Win 7 Action Center reports pc is infected with win32/Small.ca trogan


  1. Posts : 4
    Widows 7 Professional x64
       #1

    Win 7 Action Center reports pc is infected with win32/Small.ca trogan


    Hello,

    My Windows 7 action center has told me to "remove the Win32/Small.CA virus from your computer". Although it provides very little assistance in removing the virus. The message first appeared on the 26 Dec 2012.

    My computer has blue screened several times over the last month although recovers very easily.

    I have scanned with, Comodo Internet Security Complete 2012, Malwarebytes, tdsskiller, ComboFix, ESET, windows defender, HitmanPro and SuperAntiSpyware. None of thes found any problems.

    I have read in forums that this is one of the worst trogans although I am yet to find a solution. I am wondering if it is a false positive identified by Windows.

    Any help would be greatly appreciated.

    Thanks
      My Computer


  2. Posts : 10,994
    Win 7 Pro 64-bit
       #2

    Hello chirpy and welcome to Seven Forums.

    This Microsoft forum thread discusses the win32/Small.ca trojan in some detail. Apparently the Action Center reports it but traditional scans don't find it. This malware always seems to end with a period followed by a series of one, two, or three letters representing a specific country or area. The .ca would indicate Canada. For a more generalized look-up I searched for win32/Small and found a possible fix from Dr.Web.

    Windows 7 and how to remove Win32/Small.CA virus - Microsoft Community

    Dr.Web Anti-virus - How To Remove Virus (Trojan-Downloader.Win32.Small.dac) - [DRWEBHK.COM]
      My Computer


  3. Posts : 4
    Widows 7 Professional x64
    Thread Starter
       #3

    How to resolve the win32/Small.CA trogan


    marsmimar

    Thanks for your response.

    Quick question for you - Understanding that The .ca would indicate Canada. Is the .CA the point of origin or the place of infection.

    I am in Australia so I expect that the .CA is the point of origin.

    Is that a fair assumption?

    Thanks
      My Computer


  4. Posts : 10,994
    Win 7 Pro 64-bit
       #4

    From what I could gather, it could be either one. In this particular case I would guess that .ca would indicate point of origin. But I'm guessing it's also possible that this specific malware might have originated as a .cn, from oh let's say China, circled the globe a few times, got changed along the way, and eventually came to you as a .ca.
      My Computer


  5. Posts : 7,781
    Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
       #5

    It wouldn't hurt to run Windows Defender Offline after you look at the other links & apply the actions. However, be sure to make this on a clean PC, not the infected one as this can compromise the scanner.

    I suggest this as, unfortunately, viruses/malware tends to invite other nasty stuff onto your PC.

    If you want to be 100% sure that your PC is trustworthy again, then a clean install is your best option.

    Clean Install Windows 7
      My Computer


  6. Posts : 4
    Widows 7 Professional x64
    Thread Starter
       #6

    Hi

    I have run DR Web Cure IT! and Security Space although they have not identified the trogan.

    I will now run Windows Defender Offline as suggested by Borg 386.

    I am still hoping that it is a false positive?

    Should I uninstall Dr Web Security Space?

    I am currently running
    - Comodo Internet Security Complete 2012 - used mainly for the firewall.
    - Bitdefender Total Security 2013 - used for Anti-Virus
    - Malwarebytes - used for scanning files that I am not sure about.

    All of the above have been uninstalled as required by Dr Web Security Space.
      My Computer


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:02.
Find Us