Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Trojan Dropper {Uneducated) Query

02 Aug 2013   #1

Windows7 home premium 32bit
 
 
Trojan Dropper {Uneducated) Query

Software on board / AVG (full) up to date/ Superantispyware (free) /Malwarebytes (free) both up to date.
Started system , updated Malwarebytes and performed quick scan. Notified of Trojan Dropper and Quarantined and deleted succesfully.
Then ran Full malwarebytes scan = NO issues found .
Then ran Full Superantispyware scan=No issues found
Then ran Full AVG scan =No issues found .
My Query is does this mean that the trojan inittially found has been captured and now deleted before it could execute on my system.

My System SpecsSystem Spec
.

02 Aug 2013   #2

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1 Pro
 
 

It's hard to say with absolute certainty being that viruses/malware can be quite devious, however there's a high probability that Malwarebytes did it's job & caught the culprit. If you ran a full system scan with those 3 & they showed nothing, your system is probably safe.

If you want to run a couple other tools just to be sure, you can try the following.

AdwCleaner Download

TDSSKiller, just to be certain no rootkits are hiding on your system. (Rootkits are hard to detect with conventional AV software).

Keep an eye on your PC for unusual behavior & hopefully you are indeed virus free.
My System SpecsSystem Spec
02 Aug 2013   #3
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

Quote:
Trojan-Dropper



A type of trojan that drops one or more malware onto a system. A typical trojan-dropper is a file that contains other files (its payload) compressed inside its body. In many cases, trojan-droppers also contain innocent files or multimedia files to disguise malicious activities.

When a trojan-dropper is run, it extracts all the files in its payload ad drops the extracted files to a folder (usually a temporary folder) on the system. It then runs all the dropped files simultaneously.

Trojan-droppers are usually created by special programs called 'joiners'. These programs allow the malware author to customize the trojan-dropper's functionalities and to add as many files as needed into the package.
source: How To - Terminology - T | F-Secure
My System SpecsSystem Spec
.


02 Aug 2013   #4

Windows 7 Home Premium
 
 

Oldhead,

Please run the following diagnostic tool. It is good at identifying hard to find malware.

Download the Farbar Recovery Scan Tool
Select the version that applies to your system.



Save to the Desktop.
  • Double-click the downloaded file to run it.
  • When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).
Please provide the FRST.txt in your reply.


The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply.
My System SpecsSystem Spec
02 Aug 2013   #5

Windows7 home premium 32bit
 
 

Thanks Borg386 and cottonball ,for reply and knowledge ,much appreciated.
Ran several other full scans ,Microsoft,Kasperkey,Adaware and all seems fine .

Cottonball i will run FRST 32bit and report .Logs.

Knowledge is a wonderful thing,some have more others have less ,but we all gain each day!!!!
My System SpecsSystem Spec
02 Aug 2013   #6

Windows 7 Home Premium
 
 

Ooooopsss.... My bad!

Please select the version that applies to your system (32-bit).

Good thing your Oldhead is working...apparently, mine is not!!
My System SpecsSystem Spec
02 Aug 2013   #7

Windows 7 Home Premium
 
 

Duplicate post.
My System SpecsSystem Spec
06 Aug 2013   #8

Windows7 home premium 32bit
 
 

Borg386 & Cottonball
Here is a copy of FARBAR scan for perusal.I cant see anything of real danger at the moment. Appreciate your review of logs .


Attached Files
File Type: txt Addition.txt (16.5 KB, 4 views)
File Type: txt FRST.txt (33.4 KB, 4 views)
My System SpecsSystem Spec
06 Aug 2013   #9

Windows 7 Home Premium
 
 

There is a group of empty folders such as:

00000000 ____D C:\Users\Paul\AppData\Local\{5D18D3C8-D736-4A3C-8195-8B369242D15B}

The format of the numbers appears to be a Globally Unique IDentifier (GUID).

Since they are all in "AppData", the folders may be a the result of an installation, and may leave some tracks. If you wish to look at what might be using the GUIDs you can run regedit and do an Edit > Find for each of the GUIDs. There may be a product name that is part of the Registry key the GUID is stored in.

If you do the above, take caution not to make any changes or deletions to the Registry!!

If you don't, they are just empty folders...


Also saw a Registry cleaner. They are a little bit "over-rated". May even do more harm than good.


If you haven't run an online scanner, run the following when you have the time (It may take a while...).

The ESET Scanner is implemented as an ActiveX control, so it is best run on Internet Explorer.
Right click the IE shortcut and select: Run as Administrator

Next, download: Free Online Virus Scanner | ESET

On the ESET website, click on: Run ESET Online Scanner
Click: Start

When asked, allow the add-on to be installed
Click: Start again

On the next prompt, Computer Scan Settings, check: Remove found threats
Next, click on: Advanced Settings


Make sure these options are checked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
Click: Scan



When the scan is completed, if threats are found, in the Scan Results prompt:
  • Click on: List of threats found
  • Click on: Export to text file
  • Save to the Desktop and name it ESET Scan Results
  • Click on: Back
  • Place a check on: Uninstall application on close
  • Click on: Finish, and close the program.
If anything is found, please provide the ESET report in your reply to determine if any further action is necessary.
My System SpecsSystem Spec
07 Aug 2013   #10

Windows7 home premium 32bit
 
 

Many thanks to those who replied ,especially cottonball . Made my day ,now everything is back to normal .
Congrats forum members.
My System SpecsSystem Spec
Reply

 Trojan Dropper {Uneducated) Query




Thread Tools




Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 05:15 PM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33