Trojan Dropper {Uneducated) Query

It's hard to say with absolute certainty being that viruses/malware can be quite devious, however there's a high probability that Malwarebytes did it's job & caught the culprit. If you ran a full system scan with those 3 & they showed nothing, your system is probably safe.

If you want to run a couple other tools just to be sure, you can try the following.

AdwCleaner Download

TDSSKiller, just to be certain no rootkits are hiding on your system. (Rootkits are hard to detect with conventional AV software).

Keep an eye on your PC for unusual behavior & hopefully you are indeed virus free.

Trojan-Dropper



A type of trojan that drops one or more malware onto a system. A typical trojan-dropper is a file that contains other files (its payload) compressed inside its body. In many cases, trojan-droppers also contain innocent files or multimedia files to disguise malicious activities.

When a trojan-dropper is run, it extracts all the files in its payload ad drops the extracted files to a folder (usually a temporary folder) on the system. It then runs all the dropped files simultaneously.

Trojan-droppers are usually created by special programs called 'joiners'. These programs allow the malware author to customize the trojan-dropper's functionalities and to add as many files as needed into the package.

source: How To - Terminology - T | F-Secure

Oldhead,

Please run the following diagnostic tool. It is good at identifying hard to find malware.

Download the Farbar Recovery Scan Tool
Select the version that applies to your system.



Save to the Desktop.

• Double-click the downloaded file to run it.
• When the tool opens click Yes to disclaimer.
• Press the Scan button.
• FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply.


The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply.

Ooooopsss.... My bad!

Please select the version that applies to your system (32-bit).

Good thing your Oldhead is working...apparently, mine is not!!

Duplicate post.

There is a group of empty folders such as:

00000000 ____D C:\Users\Paul\AppData\Local\{5D18D3C8-D736-4A3C-8195-8B369242D15B}

The format of the numbers appears to be a Globally Unique IDentifier (GUID).

Since they are all in "AppData", the folders may be a the result of an installation, and may leave some tracks. If you wish to look at what might be using the GUIDs you can run regedit and do an Edit > Find for each of the GUIDs. There may be a product name that is part of the Registry key the GUID is stored in.

If you do the above, take caution not to make any changes or deletions to the Registry!!

If you don't, they are just empty folders...


Also saw a Registry cleaner. They are a little bit "over-rated". May even do more harm than good.


If you haven't run an online scanner, run the following when you have the time (It may take a while...).

The ESET Scanner is implemented as an ActiveX control, so it is best run on Internet Explorer.
Right click the IE shortcut and select: Run as Administrator

Next, download: Free Online Virus Scanner | ESET

On the ESET website, click on: Run ESET Online Scanner
Click: Start

When asked, allow the add-on to be installed
Click: Start again

On the next prompt, Computer Scan Settings, check: Remove found threats
Next, click on: Advanced Settings


Make sure these options are checked:

• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

Click: Scan



When the scan is completed, if threats are found, in the Scan Results prompt:

• Click on: List of threats found
• Click on: Export to text file
• Save to the Desktop and name it ESET Scan Results
• Click on: Back
• Place a check on: Uninstall application on close
• Click on: Finish, and close the program.

If anything is found, please provide the ESET report in your reply to determine if any further action is necessary.