# Trojan Dropper



## AlienkittyII (Aug 20, 2009)

Back out of desperation for help. My computer has a trojan dropper virius and I have no clue on how to get rid of it. I did google it and nothing useful came up. Any suggestions?


----------



## ArielMT (Aug 20, 2009)

A couple of questions first.

What OS are you using?

What is the name of the program that said you have a trojan dropper virus?

What is the exact wording of the message, or the exact name of the trojan dropper virus?

A highly effective malware remover, MalwareByte's Anti-Malware (MBAM): http://www.malwarebytes.org/ <-- They have a free version you can use.

The classic spyware remover, Spybot Search&Destroy: http://spybot.info/ or http://www.safer-networking.org/

A second opinion about viruses, Panda ActiveScan: http://www.pandasecurity.com/activescan/ <-- the only thing I recommend IE for, aside from Windows Update and downloading Firefox.  It will remove any viruses it detects, though it will not remove any other forms of malware it detects.  It produces at the end of the scan a detailed report of what it found and where, accessible from the notepad icon at the end of the scan.


----------



## AlienkittyII (Aug 20, 2009)

ArielMT said:


> A couple of questions first.
> 
> What OS are you using?
> 
> ...


 
What is an OS?

Nothing actually told me I had a trojan dropper but I know it is one becasue I keep getting virisus no matter how many times I remove them and it's the same ones again and again.

And I don't remember what my viruis remover called it.

I will try the sites u have suggested to me.


----------



## Runefox (Aug 20, 2009)

OS stands for Operating System - Windows 2000, Windows XP, Windows Vista, Mac OS, Linux, they're all operating systems. What's yours?

What antivirus program are you using, currently?


----------



## AlienkittyII (Aug 20, 2009)

Runefox said:


> OS stands for Operating System - Windows 2000, Windows XP, Windows Vista, Mac OS, Linux, they're all operating systems. What's yours?
> 
> What antivirus program are you using, currently?


 
Spyware doctor and I have windows xp.


----------



## AlienkittyII (Aug 20, 2009)

ArielMT said:


> A couple of questions first.
> 
> What OS are you using?
> 
> ...


 
I am not able to reach the sites you have given me.


----------



## SailorYue (Aug 20, 2009)

http://avg.com/free

download it, and run a FULL computer scan. have it put the viruses and malware cookies in the vault, restart computer then run a se condscan.

i had a antivirus virus on my computer once, and that was how i got rid of it


----------



## AlienkittyII (Aug 20, 2009)

SailorYue said:


> http://avg.com/free
> 
> download it, and run a FULL computer scan. have it put the viruses and malware cookies in the vault, restart computer then run a se condscan.
> 
> i had a antivirus virus on my computer once, and that was how i got rid of it


 
I can't access that one either. I cannot access any free viruis removal sites -_-'


----------



## Runefox (Aug 20, 2009)

AlienkittyII said:


> I can't access that one either. I cannot access any free viruis removal sites -_-'



Looks like you've got something that affects your DNS. Since you're not technically savvy, it's not likely that you can go through with manually removing the threat, either; My recommendation is to backup your important files and reinstall Windows (either with a Windows disc or a recovery CD, depending on the manufacturer of your computer), or to bring it to a shop. In the end, that would prove to be far less of a headache for you.

For the future, SpywareDoctor isn't a virus scanner, and you shouldn't rely on it. In the future, arm yourself with AVG, or even go out and buy Norton Antivirus 2009 or something. In addition, use a different web browser from Internet Explorer, such as Mozilla Firefox, Opera, Safari, or Google Chrome. Either of those browsers will be far more secure.


