|
|
Reply
| |
It's a great thing to have my computer get automatically scanned and quarantined. I cam home from the hospital and there was an alert ticker saying that there an infection detected and it was a trojan dropper. Luckily it never made it's way all the way thru my system and was automatically deleted/quarantined. Here is a definition of the virus and how it can be deleted. This report was made/publised by Symantec Security Responses Discovered on: February 02, 2000 <TIME> | Last Updated on: November 04, 2003 11:10:26 AM | <FORM name=tafform action=http://www.symantec.com/avcenter/cgi-bin/taf.cgi method=post target=_blank><INPUT type=hidden value=Trojan_dropper name=title> <INPUT type=hidden name=lang> <INPUT type=hidden value=trojan.dropper.html name=fname></FORM> Trojan dropper is a Trojan Horse that drops Trojan Horses or Backdoor Trojans onto an infected computer. | |
The Trojan droppers are similar to an installer, but they only drop Trojans or backdoors, and then executes them. Hackers and Trojan writers usually write the Trojan droppers.
The following instructions pertain to all current and recent Symantec antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines. - Disable System Restore (Windows Me/XP).
- Update the virus definitions.
- Restart the computer in Safe mode or VGA mode.
- Run a full system scan and delete all the files detected as Trojan dropper.
For specific details on each of these steps, read the following instructions.
1. Disabling System Restore (Windows Me/XP) If you are running Windows Me or Windows XP, we recommend that you temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer.
Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on your computer, even after you have cleaned the infected files from all the other locations.
Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.
For instructions on how to turn off System Restore, read your Windows documentation, or one of the following articles: Note: When you are completely finished with the removal procedure and are satisfied that the threat has been removed, re-enable System Restore by following the instructions in the aforementioned documents.
For additional information, and an alternative to disabling Windows Me System Restore, see the Microsoft Knowledge Base article, "Antivirus Tools Cannot Clean Infected Files in the _Restore Folder," Article ID: Q263455.
2. Updating the virus definitions Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
- Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate, refer to the Virus Definitions (LiveUpdate).
- Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater, refer to the Virus Definitions (Intelligent Updater).
The Intelligent Updater virus definitions are available: Read "How to update virus definition files using the Intelligent Updater" for detailed instructions. 3. Restarting the computer in Safe mode or VGA modeShut down the computer and turn off the power. Wait for at least 30 seconds, and then restart the computer in Safe mode or VGA mode. - For Windows 95, 98, Me, 2000, or XP users, restart the computer in Safe mode. For instructions, read the document, "How to start the computer in Safe Mode."
- For Windows NT 4 users, restart the computer in VGA mode.
4. Scanning for and deleting the infected files - Start your Symantec antivirus program and make sure that it is configured to scan all the files.
- Run a full system scan.
- If any files are detected as infected with Trojan dropper, click Delete.
Write-up by: Gor Nazaryan
|
|
First
Previous
2 of 2
Next
Last
|
|
Reply
| |
Now that most colleges & universities are out for summer there will be alot more of these being written for some reason the last couple of really big viruses that were written were done so by 16, 17 & 18 year old script kiddies with nothing better to do with their time. The good thing is that all they are doing is making variations of old viruses so if you keep your anti-virus software updated you should be realtively safe. Nothing with viruses is ever foolproof so just be careful when opening e-mail attachments even if it's from someone you know and trust because some of these are written to copy your e-mail address book and automatically send itself to those people so it looks like its coming from someone you know. The best thing is to make a copy of any important documents, pictures etc.... so that if anything really bad happens you always have it saved. True story--guy came into work and his 80 gb harddrive had failed he had 3 years woth of documents for grad school (he was due to graduate in June) along with music from various sources and pictures. The information could be seen but not transfered, he took the harddrive to a data restoration specialist who wanted to charge him $100 per gig to retrieve the last 3 years of this guys life--he was so desperate that he paid the $8000 and the only thing they were able to really retrieve was about 50% of the data mostly his pictures the guy is now repeating the last year of grad school. People don't realize that computers are mechanical & electrical and like everything else eventually they will break and they can break at anytime, any place--brand new or 3 years old. Just be wise if you save alot of important stuff on your computer. |
| |
|