Trojan horse Dropper Small.4.AG

Discussion in 'malware problems & news' started by nexusl, Sep 27, 2004.

Thread Status:
Not open for further replies.
  1. nexusl

    nexusl Guest

    If you delete the main c:\windows\inetpal folder it gets rid of it. The ordgin of this Trojan and the other 5 version is unknown
     
  2. Marja

    Marja Honestly, I'm not a bot!!

    Joined:
    Mar 8, 2004
    Posts:
    4,553
    Location:
    In the Vast Fields of My Mind
    You can do that, but, it will still be in your programs file under New.Net, so you have to delete that too, I also got a Trojan Dropper.Small.6.L, AVG flashed a box on my screen when I was opening a zip file, that I had d/l'd a couple weeks ago at a screensaver theme website, now I have all these zip files, so I guess I should get rid of them, just in case. AVG said it could not heal it, so ZA told me how to get rid of it. I couldn't get the file zipped and sent to you, so that's all I could do. (My computer freezes when I try to send files?) But, maybe I could send you the other ones. TDS said it couldn't open the files it was in, so it didn't find it, I opened the file and scanned afterwards, but, nothing else was found. (The wise &^% wizard brought it to me too. Should I look anywhere else? Re-scan with the updated TDS?
    Thanks!
    Marja
     
  3. ?!!

    ?!! Guest

    It also puts a file for a toolbar called QuickSearch toolbar with a dll .
    Look for that too.
     
  4. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    I have split these 3 posts off from an old thread in the TDS forum as
    1 they have nothing at all to do with TDS
    2. They are replying to a thred that was dealt with back in MAY ( 6 Months ago) so are no longer relevant to that thread

    I will let this thread run for a while as it might give some useful information to someone, but if I see too much wrong or irrelevant info I will quickly close it
     
  5. jdsk1198

    jdsk1198 Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    2
    My neice has an AVG Resident Shield pop-up that keeps coming up on her computer saying that she has this virus. Here's exactly what the pop-up says:

    AVG Resident Shield
    Virus
    Trojan horse Dropper.Small.4.AG is found in file C:\System Volume Information\_restore{26CD2BFF-47B6-4AEB-9197-1C8FC9604755}\RP259\A0009753.exe

    To remove this virus, please run AVG for Windows.

    I ran it, but it didn't do anything. I put McAfee on her computer. It found/cleaned it, along with several tracking cookies. The message is still popping up. I updated/re-ran McAfee, and downloaded Anti-Trojan Elite and ran it as well. Both came up with nothing. However, the pop-up is still happening. What do I need to do to fix her computer for her? Any help is greatly appreciated.

    Jacky
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
  7. jdsk1198

    jdsk1198 Registered Member

    Joined:
    Dec 28, 2004
    Posts:
    2
    I turned it off and scanned again. It didn't find anything. However, when I turned it off, it said that all previous restore points would be deleted if I did. I guess it deleted it before the scan? Anyway, so far...so good. Haven't had any more pop-ups about it anyway. Thanks.

    Jacky
     
  8. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi Jacky,
    Yes, turning system restore off and rebooting your computer will purge all restore points, which would have also included the malware files that were also backed up in the system restore.

    Good to hear your system is clean. Do not forget to turn your system restore back on again. You can find instructions on how to re-enable system restore in the link ronjor gave you.

    You might also want to read this thread to learn how to tighten your security: "How did I get infected in the first place"

    Regards,

    snap
     
Loading...
Thread Status:
Not open for further replies.