Need help with Trojan.dropper, maybe more

By karnett
Apr 15, 2009
  1. Hi all,

    Norton AV got a bit wobbly recently and apparently let something in the door. Symptoms:

    - the ever-popular Google search results redirect
    - regedit and regedt32 are blocked
    - Windows Updates are blocked
    - updates to just about anything else are blocked
    - eventual lock up of the UI

    I've done the 8-step program. MBAW uncovered two registry key threats (shown in the attached log addendum), which were removed. SASW detected Trojan.dropper/gen-123, a DLL file, and another batch of registry keys. These have all been placed in quarantine.

    After placing these items in quarantine, the error "Generic Host Process for Win32 has encountered an error and needs to close" occurs when trying to start regedit or install Windows updates. This error makes the system unusable and it must be shut down with the power switch.

    I've attached a current MBAW log (clean) with an addendum showing the initial bad registry keys. For some reason, a log did not get generated for that pass. Also attached is the SASW log from when the Trojan.dropper items were found, and a subsequent scan after they were quarantined. And of course, a HiJack This log.

    Any help would be greatly appreciated -- Thanks!!
  2. karnett

    karnett TS Rookie Topic Starter

    Well, it's been a week and no replies, so, with a bit of disappointment, I'll consider this thread closed. I did two further scans, with F-Secure Blacklight and also with Dr. Web --both turned up nothing, although i was still blocked from updates, and the Google redirect continued to manifest.

    After some consideration, I went ahead and backed up my data files, reformatted the drive and reinstalled Windows and my various drivers and applications. I think I'll post a separate thread on that, as it worked out very well overall.
  3. karnett

    karnett TS Rookie Topic Starter

    BTW, after reformatting and reinstalling, I captured an image of the new installation and stored it on another computer on my home network -- next time, I just have to restore the image.
  4. karnett

    karnett TS Rookie Topic Starter

    In case this helps: this entire effort broke down like this:
    - back up data files - 30 mins (mostly figuring out what to back up)
    - reformat and reinstall windows - about 45 mins
    - reinstall drivers - 45 mins (mostly searching on the internet)
    - reinstall apps - 60 mins
    - restore backed up folders - 30 mins (some importing req'd for email)
    - download Windows updates - 45 - 60 mins
    - download virus updates, misc - 30 mins
  5. karnett

    karnett TS Rookie Topic Starter

    One final thought -- with the disk image and a boot/restore CD, I should be able to restore the saved image in less than one hour. Setting up and making the image took an additional hour.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...