Page 1 of 2
#1
I think there's a thread for this, but I couldn't find it. My Windows XP cpu seems to be infected with a "Trojan Dropper". It's shut down Norton Anti-Virus and disabled System Restore. I have no idea what to do, so any help is appreciated. Thanks in advance.
#5
Quote by MetalHead73
Just don't delete the System32 folder.

... Well, yeah, when would you ever have to?
#8
OH god. That's a bad one. When I found a TROJ_DROPPER I deleted the system32 file that was infected right away. Luckily it did no damage. Do you have any idea where you might have gotten this virus from?
#9
I think norton or mcafee have online scanning progs, once you find out what the virus name is I can help you get rid of it. (I write them) : D
#10
Quote by Zuka
It's the pit, expect trivial behaviour or get out.


+1
My Rig:

Guitars:
Schecter C-1 Classic (Deep Sea Green)
Jackson DK2M Snow White Edition
BC Rich Mockingbird Special X

Amps:
Mesa Boogie Express 5:50 212
Roland Microcube

RIP Kevin Robert Swerdfiger
September 15 1991 - May 16 2008
#11
Quote by Zuka
... Well, yeah, when would you ever have to?



you don't remember Scourge's cruel joke do you?
F.U.B.A.R.
#12
I was on MSN, and it sent me a message that said, "Is this you?" It then had a link with my address in it. I clicked on it and it automatically started dloading files to my computer.
#13
Quote by MetalHead73
you don't remember Scourge's cruel joke do you?

I recall one time a poster gave advice to the pit, suggesting we delete our Sys32 files. Other than that, no...
#15
Quote by Zuka
I recall one time a poster gave advice to the pit, suggesting we delete our Sys32 files. Other than that, no...



yeah, well Scourge told this poor kid to delete his System32 folders and files. He did, crashed his computer, Scourge was banned.

R.I.P.
F.U.B.A.R.
#16
Quote by Led_Zeppelin992
I was on MSN, and it sent me a message that said, "Is this you?" It then had a link with my address in it. I clicked on it and it automatically started dloading files to my computer.


WOW. If it fcked up your virus protection, it's gonna be kinda hard to find out what's infected.

I'm guessing you should reformat. and fast.
#17
Quote by MetalHead73
yeah, well Scourge told this poor kid to delete his System32 folders and files. He did, crashed his computer, Scourge was banned.

R.I.P.

That would be him.
#20
Personally, I reccomend not using Norton anti virus. Got a buddy who runs a computer business, and he reccomends Avast. As for the Trojan dropper, Just look on the norton website about what to do.
#21
Quote by Led_Zeppelin992
I was on MSN, and it sent me a message that said, "Is this you?" It then had a link with my address in it. I clicked on it and it automatically started dloading files to my computer.


that happened to a friend of mine, she had to have it looked at professionally. in the mean time, do not use your internet, any passwords or information you give out will be taken by the person who infected your pc, aw well, too late.
#22
All of Symantec's site's about Norton or anything are blocked. Nothing else seems to be happening, however my cpu is pretty slow.
#23
Discovered: February 2, 2000
Updated: October 23, 2005 11:05:36 AM ZE9
Also Known As: Virus.Dropper, Trojan dropper
Type: Trojan Horse
Infection Length: varies
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP

The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

Restart the computer in Safe mode or VGA mode.
Disable System Restore (Windows Me/XP).
Update the virus definitions.
Run a full system scan and delete all the files detected as Trojan.Dropper.

For specific details on each of these steps, read the following instructions.

1. Restarting the computer in Safe mode or VGA mode

Shut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode or VGA mode.
In Windows 95, 98, Me, 2000, or XP, restart the computer in Safe mode. For instructions, read the document, "How to start the computer in Safe Mode."
In Windows NT 4, restart the computer in VGA mode.


2. Disabling System Restore (Windows Me/XP)

If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.

Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.

Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.

For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles:
"How to disable or enable Windows Me System Restore"
"How to turn off or turn on Windows XP System Restore"


--------------------------------------------------------------------------------
Note: When you are completely finished with the removal procedure and are satisfied that the threat has been removed, re-enable System Restore by following the instructions in the aforementioned documents.
--------------------------------------------------------------------------------


For additional information, and an alternative to disabling Windows Me System Restore, see the Microsoft Knowledge Base article, "Antivirus Tools Cannot Clean Infected Files in the _Restore Folder," Article ID: Q263455.

3. Updating the virus definitions
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
Running LiveUpdate, which is the easiest way to obtain virus definitions.
These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
Downloading the definitions using the Intelligent Updater.
The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).

The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions.