----------



## fwLogCGI (Aug 20, 2009)

AlienkittyII said:


> I can't access that one either. I cannot access any free viruis removal sites -_-'


http://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html


----------



## ArielMT (Aug 20, 2009)

Are you able to access the Microsoft home page?  http://www.microsoft.com/

If you are, then download and run the Microsoft Malicious Software Removal Tool (MSRT): http://www.microsoft.com/security/malwareremove/default.mspx or http://www.microsoft.com/downloads/...e0-e72d-4f54-9ab3-75b8eb148356&displaylang=en


----------



## AlienkittyII (Aug 20, 2009)

Runefox said:


> Looks like you've got something that affects your DNS. Since you're not technically savvy, it's not likely that you can go through with manually removing the threat, either; My recommendation is to backup your important files and reinstall Windows (either with a Windows disc or a recovery CD, depending on the manufacturer of your computer), or to bring it to a shop. In the end, that would prove to be far less of a headache for you.
> 
> For the future, SpywareDoctor isn't a virus scanner, and you shouldn't rely on it. In the future, arm yourself with AVG, or even go out and buy Norton Antivirus 2009 or something. In addition, use a different web browser from Internet Explorer, such as Mozilla Firefox, Opera, Safari, or Google Chrome. Either of those browsers will be far more secure.


 
My computer doesn't like any of those browsers and I have had terrible experiences with norton.

Are you sure doing a full terminating and complete shutdown will get rid of this?



ArielMT said:


> Are you able to access the Microsoft home page? http://www.microsoft.com/
> 
> If you are, then download and run the Microsoft Malicious Software Removal Tool (MSRT): http://www.microsoft.com/security/malwareremove/default.mspx or http://www.microsoft.com/downloads/...e0-e72d-4f54-9ab3-75b8eb148356&displaylang=en


 


fwLogCGI said:


> http://download.cnet.com/AVG-Anti-Virus-Free-Edition/3000-2239_4-10320142.html


 
All links provided do not work


----------



## Runefox (Aug 20, 2009)

AlienkittyII said:


> My computer doesn't like any of those browsers and I have had terrible experiences with norton.



Well, there's probably reasons behind that - If you've got an infection, chances are it's going to interfere with those browsers along with other software running on your computer.

As for Norton, they only recently got their act together, and their older versions were complete computer-mangling garbage. I'd still recommend AVG, but Norton 2009 doesn't _absolutely suck_ like its predecessors do, so if you needed something that wasn't free (for whatever reason), then it'd do nicely.



> Are you sure doing a full terminating and complete shutdown will get rid of this?



A virus, trojan, and other types of software are exactly that - Software. If you completely wiped your hard drive clean, it would cease to exist on your computer. It can't hide in your video card, or your processor, or anything like that - Only on things like your hard drive, USB drives, etc.

So the short answer is yes, it will indeed get rid of it, as long as you do opt to delete everything from your hard drive when you go to do it.

It's an option of last resort for most, however, so you can try and see if you can get one of those suggestions to work; However, if you're not confident with computers, it might be more convenient to just back up your files and wipe it.

Of course, there's always the option of getting someone who does know about this sort of thing to look at it, either in person or via a program like VNC (which I use a lot for doing work like this remotely).


----------



## ArielMT (Aug 20, 2009)

A format and reinstall (nuke and pave, as my other techs call it) is the only way to restore your computer to a completely trustworthy environment, but there are some other things you can try first.

Go to the store and buy a USB flash drive, one without the yellow U3 logo on it.  Any brand and capacity will do.

Do not plug any flash drive into your own computer, or if you do, do not plug it into anyone else's computer without wiping it of potential malware first.

Borrow a friend's computer, or ask a friend to do this for you.  Point him to this thread here, and ask him to download the programs linked for you onto your flash drive.  File each one in its own folder, or write everything down on a notepad, so that you will remember which program came from which site.

Take the flash drive with the downloaded programs back to your computer, and run the programs to install them.


----------



## ArielMT (Aug 20, 2009)

Also, after you take back your computer from whatever malady is on it now (no matter how you take it back), turn on Automatic Updates and let high-priority updates install, including Internet Explorer 8 and Windows XP Service Pack 3.

You'll find Automatic Updates in the Control Panel: Performance and Maintenance -> System -> Automatic Updates (tab).


