Removing Trojan Horses: Dropper.small

By siso80
Oct 27, 2007
Topic Status:
Not open for further replies.
  1. so...I had a few trojan horses popping up in AVG free antivirus, put them in quarintine and did some research about how to get rid of them. I came across Techspot, viewed the FAQ and so far I have done the following

    1. scaned my computer with
    Trend Micro Housecall
    and AvG Free virus and they found a few Trojan horses

    2. Cleared my cookies, Downloaded and ran AVG antispyware
    Here is the scan before I cleaned up, after I deleted all the files the second scan came up empty. But in Quarintine there is still this:
    C:\WINNT\system32\Windows_System.exe infected with Dropper.small in the quarintine listed 3 times

    I also ran hijackthis and posted

    thank you
  2. Rik

    Rik Banned Posts: 4,985

    You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

    Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, Combofix, Panda Antirootkit, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


    This thread is for the use of siso80 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Hello and welcome to Techspot.

    Your running an outdated version of HJT. See HERE for instructions.

    Your system is infected with malware.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

    Also, let me know the results of the Panda Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of siso80 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  4. siso80

    siso80 Newcomer, in training Topic Starter

    hopefully fixed?

    so i followed those guides as close to the letter as possible and in this order. noting any problems along the way
    STEP1:
    Temporarily Disable Real Time Monitoring Programs. ok
    STEP2:
    free AVG antivirus and Comodo firewall programmes. ok
    STEP3:Housecall
    I cant tun this scanner, its not working for me, i think it has something to do with too slow (56k) internet connection

    STEP4:
    LATEST version of HJT (currently v2.0.0) ok
    name the folder HJT. ok
    STEP5:
    Crusty.exe ok
    STEP6:
    AVG Antispyware
    On the top of the main screen click Shield inactive. ok
    On the top of the main screen click 'Update'. Then click on 'Start update'. ok
    STEP7:
    SS&D latest definition files(updates). ok
    Click the immunize button in the lefthand pane ok
    then click the green immunize cross in the righthand pane.ok
    STEP8:
    Ad-Aware SE Personal ok
    STEP9: Now I am in Safe Mode
    Ccleaner
    Run the programme and make sure all the boxes are ticked ok
    did it several times. ok
    STEP10:
    Tool1 - cleaner worked but error cleaning my registry
    Tool2 - no vundo
    Tool3 - no vundo
    STEP11:
    Panda Antirootkit programme. - no rootkits
    STEP12:
    Combofix.exe. saved log and attached it as .doc
    STEP13:
    Boot into safe mode,ok
    Run a full system scan AVG Antivirus ok
    found nothing else and now in safe mode I can delete the files in the vault
    STEP14:
    SSD found nothing Ad-Aware found nothing
    AVG Antispyware.found nothing
    STEP15:
    Run HijackThis. saved log and attached as .doc

    everything seems to be fine. except Comodo Firewall seems to have had alot of activity, the firewall is working but why so much activity blocking things like? services.exe, lsass.exe, svchost.exe. I can post this log as well.

    thanks for the help
  5. howard_hopkinso

    howard_hopkinso Newcomer, in training Posts: 25,948   +17

    Looks like you did everything right, except for one thing. You`ve attach the log files in .doc format. I have removed these as .doc files can carry viruses. Please reattach the files as either .log or .txt files.

    Regards Howard :)

    This thread is for the use of siso80 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.