4. Scanning for and deleting the infected files
Start your Symantec antivirus program and make sure that it is configured to scan all the files.
For Norton AntiVirus consumer products
Read the document, "How to configure Norton AntiVirus to scan all files."
For Symantec AntiVirus Enterprise products
Read the document, "How to verify that a Symantec Corporate antivirus product is set to scan all files."
Run a full system scan.
If any files are detected as infected with Trojan.Dropper, click Delete.


This is what the website said.
#26
Safe Mode.
Proud owner of an Engl Thunder 50 Reverb and an Ibanez S470

"The end is extremely fucking nigh..."
#27
Spybot Search and destroy
Or
Adaware
Both freeware. hopefully at least one of them is able to detect and remove the trojan.
Quote by p o e
lmfao man thats so sick and depraved and yet funny all at once

my hats off to you IbanezSA160, you have embodied the Pit into one little poem
#28
The best answer is backup anything you know not to be infected and format your hard drive.

I'll be honest, I've never heard of this before your post and I follow virus outbreaks pretty close. I don't know where or how you managed to get this, but there is no telling how bad your system is infected at this point. Depending upon the situation, an antivirus may or may not help. If someone specifically targetted you, then chances are an antivirus won't help too much. Don't get me wrong, its always a good idea to scan and run an antivirus, but subverting antivirus software isn't that difficult.

Here is some info on trojan droppers from F-Secure:

A trojan dropper is usually a standalone program that drops different type of standalone malware (trojans, worms, backdoors) to a system. A typical trojan dropper is a file that contains a few other files compressed inside its body. When a trojan dropper is run, it extracts all files it contains to some folder (usually temporary folder) and runs all of them simultaneously. In many cases trojan droppers contain innocent files or multimedia files to disguise malicious activities.

Trojan droppers are usually created by special programs called 'joiners'. These programs allow to customize functionalities of a trojan dropper and to add as many files as needed into the package.


So basically, you are screwed. There is no telling what type of backdoor/rootkit/virus was installed on your system and if it will be detected by an antivirus or not.

You should consider anything stored on your computer (passwords, emails, etc) and anything you have typed in to be public knowledge at this point. You should change all your passwords from a safe computer, if financial information was on your system then you should contact your bank.

EDIT:

Do you have a copy of the link that he sent you by chance? If you can find it somewhere, then I might can give you a better idea of what has happened
#29
Thanks for the help everybody, I was just on the phone with a Dell Technician and he's helping me through it. A lot of people have it, the virus goes through your MSN address book and sends a message to people with the link. You click on the link and it automatically starts dloading. I'm not the only one who has it.
#30
Quote by MetalHead73
you don't remember Scourge's cruel joke do you?

You mean his joke.

Jake, Andrew, and the "victim" were in on it. What happened behind the scenes was that they actually helped the guy with his computer problem and played a trick on UG
Last edited by kirbyrocknroll at Jan 27, 2007,
#31
Quote by Led_Zeppelin992
Thanks for the help everybody, I was just on the phone with a Dell Technician and he's helping me through it. A lot of people have it, the virus goes through your MSN address book and sends a message to people with the link. You click on the link and it automatically starts dloading. I'm not the only one who has it.


I wouldn't count too much on what a Dell tech tells you to do.

What exactly did he have you do?

EDIT:

I should probably explain. I'm not one to bash helpdesk personnel, their job is very important, but they are generally trained to handle a wide range of issues in a set fashion. Unfortunately, malicious software doesn't operate in a set fashion, which means they may or may not be qualified to help you.
Last edited by LordSephiroth at Jan 27, 2007,
#32
Well, he says it's not a virus, but Adware. We're now scanning everything with Ad-Aware SE, and we're going ot call him back after we do it.
#33
Well, I got it

McAfee Virus Scan FTW.
Get baked, study theory.

Quote by :-D
Why are you bringing Cm into this?
#34
Get the trial or premium version of "NOD 32" ..or wait for a microsoft fix. Lol.
#35
Quote by Softmod
Get the trial or premium version of "NOD 32" ..or wait for a microsoft fix. Lol.


+1

NOD32 owns all other virus protections, especially nortons. And whats best is that by editing a registry key you can change to trial from 30 days to a million.
#37
I didn't get rid of the virus, but it's not causing anymore trouble, so I'm just going to leave it for a while.
#38
Quote by Led_Zeppelin992
I was on MSN, and it sent me a message that said, "Is this you?" It then had a link with my address in it. I clicked on it and it automatically started dloading files to my computer.



I remember that. I always knew it was a virus but one day in one of my weird moods, I thought, what the heck lets click it. I clicked it and it was loading and then I disconnected.

Then my friend told me about how he just fixed his computer from that virus when I reconnected.

Wasn't I lucky.
Page 1 of 2