Downloader.small trojan .... need help

T

TX2

I am trying to clean a Win98 system infected with the Trojan
"Downloader.small"

I can't seem to find out much information about how to clean this virus.

The system in question has NAV 2001 installed
(which was, we thought, fully up-to-date)

On Windows start-up, there is an error message concerning a 'memory'
issue with 'loads' of numbers.

NAV will not load as expected, and clicking the shortcut off the start
menu results in the memory error message being displayed.

We tried to install AVG 6, but although AVG finds the virus during the
DOS part of the boot process, we get a similar memory error message when
Windows loads.

AVG reports the infected file as C:\DLOAD.EXE

Both AV's seem unable to clean the virus, with NAV failing to run at
all.

We 'borrowed' a copy of Norton Internet Security 2003, and tried to
install that, but again, it won't load at Windows startup, and now we
have hit a different snag because on trying to uninstall it, Windows
reports that it's running!

We are also unable to run msconfig or regedit, again, the result being a
memory error message.

Help!
 
N

null

I am trying to clean a Win98 system infected with the Trojan
"Downloader.small"

I can't seem to find out much information about how to clean this virus.

The system in question has NAV 2001 installed
(which was, we thought, fully up-to-date)

On Windows start-up, there is an error message concerning a 'memory'
issue with 'loads' of numbers.

NAV will not load as expected, and clicking the shortcut off the start
menu results in the memory error message being displayed.

We tried to install AVG 6, but although AVG finds the virus during the
DOS part of the boot process, we get a similar memory error message when
Windows loads.

AVG reports the infected file as C:\DLOAD.EXE

Both AV's seem unable to clean the virus, with NAV failing to run at
all.

We 'borrowed' a copy of Norton Internet Security 2003, and tried to
install that, but again, it won't load at Windows startup, and now we
have hit a different snag because on trying to uninstall it, Windows
reports that it's running!

We are also unable to run msconfig or regedit, again, the result being a
memory error message.

Help!
Click to expand...

Project VGREP is useful for tracking down info. Here's a result for a
search on downloader.small:

http://www.virusbtn.com/resources/vgrep/vgrep.cgi?terms=downloader.small&product=0

You'll find various alternate malware names and descriptions. Then see
if the file names mentioned in the writeups exist on the affected PC.

Also, there are several alternate av scanners you can try (see my web
site) to see what malware names they come up with. And I have links to
generic methods as well such as KAV's Trojan_Finder which will show
running processes, registry entries and various startup axis files. If
you need help with the latter, post the log file here.

Finally, use a software firewall to identify a port number and app
used by the malware.


Art
http://www.epix.net/~artnpeg
 
T

TX2

[email protected] said:
Project VGREP is useful for tracking down info. Here's a result for a
search on downloader.small
Click to expand...

The actual variant is downloader.small.ad
It has infected the DLOAD.EXE file on C:\

Sorry to act dumb, but i can't figure out what i'm to do on that site
you posted ....

:-/
 
N

null

The actual variant is downloader.small.ad
It has infected the DLOAD.EXE file on C:\

Sorry to act dumb, but i can't figure out what i'm to do on that site
you posted ....
Click to expand...

Well, there is no result when you search downloader.small.ad so it's
likely a new variant. When you click on a vendor's name you are
sometimes led to a description. That's why I sent you there.

So follow up on my other suggestions. Post the log file here produced
by KAV's Trojan_Finder. The downloader Trojans install other Trojans
so there may be several that must be removed.

And try Trend's Sysclean to see what it finds and what it can clean.


Art
http://www.epix.net/~artnpeg
 
T

TX2

Well, there is no result when you search downloader.small.ad so it's
likely a new variant.
Click to expand...

gah ... not good.
So follow up on my other suggestions. Post the log file here produced
by KAV's Trojan_Finder. The downloader Trojans install other Trojans
so there may be several that must be removed.
Click to expand...

OK, but i'm not due back there (to where the PC is) 'till Saturday
The owner has already hinted at a format and reinstall for a variety of
other reasons, so i may not get chance to deal with it.
And try Trend's Sysclean to see what it finds and what it can clean.
Click to expand...

Will do. tnx for the help thus far.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Am I Clean? [iesearch / downloader.small.4.bs] 2
Trojan help 3
Trojan horse.downloader.vb.ec--help! 5
Trojan Downloader.small.6.1 3
Kryptik.AB trojan 2
Trojan Zombie 93
"TROJAN" QUESTION 3
Trojan in Windows Media Player 23

Top