Removing Trojan Horses: Dropper.small

[siso80]

so...I had a few trojan horses popping up in AVG free antivirus, put them in quarintine and did some research about how to get rid of them. I came across Techspot, viewed the FAQ and so far I have done the following

1. scaned my computer with
Trend Micro Housecall
and AvG Free virus and they found a few Trojan horses

2. Cleared my cookies, Downloaded and ran AVG antispyware
Here is the scan before I cleaned up, after I deleted all the files the second scan came up empty. But in Quarintine there is still this:
C:\WINNT\system32\Windows_System.exe infected with Dropper.small in the quarintine listed 3 times

I also ran hijackthis and posted

thank you

 

[Rik]

You need to have a read of this - If your system is infected. Read this before deciding whether to CLEAN or REFORMAT.

Then if you should wish to proceed with cleaning your system you need to go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, Combofix, Panda Antirootkit, and AVG Antispyware logs as ATTACHMENTS into this thread, only after doing the above.


This thread is for the use of siso80 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your running an outdated version of HJT. See HERE for instructions.

Your system is infected with malware.

Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, AVG Antispyware and Combofix logs as Attachments into this thread, only after doing the above.

Also, let me know the results of the Panda Antirootkit scan.

Regards Howard :wave: :wave:

This thread is for the use of siso80 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[siso80]

hopefully fixed?

so i followed those guides as close to the letter as possible and in this order. noting any problems along the way
STEP1:
Temporarily Disable Real Time Monitoring Programs. ok
STEP2:
free AVG antivirus and Comodo firewall programmes. ok
STEP3:Housecall
I cant tun this scanner, its not working for me, i think it has something to do with too slow (56k) internet connection

STEP4:
LATEST version of HJT (currently v2.0.0) ok
name the folder HJT. ok
STEP5:
Crusty.exe ok
STEP6:
AVG Antispyware
On the top of the main screen click Shield inactive. ok
On the top of the main screen click 'Update'. Then click on 'Start update'. ok
STEP7:
SS&D latest definition files(updates). ok
Click the immunize button in the lefthand pane ok
then click the green immunize cross in the righthand pane.ok
STEP8:
Ad-Aware SE Personal ok
STEP9: Now I am in Safe Mode
Ccleaner
Run the programme and make sure all the boxes are ticked ok
did it several times. ok
STEP10:
Tool1 - cleaner worked but error cleaning my registry
Tool2 - no vundo
Tool3 - no vundo
STEP11:
Panda Antirootkit programme. - no rootkits
STEP12:
Combofix.exe. saved log and attached it as .doc
STEP13:
Boot into safe mode,ok
Run a full system scan AVG Antivirus ok
found nothing else and now in safe mode I can delete the files in the vault
STEP14:
SSD found nothing Ad-Aware found nothing
AVG Antispyware.found nothing
STEP15:
Run HijackThis. saved log and attached as .doc

everything seems to be fine. except Comodo Firewall seems to have had alot of activity, the firewall is working but why so much activity blocking things like? services.exe, lsass.exe, svchost.exe. I can post this log as well.

thanks for the help

 

[howard_hopkinso]

Looks like you did everything right, except for one thing. You`ve attach the log files in .doc format. I have removed these as .doc files can carry viruses. Please reattach the files as either .log or .txt files.

Regards Howard

This thread is for the use of siso80 only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.