Trojan horse Dropper.Small.24.A0

A

Art

Hi.

Recently some computers have been infected with the following trojan:

http://www.ibbu.nl/~nsprakel/trojan.jpg

"Trojan horse Dropper.Small.24.AO"
(or is it "Trojan horse Dropper.Small.24.A0"?)

While AVG seems to detect it, it can't clean it.
I have scanned and cleaned the pc online using the following webpage:

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

Anyone else out there who has any experience with this trojan?
Click to expand...

Read this Sophos description by clicking on Advanced:

http://www.sophos.com/virusinfo/analyses/w32demotrya.html

See if the rundl32.exe file is in the registry Run key it mentions.
If so, delete the entry and reboot.

I suggest doing a scan with the Kaspersky scan engine via the
KASFX download from my web site.

Art

http://home.epix.net/~artnpeg
 
N

name

Art said:
Read this Sophos description by clicking on Advanced:

http://www.sophos.com/virusinfo/analyses/w32demotrya.html

See if the rundl32.exe file is in the registry Run key it mentions.
If so, delete the entry and reboot.

I suggest doing a scan with the Kaspersky scan engine via the
KASFX download from my web site.

Art

http://home.epix.net/~artnpeg
Click to expand...

Thanks for these suggestions. I don't have access right now to the
computers that might still be infected, but I'll post again in this
thread as soon as I've been able to check the reference to
"rundl32.exe" in the registry and scan them with KASFX.
 
G

Gabriele Neukam

On that special day, name, ([email protected]) said...
http://www.ibbu.nl/~nsprakel/trojan.jpg
Click to expand...

A rundl(no second l)32.EXE in "Documents and Settings"? That's
definitely wrong
"Trojan horse Dropper.Small.24.AO"
(or is it "Trojan horse Dropper.Small.24.A0"?)

While AVG seems to detect it, it can't clean it.
Click to expand...

Did you run AVG in Safe Mode? The "rundl32.exe" has to be inactivated,
ie removed by taskmanager or ingibited by a reboot into Safe Mode,
before Windows will aloow you to remove it.


Gabriele Neukam

(e-mail address removed)
 
N

name

Art said:
Read this Sophos description by clicking on Advanced:

http://www.sophos.com/virusinfo/analyses/w32demotrya.html

See if the rundl32.exe file is in the registry Run key it mentions.
If so, delete the entry and reboot.
Click to expand...

I searched and there is no reference to rundl32.exe anywhere in the
registry anymore.

http://www.ibbu.nl/~nsprakel/rundl32.jpg
I suggest doing a scan with the Kaspersky scan engine via the
KASFX download from my web site.
Click to expand...

eScan AntiVirus Toolkit Utility Ver (4.4.7) doesn't seem to find any
virusses.

Well, I hope everything is fine now... I'll post again if I run into
anything suspicious.

Thanks again for your help.
 
N

name

Gabriele said:
On that special day, name, ([email protected]) said...


A rundl(no second l)32.EXE in "Documents and Settings"? That's
definitely wrong

Did you run AVG in Safe Mode?
Click to expand...

Nope. But I subsequently used the online scanner mentioned in one of my
previous postings in this thread and it did manage to remove the
rundl32.exe file anyway, even though I didn't scan in safe mode.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Trojan horse Dropper.Small.15.0. 1
Trojan horse Generic5.GUH 17
Bizarre browser behavior after a Trojan cleanup 6
**IMPORTANT** Removal of Trojan horse Dropper.Small.6.L 3
Why can't I see infected file in Explorer? 3
Need Help - Trojan Horse Downloader : Dyfica.2.BA 2
Trojan Horse Downloader : Dyfica.2.BA inflected - need help 1
Trojan Horse Downloader : Dyfoca.2.BA inflected - need help 1

Top