Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: NSE did not detect the Dropper Trojan


22 Nov 2013   #1
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 
MSE did not detect the Dropper Trojan

A full scan with SAS just revealed that I had the Dropper Trojan on my system. SAS got rid of it.

This despite MSE running all the time and my MSE has all the latest definition updates.

Maybe you want to run a full scan with SAS to make sure.

My System SpecsSystem Spec
.

22 Nov 2013   #2

W7 Pro SP1 64bit
 
 

You did see this thread - right?

MSE worries
My System SpecsSystem Spec
22 Nov 2013   #3
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

Quote   Quote: Originally Posted by UsernameIssues View Post
You did see this thread - right?

MSE worries
Thanks for pointing that out. I did not remember that thread.
My System SpecsSystem Spec
.


22 Nov 2013   #4

Windows 7 Home Premium
 
 

Which Dropper Trojan did you have on the system?

Did MSE or SAS give you more info than just that name?
My System SpecsSystem Spec
22 Nov 2013   #5
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

This is the name in the SAS log " Trojan.Dropper/Gen-NV "
My System SpecsSystem Spec
22 Nov 2013   #6

Windows 7 Home Premium
 
 

Any file identified by SAS? It is a good scanner, however, IMO, Malwarebytes is way ahead of the game.

Just to make sure there is nothig 'lurking', let's do the following:

Please go to the Malwarebytes Anti-Malware Download
Save to the Desktop
Double-click the downloaded MBAM file to run it.

When the installation begins, follow the prompts in the setup process.
Do not make any changes to default settings and when the program has finished installing, make sure only the following options are checked:
>Update Malwarebytes’ Anti-Malware
>Launch Malwarebytes’ Anti-Malware
Uncheck:
>Enable free trial of Malwarebytes Anti-Malware PRO
Click on the Finish button.

If an update is found, the program automatically updates itself.
At the program console, on the Scanner tab, and select: Perform Quick Scan

Next, click on the Scan button.

When the Malwarebytes scan is completed, click on: Show Results
When presented with a screen showing the malware detected, make sure everything is Checked, and click on: Remove Selected

When removal is completed, a report opens in Notepad.

Please copy/paste the entire contents of the MBAM report in your reply.

Note: If MBAM encounters a file that is difficult to remove, you are asked to reboot the computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) prevents MBAM from removing all the malware.
My System SpecsSystem Spec
22 Nov 2013   #7
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

They look like tracking cookies to me. What do you think ??

Quote:
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 7
HKCR\AppID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} (PUP.Optional.WeCare.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (PUP.Optional.Iminent.A) -> Data: -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{977AE9CC-AF83-45E8-9E03-E2798216E2D5} (PUP.Optional.Iminent.A) -> Data: Ěéz—ƒŻčEžây‚âŐ -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
C:\Users\whs\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
Files Detected: 2
C:\Users\whs\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\whs\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
(end)



Attached Thumbnails
NSE did not detect the Dropper Trojan-2013-11-22_2017.png  
My System SpecsSystem Spec
22 Nov 2013   #8

Windows 7 Home Premium
 
 

PUPs - indicates a Potentially Unwanted Program.
A program that contains adware, installs toolbars, or has other unclear objectives.

You may want to download AdwCleaner to the Desktop.
http://www.bleepingcomputer.com/download/adwcleaner/
•Close all open programs and internet browsers.
•Double-click on AdwCleaner.exe to run the tool.
•Click the Scan button and wait for the process to complete.

If you find entries or programs you wish to keep, please uncheck them.

Click on the Clean button to remove the rest, and follow the prompts.

Once done, press the Uninstall button to remove the program.
If, down the road, you need to use this program again, it is bet to download a new/updated copy.
My System SpecsSystem Spec
22 Nov 2013   #9
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

I get those tracking cookies a lot. Sometimesd SAS finds over 100 in 3 day intervals.
My System SpecsSystem Spec
22 Nov 2013   #10

Windows 7 Home Premium
 
 

I call SAS the 'Cookie Monster'!!
My System SpecsSystem Spec
Reply

 NSE did not detect the Dropper Trojan




Thread Tools



Similar help and support threads for2: NSE did not detect the Dropper Trojan
Thread Forum
Solved Trojan Dropper {Uneducated) Query System Security
Postal Service "Package Waiting" Scam.... Trojan Dropper Virus. System Security
I can't seem to be able to get rid of Trojan.dropper.BCMiner System Security
Trojan.Dropper/Gen System Security
Solved SuperAntiSpyware detected Trojan.Dropper/Win-NV System Security

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 06:19 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33