Jump to content
Sign in to follow this  
ZDBP

How to tell if Trojan.Dropper/Win-NV is really gone

Recommended Posts

I ran my weekly scans on my laptop the other day and SAS found and quarantined Trojan.Dropper/Win-NV. Evidently, from what I've read, Trojan.Dropper can leave a little nasty bit behind. How can I be sure this has not happened? I ran both Malwarebytes and Norton Internet Security scans and found nothing. Also, another scan with SAS after quarantine found nothing. Can I rest assured that all is well? I'm not at all experienced with this stuff.

I'm using Windows 7 Home Premium 64-bit, if that's important to know.

By the way, in my scan routine I ran Malwarebyte's first, which came up clean. Then I ran SAS and found the Trojan.Dropper. Is there any chance this was a false positive?

Any help here will be greatly appreciated.

Share this post


Link to post
Share on other sites

Please post the SAS scan log that shows the dropper detection.

Here is the scan log that show the dropper detection:

SUPERAntiSpyware Scan Log

https://www.superantispyware.com

Generated 03/18/2011 at 01:54 PM

Application Version : 4.48.1000

Core Rules Database Version : 6626

Trace Rules Database Version: 4438

Scan type : Quick Scan

Total Scan Time : 00:21:42

Memory items scanned : 617

Memory threats detected : 0

Registry items scanned : 2934

Registry threats detected : 0

File items scanned : 15549

File threats detected : 3

Adware.Tracking Cookie

media.vmixcore.com [ C:\Users\BPS\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BQ7NZRM3 ]

msnbcmedia.msn.com [ C:\Users\BPS\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BQ7NZRM3 ]

Trojan.Dropper/Win-NV

C:\WINDOWS\TEMP\B3EE3CAF-0236-4DE3-9D87-1B5B4E7DB976\UPDATE.EXE

By the way, I couldn't attach the scan log because I got an error message that said "You aren't permitted to upload this kind of file." Why is that?

Share this post


Link to post
Share on other sites

First, your version of SAS is out-of-date. You should update to V4.50.1002. You should be offered the update if you right click on the SAS icon in the notification tray and select "Check for Updates".

Second, I suspect that the detection of Update.exe was a false positive. It was found in your TEMP folder. So the fact that SAS quarantined it will have no negative affect because it was a disposal file that came from some program on your system that had run its updater. Files in your TEMP folder can be deleted because they are temporary files. Unfortunately, the file name Update.exe is used by a lot of programs that do automatic updates. So it is hard to pin down which program on your system was doing the update. SAS may have detected it as a malicious file because it found Update.exe in a folder where SAS does not normally expect it to be.

It would be a good practice to download/install freebie program CCleaner on your system to clean out junk and temporary files prior to running security program scans and to also maintain good system performance. CCleaner can be run frequently to clean junk from your system. Download the SLIM version if you decide to use it. And then run it just before you do an SAS scan. It will also clean out cookies...which your SAS scan found as well.

http://www.piriform.com/ccleaner/builds

http://forum.piriform.com/

By the way, I couldn't attach the scan log because I got an error message that said "You aren't permitted to upload this kind of file." Why is that?

This forum is very restrictive as to what type of files can be uploaded. It does not permit .txt files which is what you attempted to upload. If you had zipped it you could have uploaded it. That said, it is best to copy/paste the scan logs into a post like you did. That way it is quickly viewable by other forum users. And no download is required by the other users to view it.

Share this post


Link to post
Share on other sites

First, your version of SAS is out-of-date. You should update to V4.50.1002. You should be offered the update if you right click on the SAS icon in the notification tray and select "Check for Updates".

Second, I suspect that the detection of Update.exe was a false positive. It was found in your TEMP folder. So the fact that SAS quarantined it will have no negative affect because it was a disposal file that came from some program on your system that had run its updater. Files in your TEMP folder can be deleted because they are temporary files. Unfortunately, the file name Update.exe is used by a lot of programs that do automatic updates. So it is hard to pin down which program on your system was doing the update. SAS may have detected it as a malicious file because it found Update.exe in a folder where SAS does not normally expect it to be.