----------



## SailorYue (Aug 20, 2009)

http://dw.com.com/redir?edId=3&siteId=4&oId=3000-2239_4-10320142&ontId=2239_4&spi=8eb325388c3ae2dddc4ce3489f90b978&lop=link&ltype=dl_dlnow&pid=11039737&mfgId=10044820&merId=10044820&pguid=8TbEFAoPjAEAAAtsOOwAAACB&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3001-2239_4-10320142.html%3Fspi%3D8eb325388c3ae2dddc4ce3489f90b978%26part%3Ddl-10044820

this is a download link.. clliking it should start a download


----------



## AlienkittyII (Aug 20, 2009)

SailorYue said:


> http://dw.com.com/redir?edId=3&siteId=4&oId=3000-2239_4-10320142&ontId=2239_4&spi=8eb325388c3ae2dddc4ce3489f90b978&lop=link&ltype=dl_dlnow&pid=11039737&mfgId=10044820&merId=10044820&pguid=8TbEFAoPjAEAAAtsOOwAAACB&destUrl=http%3A%2F%2Fdownload.cnet.com%2F3001-2239_4-10320142.html%3Fspi%3D8eb325388c3ae2dddc4ce3489f90b978%26part%3Ddl-10044820
> 
> this is a download link.. clliking it should start a download


 
It still didn't work. something about my connection.

Anyways, i just did a system restore. In doing this, have I bought myslef time or have i gotten rid of it? the warnings no longer show up, but my computer, although is acting better, still does things that it shouldn't when it became infected with this trojan.


----------



## ArielMT (Aug 20, 2009)

What sorts of things?

Are you still unable to access the anti-malware links we provided?  If so, then either you haven't gotten rid of it, or you still have corrupted DNS or Hosts file settings, or both.

SailorYue's link was a redirect to the AVG Antivirus Free Edition download from Download.com.


----------



## AlienkittyII (Aug 20, 2009)

ArielMT said:


> What sorts of things?
> 
> Are you still unable to access the anti-malware links we provided? If so, then either you haven't gotten rid of it, or you still have corrupted DNS or Hosts file settings, or both.
> 
> SailorYue's link was a redirect to the AVG Antivirus Free Edition download from Download.com.


 
No, I still can't get into those sites. So, how do i completely shutdown my computer?

As for that AVG, idk. I downloaded and it tests my connection and then it says something is wrong with it.


----------



## SailorYue (Aug 20, 2009)

try this: open your task manager and go to the processes  tab. go to explorer.exe and click 'end proccess" and say yes to the popup. then go to file ; new process ; and type explorer.exe... its sort of a stand-by restart, without rebooting (which would cause the trojan to reactivate) and see if that helps...

another program that would be great help is true sword... i DLed it and used it aw well as my avg and it got rid of a nasty anoying malware tracking cookie that was harasing me. (just be sure you dont telll truesword to delete important drivers... for some reason it saw that my usb and webcam drivers as broken malware )


----------



## AshleyAshes (Aug 20, 2009)

If the Virus is constructed well enough that it's deflecting certian DNS addresses to keep the user from accessing spyware removal tools, it's likely not going to be removed by some piece of software running while windows going normally.  It likely has stuff to keep it's files in use to keep programs from deleting them and replicating and replacing files.

I suggest downloading ComboFix and using it in SafeMode.  That'll kick some ass. 

http://www.combofix.org/

I've used ComboFix to deal with versions of Vundo that MaleWareBytes couldn't remove.  It's quite effective.


----------



## AlienkittyII (Aug 20, 2009)

AshleyAshes said:


> If the Virus is constructed well enough that it's deflecting certian DNS addresses to keep the user from accessing spyware removal tools, it's likely not going to be removed by some piece of software running while windows going normally. It likely has stuff to keep it's files in use to keep programs from deleting them and replicating and replacing files.
> 
> I suggest downloading ComboFix and using it in SafeMode. That'll kick some ass.
> 
> ...


 
safe mode with networking or safe mode only? and I think it might be better if I  completely just shut the hole thing down if someone will tell me how


----------



## Runefox (Aug 20, 2009)

Actually, doesn't ComboFix require regular mode to work?


----------



## Kangamutt (Aug 20, 2009)

Try this:
http://siri.geekstogo.com/SmitfraudFix.exe

When you get it onto your computer, shut off all of your antivirus (the programme is designed to stop CPU processes while cleaning, and the antivirus will try and stop it), then shut the computer off entirely. Reboot into safe mode without networking. Run the programme and clean the registry.


----------



## AlienkittyII (Aug 20, 2009)

How do i shut down my computer?


----------



## Runefox (Aug 20, 2009)

I'm not sure how I can say this without sounding like an asshole, but there usually is a power button.


