradrop.a and nothing was found on the whole net! Can anybody throw any light on this trojan.?
    Thanks Gordon
     
    Last edited: Oct 4, 2005
  2. Hi ghodgson,

    Further investigation here may tell you if it's malicious ....

    xxxx://www.sophos.com/virusinfo/analyses/w32paradropa.html <- swap x's

    or supposedly installed as an automated background process ....

    xxxx://www.infopackets.com/channels/en/windows/gazette/2003/20030917_sis_khooker_downloadware_and_video_display_trouble_part_2.htm

    Maybe a fp but I couldn't confirm this. If it show's up as an 04 entry in HJT, most likely the latter.
    Wait for more replies as I'm sure other's will answer. ;)


    GF
     
  3. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
  4. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Thanks guys, I uploaded the file to Jotti's and it found nothing, it said it was clear. So it looks like a FP, strange that EWIDO and A-SQUARED both identified it as the said trojan. Wonder if Andreas Haak wants to know about this.
    However, the end point being I am going to quarantine it anyway because all the references to KHooker.exe says it can cause problems at startup, so delete it. So nothing lost.
    Thanks again.
    Gordon
     
  5. ghodgson

    ghodgson Registered Member

    Joined:
    Dec 20, 2003
    Posts:
    784
    Location:
    UK
    Uploaded the file to Ewido and A squared yesterday, Ewido have already replied saying this FP will be fixed on the next update. Hows that for service?
    Gordon
     
Loading...
Thread Status:
Not open for further replies.