It would be a good practice to download/install freebie program CCleaner on your system to clean out junk and temporary files prior to running security program scans and to also maintain good system performance. CCleaner can be run frequently to clean junk from your system. Download the SLIM version if you decide to use it. And then run it just before you do an SAS scan. It will also clean out cookies...which your SAS scan found as well.

http://www.piriform.com/ccleaner/builds

http://forum.piriform.com/

This forum is very restrictive as to what type of files can be uploaded. It does not permit .txt files which is what you attempted to upload. If you had zipped it you could have uploaded it. That said, it is best to copy/paste the scan logs into a post like you did. That way it is quickly viewable by other forum users. And no download is required by the other users to view it.

Thank you so much for your reply. I will now routinely run a disk cleaner before future SAS scans and hopefully save myself some anxiety. You mentioned CCleaner, but I have Auslogics BoostSpeed, which includes disk and registry cleaners. I assume that one will do the trick. I might, however, switch to the free CCleaner when my Auslogics subscription runs out.

Also, you mentioned that my SAS was out-of-date. I notice now that the SAS I have on my desktop is out-of-date as well. When I check for program updates I get the message that no updates are available. Do I need to go to the SAS site and just download the newer version?

Share this post


Link to post
Share on other sites
Thank you so much for your reply. I will now routinely run a disk cleaner before future SAS scans and hopefully save myself some anxiety. You mentioned CCleaner, but I have Auslogics BoostSpeed, which includes disk and registry cleaners. I assume that one will do the trick. I might, however, switch to the free CCleaner when my Auslogics subscription runs out.

I've never used BoostSpeed; however, I suspect that it does a pretty good job of cleaning.

Also, you mentioned that my SAS was out-of-date. I notice now that the SAS I have on my desktop is out-of-date as well. When I check for program updates I get the message that no updates are available. Do I need to go to the SAS site and just download the newer version?

Update via the following.

1. Go to the link below and download the SAS Uninstaller Assistant. Save it on your desktop.

https://forums.superantispyware.com/index.php?/topic/1344-superantispyware-uninstallation-assistant/

2. Shut down SAS completely.

3. Now run the SAS Uninstaller Assistant. It will uninstall your old version of SAS and also require a reboot of your computer.

4. Then go to the link below and download/install SAS V4.50.1002.

https://www.superantispyware.com

- Be sure to enter your license key when the installer wizard asks for it if you are running the Professional version of SAS.

- Let it download the latest updates following the installation.

- Set up your desired Preferences

You should be in business with the latest version.

Remember, the "Check for updates" on the main window of SAS only checks for definition updates. If you want to check for program updates, you need to right click on the SAS icon in the notification tray and select "Check for Updates". The "Check for Updates" on the Preferences>Updates tab also checks for program updates.

Also you can delete the SAS Uninstaller Assistant from your desktop once you have uninstalled the old version of SAS. Or save it somewhere in case you need it again.

Share this post


Link to post
Share on other sites

I've never used BoostSpeed; however, I suspect that it does a pretty good job of cleaning.

Update via the following.

1. Go to the link below and download the SAS Uninstaller Assistant. Save it on your desktop.

https://forums.superantispyware.com/index.php?/topic/1344-superantispyware-uninstallation-assistant/

2. Shut down SAS completely.

3. Now run the SAS Uninstaller Assistant. It will uninstall your old version of SAS and also require a reboot of your computer.

4. Then go to the link below and download/install SAS V4.50.1002.

https://www.superantispyware.com

- Be sure to enter your license key when the installer wizard asks for it if you are running the Professional version of SAS.

- Let it download the latest updates following the installation.

- Set up your desired Preferences

You should be in business with the latest version.

Remember, the "Check for updates" on the main window of SAS only checks for definition updates. If you want to check for program updates, you need to right click on the SAS icon in the notification tray and select "Check for Updates". The "Check for Updates" on the Preferences>Updates tab also checks for program updates.

Also you can delete the SAS Uninstaller Assistant from your desktop once you have uninstalled the old version of SAS. Or save it somewhere in case you need it again.

Thanks for all your help, siliconman01. I'm all up-to-date now!!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×