----------



## AshleyAshes (Aug 20, 2009)

Runefox said:


> Actually, doesn't ComboFix require regular mode to work?


 
I always run it from safemode. It typically suggests it. I have painful memories of my twin 21" CRTs blasting me with 60hz refresh rate and giving me a headache while running ComboFix to clean up a Vundo.h infection.

SafeMode executes a minimum of system services.  It's good to keep the virus itself from executing and operating while your software is running.


----------



## AlienkittyII (Aug 20, 2009)

Runefox said:


> I'm not sure how I can say this without sounding like an asshole, but there usually is a power button.


 
No, I mean a shut down that will wipe everything out. turning it off then back on does nothing as I have done that 10 times already.


----------



## ArielMT (Aug 20, 2009)

If you have restore points pre-dating the infection, then you can try System Restore to those points.

Also, because what was downloaded was the AVG downloader, which has to contact the AVG site blocked by whatever's wrong, try this instead.  It's a huge download, 65.4 MB, but it's the entire AVG Free Edition installation package and virus/spyware definitions in one file, and it's the very latest build as I post.

-----==(/)==-----

http://www.softpedia.com/progDownload/AVG-Free-Edition-Download-6858.html

-----==(/)==-----

The file offered is the same as the one at http://www.avg.com/filedir/inst/avg_free_stf_en_85_409a1634.exe 



AshleyAshes said:


> I always run it from safemode. It typically suggests it. I have painful memories of my twin 21" CRTs blasting me with 60hz refresh rate and giving me a headache while running ComboFix to clean up a Vundo.h infection.
> 
> SafeMode executes a minimum of system services.  It's good to keep the virus itself from executing and operating while your software is running.



That depends on the malware you're fighting against.  I've seen a disturbing trend for the nastier varieties of XP malware to be able to run in Safe Mode.


----------



## AlienkittyII (Aug 20, 2009)

ArielMT said:


> If you have restore points pre-dating the infection, then you can try System Restore to those points.
> 
> Also, because what was downloaded was the AVG downloader, which has to contact the AVG site blocked by whatever's wrong, try this instead. It's a huge download, 65.4 MB, but it's the entire AVG Free Edition installation package and virus/spyware definitions in one file, and it's the very latest build as I post.
> 
> ...


 
No good. those links are blocked to. and I have no good restore points to use. now will someone please tell me how to wipe out my computer's memory and hard drive.


----------



## SailorYue (Aug 20, 2009)

if its a laptop there should be a program to do a whole system restore. 

if its a desktop your computer should have come with a set of dvd-cds that you put in the computers dvdrom drive at the start up.


----------



## AlienkittyII (Aug 20, 2009)

SailorYue said:


> if its a laptop there should be a program to do a whole system restore.
> 
> if its a desktop your computer should have come with a set of dvd-cds that you put in the computers dvdrom drive at the start up.


 
it's a laptop. i don't know where to find that.


----------



## Duality Jack (Aug 20, 2009)

For a second I thought this was about a new line of condoms <_< not a joke.


----------



## ArielMT (Aug 20, 2009)

You will lose all your files if you do this, but here's how.

Your computer should've come with a set of CDs, one of which is either the system recovery CD, the factory restore image CD, or the Windows XP installation CD.

Place that CD in your CD drive (or the first one if it says it's a set of CDs), then restart your computer normally.  Instead of starting up normally, you'll be prompted through the installation or restoring of your computer to fresh-from-the-factory condition.

If your system did not come with a set of CDs for this purpose, then you will have to see if it is on a recovery partition on your hard disk.  Usually, it's accessed by pressing the F11 key just after turning the PC on, and just keep mashing it until something other than a normal Windows start-up happens.

Your PC may have also come with a book which tells how to use it.  That book should also tell how to restore your PC to the way it was when you bought it.

If it's not a major brand PC, or if it's one that someone built for you from scratch, then you should talk to them about how to format and reinstall Windows.

Again, following any of the directions in this post will delete everything, good and bad.


----------



## Rel (Aug 20, 2009)

ArielMT said:


> You will lose all your files if you do this, but here's how.
> 
> Your computer should've come with a set of CDs, one of which is either the system recovery CD, the factory restore image CD, or the Windows XP installation CD.
> 
> ...


