Trojan Dropper? Read details, what do I do?

Question

Yesterday I opened a link that I think its the problem. Now everytime Windows starts, Windows Messenger would start up followed by a Program Alert from Norton Internet Security asking whether to allow services.exe. If I allow it, Norton antivirus would detect the virus, Trojan Dropper.

The same thing would happen again every time the comp. starts up

Answer 1

That Trogan is lodged in your Registry. Delete first, then pick an earlier date before the Trogan arrived in your System Restore. Then restore and reboot, that SelfHealing registry that activates the trogn will be GONE

Answer 2

(1) Get you self a good antivirus or a free one if your present anti virus is not protecting you .
(2) If you have not already scanned your comp with spybot do that now .Update it and then run it so it gets rid of all the spyware and trojans in safe mode
(3a) Do an online virus scan to check if you still have any other viruses in your computer. And let us know if the online virus scan still finds any virus or spyware .

Answer 3

Trojans are not Viruses or spyware. They are a completely independent form of Malware. This is why most Antivirus and Antispyware programs cannot remove them.

To most AV and AS programs, a Trojan looks like a safe piece of software. The AV and AS allow it to enter your computer. Once on your computer it starts doing its job by downloading other malware on your computer like Worms, adware etc.. See the comparison to the Trojan Horse of myth? Once the Trojan starts doing its job, the AV and AS programs then recognize it. Too late, the damage is done.

When you have a "heart attack" you want a Cardiologist to treat you, not a Proctologist. The same goes to Malware on your computer. Some programs specialize in certain types of Malware. ewido (also called AVG Antispyware) specializes in Tojans. It is the best Trojan removal program available.

Not only is it important to use the proper program, it is important to use a procedure to allow the program access to all areas of your computer for proper removal. Trojans are written so parts are hidden in areas that are not normally scanned when your computer is in 'Normal Mode'. Your AV or AS may remove the malware the Trojan downloaded, but because it is hidden, the Trojan is not removed. The Trojan then downloads the Malware again, and keeps doing it until it is removed.

This procedure is a general procedure and should be used for any Malware infection. You can use any type of AV or AS program with it.

I also recommend you run your Nortons using this procedure.

Download and Update Ewido (now called the AVG Antispyware). Do not run:

http://www.ewido.net/en/download/

TEMPORARILY SHOW HIDDEN FILES AND FOLDERS.

1. Click Start, and then click Control Panel.

2. Click Appearance and Themes, and then click Folder Options.

3. On the View tab, under Hidden files and folders, click "Show hidden files and folders", and clear(uncheck) the "Hide protected operating system files" check box.

IMPORTANT: Files are hidden by Windows for a very good reason. It is not wise to experiment with these files. Unfortunately, to successfully remove modern spyware we must turn this protection off temporarily. Please turn the protection back on when you have finished cleaning your system.


EMPTY INTERNET EXPLORER BROWSER CACHE:

1. On the Internet Explorer Tools menu, click Internet Options.

2. On the General tab, in the Temporary Internet Files section, click the Delete Files button. Select the Delete all offline content check box in the confirmation dialogue box that appears, click OK. Click OK again.

RESTART IN SAFE MODE:

To do this you need to hold down or repeatedly tap the F8 key while the computer is booting (when the computer is displaying a black screen with white text). When the boot menu appears, use your keyboard arrows to select "Safe Mode."

Safe Mode can look quite ugly. The color may look bad, and all of your desktop icons will be very large. This is normal.



START THE SCAN WITH YOUR PROGRAM.



When the scan and removal are completed REBOOT COMPUTER. This will restart you in normal mode.

RESET HIDDEN FILES AND FOLDERS.

The RESTORE POINTS may be infected with the Malware and cannot be used. Delete the old one(s) and make a new one.

CLEAR OLD RESTORE POINT(S). HERE'S HOW:

1. Click Start, and then click Control Panel.

2. Click Performance and Maintenance, click System, and then click on the System Restore tab.

3. Select the Turn Off System Restore check box, click Apply, then restart your computer.

4. Return to the System Restore Tab and turn System Restore back on.


TO SET A NEW RESTORE POINT:

1. Click the Start button.

2. Point to Programs, then navigate to Accessories, then System Tools, then click System Restore.

3. Choose Create a restore point, and then click Next.

4. In the Restore point description box, type a name for your restore point, and then click Next.

5. Click OK.

NOTE: If you are using Windows XP Service Pack 2 (SP2) and are unable to access the Internet after removing Malware, there is a command that may fix the problem. It works by resetting the winsock catalogue. Click on Start, then Run and type CMD in the box. Click OK. Type "netsh winsock reset" (no quotes)into the DOS window that appears.

Answer 4

I would run the 3 scans below to rid your computer of the infections.



Update and run your Anti-Virus program. Don't have one? You can run a free online scan from CA.

http://www3.ca.com/securityadvisor/virusinfo/scan.aspx


Download, update and run Spybot---http://www.safer-networking.org/ . Don't forget to use the Immunize feature.


Download, update and run Adaware---http://www.lavasoftusa.com/software/adaware/products/select_your_product.php

Answer 5

If Norton detected it it should remove it. But if it doesn't, try downloading Avast! from www.download.com

Avast! worked wonders on my PC.! Its free and reputable!

Good luck! =]