Solved Trojan Dropper {Uneducated) Query

[Oldhead]

Software on board / AVG (full) up to date/ Superantispyware (free) /Malwarebytes (free) both up to date.
Started system , updated Malwarebytes and performed quick scan. Notified of Trojan Dropper and Quarantined and deleted succesfully.
Then ran Full malwarebytes scan = NO issues found .
Then ran Full Superantispyware scan=No issues found
Then ran Full AVG scan =No issues found .
My Query is does this mean that the trojan inittially found has been captured and now deleted before it could execute on my system.

 

[Borg 386]

It's hard to say with absolute certainty being that viruses/malware can be quite devious, however there's a high probability that Malwarebytes did it's job & caught the culprit. If you ran a full system scan with those 3 & they showed nothing, your system is probably safe.

If you want to run a couple other tools just to be sure, you can try the following.

AdwCleaner Download

TDSSKiller, just to be certain no rootkits are hiding on your system. (Rootkits are hard to detect with conventional AV software).

Keep an eye on your PC for unusual behavior & hopefully you are indeed virus free.

 

[Jacee]

Trojan-Dropper



A type of trojan that drops one or more malware onto a system. A typical trojan-dropper is a file that contains other files (its payload) compressed inside its body. In many cases, trojan-droppers also contain innocent files or multimedia files to disguise malicious activities.

When a trojan-dropper is run, it extracts all the files in its payload ad drops the extracted files to a folder (usually a temporary folder) on the system. It then runs all the dropped files simultaneously.

Trojan-droppers are usually created by special programs called 'joiners'. These programs allow the malware author to customize the trojan-dropper's functionalities and to add as many files as needed into the package.

source: How To - Terminology - T | F-Secure

 

[cottonball]

Oldhead,

Please run the following diagnostic tool. It is good at identifying hard to find malware.

:info: Download the Farbar Recovery Scan Tool
Select the version that applies to your system.



Save to the Desktop.

• Double-click the downloaded file to run it.
• When the tool opens click Yes to disclaimer.
• Press the Scan button.
• FRST64 makes a log (FRST.txt) in the same directory from which the tool is run (Desktop).

Please provide the FRST.txt in your reply.


The first time the tool is run, it also makes another log: Addition.txt
Also post the Addition.txt in your reply.

 

[Oldhead]

Thanks Borg386 and cottonball ,for reply and knowledge ,much appreciated.
Ran several other full scans ,Microsoft,Kasperkey,Adaware and all seems fine .

Cottonball i will run FRST 32bit and report .Logs.

Knowledge is a wonderful thing,some have more others have less ,but we all gain each day!!!!

 

[cottonball]

Ooooopsss.... My bad!

Please select the version that applies to your system (32-bit).

Good thing your Oldhead is working...apparently, mine is not!!

 

[cottonball]

Duplicate post.

 

[Oldhead]

Borg386 & Cottonball
Here is a copy of FARBAR scan for perusal.I cant see anything of real danger at the moment. Appreciate your review of logs .

 

[cottonball]

:info: There is a group of empty folders such as:

00000000 ____D C:\Users\Paul\AppData\Local\{5D18D3C8-D736-4A3C-8195-8B369242D15B}

The format of the numbers appears to be a Globally Unique IDentifier (GUID).

Since they are all in "AppData", the folders may be a the result of an installation, and may leave some tracks. If you wish to look at what might be using the GUIDs you can run regedit and do an Edit > Find for each of the GUIDs. There may be a product name that is part of the Registry key the GUID is stored in.

If you do the above, take caution not to make any changes or deletions to the Registry!!

If you don't, they are just empty folders...


:info: Also saw a Registry cleaner. They are a little bit "over-rated". May even do more harm than good.


:info: If you haven't run an online scanner, run the following when you have the time (It may take a while...).

The ESET Scanner is implemented as an ActiveX control, so it is best run on Internet Explorer.
Right click the IE shortcut and select: Run as Administrator

Next, download: Free Online Virus Scanner | ESET

On the ESET website, click on: Run ESET Online Scanner
Click: Start

When asked, allow the add-on to be installed
Click: Start again

On the next prompt, Computer Scan Settings, check: Remove found threats
Next, click on: Advanced Settings


Make sure these options are checked:

• Scan for potentially unwanted applications
• Scan for potentially unsafe applications
• Enable Anti-Stealth Technology

Click: Scan



When the scan is completed, if threats are found, in the Scan Results prompt:

• Click on: List of threats found
• Click on: Export to text file
• Save to the Desktop and name it ESET Scan Results
• Click on: Back
• Place a check on: Uninstall application on close
• Click on: Finish, and close the program.

If anything is found, please provide the ESET report in your reply to determine if any further action is necessary.

 

[Oldhead]

Many thanks to those who replied ,especially cottonball . Made my day ,now everything is back to normal .
Congrats forum members.

 

[Jacee]

cottonball knows so much!! Always take the advice from this member!

 

[cottonball]

@Oldhead,

Glad to help, even if just a tad.


@Jacee

Thanks for the vote!

What I know fits on the nail on my little finger. There is one thing for sure about this...when you think you know the solution, the malware changes!!