Or you can try system restore, which will most likely get rid of the virus.

System restore will replace all of your system components with ones at an earlier date (like when you got the computer) which should get rid of the virus, unless it has expanded farther, then you should take ArielMT's advice with a complete flush.


----------



## ArielMT (Aug 21, 2009)

Search Google for the brand and model of your laptop as search terms, along with the words "factory restore" or the words "reinstall xp" as terms, and whoever posted instructions should float to the top.

Post the brand and model of your laptop if you're not finding anything useful.



Rel said:


> Or you can try system restore, which will most likely get rid of the virus.
> 
> System restore will replace all of your system components with ones at an earlier date (like when you got the computer) which should get rid of the virus, unless it has expanded farther, then you should take ArielMT's advice with a complete flush.



She already posted that she doesn't have any more restore points to try.


----------



## Rel (Aug 21, 2009)

ArielMT said:


> She already posted that she doesn't have any more restore points to try.


Wow, i guess im blind lol.

Anyway, she could download a virus scanner off a different computer, transfer it, and try that before she resets the whole computer. (unless i missed that also)


----------



## AlienkittyII (Aug 21, 2009)

Rel said:


> Or you can try system restore, which will most likely get rid of the virus.
> 
> System restore will replace all of your system components with ones at an earlier date (like when you got the computer) which should get rid of the virus, unless it has expanded farther, then you should take ArielMT's advice with a complete flush.


 
I tried that. It didn't work.



ArielMT said:


> You will lose all your files if you do this, but here's how.
> 
> Your computer should've come with a set of CDs, one of which is either the system recovery CD, the factory restore image CD, or the Windows XP installation CD.
> 
> ...


 
Yes I still have my restore cds. And I have nothing important saved on here so I am ok with losing all my files.


----------



## Rel (Aug 21, 2009)

AlienkittyII said:


> Yes I still have my restore cds. And I have nothing important saved on here so I am ok with losing all my files.


Then you should pop it in, reinstall the OS, and you should be fine. 



SailorYue said:


> if its a laptop there should be a program to do a whole system restore.
> 
> if its a desktop your computer should have come with a set of dvd-cds that you put in the computers dvdrom drive at the start up.



Also this isn't true, all _retail_ computers come with the OS CD.


----------



## SailorYue (Aug 21, 2009)

meh, my mom has a emachines, and until she got a new HD she had a  set of 3 cds.

all i know is that your suposed to put the cds in the DVD drive


----------



## Kangamutt (Aug 21, 2009)

Poet said:


> For a second I thought this was about a new line of condoms <_< not a joke.



No, that's the thing you pop a quarter in for one in the men's room. 


On topic: Have disks, don't have anything worth saving, go ahead, pop it in, and get a fresh start. Be sure you have all the necessary drivers on a flash drive or CD, and be careful what you download next time, 'kay?


----------



## ArielMT (Aug 21, 2009)

Kangaroo_Boy said:


> On topic: Have disks, don't have anything worth saving, go ahead, pop it in, and get a fresh start. Be sure you have all the necessary drivers on a flash drive or CD, and be careful what you download next time, 'kay?



If it's a set of factory restore disks, then she's good to go as far as drivers are concerned.  They're built into the image.

On a slight tangent, newer notebooks are so skimpy that they don't come with restore disks.  You have to buy blanks and use a program to burn your own copies.


----------



## AlienkittyII (Aug 21, 2009)

Thankyou all so much for your help. My computer is back to its old self and I was able to get the AVG anti-virius downloaded. I also now have mozilla firefox as my web browser. Any other suggestions to help prevent further issues I would be glad to hear them.


----------



## KaiFox (Aug 21, 2009)

AlienkittyII said:


> Thankyou all so much for your help. My computer is back to it's old self and I was able to get the AVG anti-virius downloaded. I also now have mozilla firefox as my web browser. Any other suggestions to help prevent further issues I would be glad to hear them.


 
I'd get rid of Spyware if I were you.  That's what my family's desktop used to have and we got three viruses over a span of a year, each time resulting in losing all of our files.  We're currently in the process of getting it sorted out for the third time.

