Sign in to follow this  
Derat

Trojan-Downloader.Win32.Small

Recommended Posts

I have run a full thorough scan several times and each Ad-Aware finds "Trojan-Downloader.Win32.Small" When I try to let it do the recommended action, my system locks up.

I have run scans with Avast Free and Superantispyware Free. Both of these applications find nothing.

I have google-d this virus and most of the info is quite old. 2007ish. Can't believe I some how got a virus that old...

****
Technical Details
This Trojan downloads other malicious programs. It is a Windows PE EXE file. It is written in Microsoft Visual C++. It is not packed in any way. The size of infected files may vary from 20KB to 27KB.

Payload
Once launched, the Trojan extracts a file from itself, and saves it to the C:\Windows directory as "inetloader.dll".
****
I have looked for this file to no avail.

Is this a false positive and can I get it to stop?

Thoughts? Suggestions?

Share this post


Link to post
Share on other sites
Hey There DeRat,

I'm sorry that your having issue's with removing this trojan, it's hard for me too say if it's a false positive or not but i can suggest a few things

1. preform a full in safe mode this will help ad-aware remove the infection as it wont be active as safe mode only allows the basic service's to run windows loaded

2. I have linked in my signature the false positive forum where a LS employee can determine if the file is a false positive or not, if it is they will fix it on the next definition file update and if it isn't then i will say you need to make a post in the Hijack this forum which is also linked in my signature and a expert will help you remove the infection, this could be a timely matter so i apologize for that inconvenience

Goodluck

CW

Share this post


Link to post
Share on other sites
[quote name='DeRat' post='123870' date='Nov 24 2010, 11:01 PM']I have run a full thorough scan several times and each Ad-Aware finds "Trojan-Downloader.Win32.Small" When I try to let it do the recommended action, my system locks up.

I have run scans with Avast Free and Superantispyware Free. Both of these applications find nothing.

I have google-d this virus and most of the info is quite old. 2007ish. Can't believe I some how got a virus that old...

****
Technical Details
This Trojan downloads other malicious programs. It is a Windows PE EXE file. It is written in Microsoft Visual C++. It is not packed in any way. The size of infected files may vary from 20KB to 27KB.

Payload
Once launched, the Trojan extracts a file from itself, and saves it to the C:\Windows directory as "inetloader.dll".
****
I have looked for this file to no avail.

Is this a false positive and can I get it to stop?

Thoughts? Suggestions?[/quote]
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA SUPERANTISPYWARETHREE IS A PHONY PROGRAM,,PLEASE REMOVE IT COMPLETELY AND DOWNLOAD MALWAREBYTES ANTI MALWARE AND RUN A FULL SCAN AFTER UPDATEING THE INSTALLATION
ALSO RUN THE ESET NOD 32 ONLINE FREE ANTIVIRUS SCANNER WHICH WILL REMOVE WHAT IT FINDS ALSO.
MALWAREBYTES HAS AN ADVANCED OPTION ALLOWING REMOVAL OF LOCKED UNDELETEABLE UNACCESSABLE FILES(FILE ASSASIN OPTION IN FREE VERSION OF MALWAREBYTES) IF THEY ARE FOUND..inetloader.dll IS MOST LIKELY BURRIED IN THE c:/WINDOWS/SYSTEM32/FOLDER CHECK THERE BUT BE CAREFUL WITH WHAT YOU DELETE THESE ARE SYSTEM FILES and you can damage the windows installation by deleteing valid system objects.ALSO YOUR SYSTEM RESTORE IS MOST LIKELY INFECTED SO THE FILE REINSTALLS WHEN EVER YOU DO A SYSTEM RESTORE..AFTER REMOVING INFECTION PLEASE TEMPORARILLY TURN OFF SYSTEM RESTORE AND RESTART THE SYSTEM//THEN TURN RESTORE BACK ON AND CREATE A NEW RESTORE POINT AS ALL PRIOR INFECTED RESTORE POINTS HAVE BEEN REMOVED

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this