I use Kaspersky for my laptop, and the thing works like a charm, practically operates on its own and I haven't had anything corrupting my computer yet.  I approve of Kaspersky.


----------



## SailorYue (Aug 21, 2009)

FF addons that are adblocks:

(IMO adblock plus sucks)
Foof
adblocker 0.6.5
betterprivacy it delets iso cookies when you close firefox... dunno what i t means, but it keeps FF runningquickly)

there are other addons you can use to change the look of FF (make it nice looking rather than the ugly grey) and other stuff. (theres one that hides the menubar) etc


----------



## ArielMT (Aug 21, 2009)

Turn on Automatic Updates, and double-check with Windows Update that you have whatever high-priority updates are available.

If you'd rather not deal with Windows Genuine Advantage (WGA), then skip Windows Update and rely on Automatic Updates.

Definitely get IE8, even if you never want to touch IE again.

As far as Firefox extensions go, I recommend NoScript.  It lets you selectively control JavaScript and plug-ins, so that they run only on the Web sites you trust.


----------



## Rel (Aug 21, 2009)

ArielMT said:


> Turn on Automatic Updates, and double-check with Windows Update that you have whatever high-priority updates are available.
> 
> If you'd rather not deal with Windows Genuine Advantage (WGA), then skip Windows Update and rely on Automatic Updates.
> 
> ...


Does NoScript have a subscription list like Ad Block or is it manual? I was considering getting it, but meh, it doesn't hurt to ask.


----------



## yiffytimesnews (Aug 21, 2009)

When in doubt wipe your hard drive and reinstall Windows


----------



## ArielMT (Aug 21, 2009)

In every software repair job I do, format and reinstall is the absolute last resort.  It's what's done when absolutely everything else has failed.

Also, I forgot to mention something about Windows Update (aside from the WGA requirement):  You need only the high-priority updates.  You do not need any optional hardware or software updates, and you should not choose any of them, unless you know for certain that you want them.

Also, for antivirus applications, I've heard good things about Kaspersky.  The only support call I ever took regarding it was a request from a customer to install it for him.  But it's not free, and there's no free edition.



Rel said:


> Does NoScript have a subscription list like Ad Block or is it manual? I was considering getting it, but meh, it doesn't hurt to ask.



No, it's manual.  NoScript does have a very small list of trusted sites, which you can see by choosing the Whitelist tab in NoScript options.  Here's the list as of the last time I initially installed it:

```
addons.mozilla.org
flashgot.net
google.com
googlesyndication.com
hotmail.com
informaction.com
live.com
maone.com
msn.com
noscript.net
passport.com
passport.net
passportimages.com
yahoo.com
yimg.com
and the about:, chrome:, and resource: built-in protocols.
```

You have to click on a button and choose from a menu what domains you want to allow scripting from, but you have the choice of allowing domains either permanently or temporarily.  There's no built-in list or subscription of domains; with the exception of this list, NoScript assumes that you want scripting completely disabled except for the sites that you personally trust.

Edit:  The NoScript extension itself, however, is updated very frequently, and Firefox always finds it in its occasional check for extension updates.


----------



## ArielMT (Aug 22, 2009)

Final suggestion.

If you haven't gotten rid of all the trialware crap that the factory restore put back on your PC yet, go get the PC Decrapifier.


----------



## AlienkittyII (Aug 22, 2009)

ArielMT said:


> Final suggestion.
> 
> If you haven't gotten rid of all the trialware crap that the factory restore put back on your PC yet, go get the PC Decrapifier.






ArielMT said:


> In every software repair job I do, format and reinstall is the absolute last resort.  It's what's done when absolutely everything else has failed.
> 
> Also, I forgot to mention something about Windows Update (aside from the WGA requirement):  You need only the high-priority updates.  You do not need any optional hardware or software updates, and you should not choose any of them, unless you know for certain that you want them.
> 
> Also, for antivirus applications, I've heard good things about Kaspersky.  The only support call I ever took regarding it was a request from a customer to install it for him.  But it's not free, and there's no free edition.



thanx again.


----------



## ArielMT (Aug 22, 2009)

On behalf of the Bits and Bytes board and everyone who posted here, you're welcome.


----------

