Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Dropper.SuperCool

jorgen

By jorgen
in IObit Security 360

Recommended Posts

wozofoz Newbie

wozofoz

Posted
Posted

I guess this is it

 

I just did a full scan with Security 360 RC and here is the Report:

 

IObit Security 360

 

OS:Windows XP

Version:0.4.0.20

Define Version:1155

Time Elapsed:3/09/2009 10:31:03 PM

Objects Scanned:67343

Threats Found:1

 

|Name|Type|Description|ID|

Dropper.SuperCool, File, C:\System Volume Information\_restore{D24A3BE8-4CBB-48D0-81AD-ACAFA6A6C48B}\RP191\A0064399.exe, 12-979

 

 

I have Removed > Quarrantined it.

 

All the best, woz of oz

Link to comment
Share on other sites
333halfevil Newbie

333halfevil

Posted
Posted
A trojan dropper is usually a standalone program that drops different type of standalone malware (trojans, worms, backdoors) to a system. A typical trojan dropper is a file that contains a few other files compressed inside its body. When a trojan dropper is run, it extracts all files it contains to some folder (usually temporary folder) and runs all of them simultaneously. In many cases trojan droppers contain innocent files or multimedia files to disguise malicious activities.

 

Trojan droppers are usually created by special programs called 'joiners'. These programs allow to customize functionalities of a trojan dropper and to add as many files as needed into the package.

 

Some trojan droppers extract components directly to memory and activate them there. In this case anti-virus software is not able to detect dropped malware, so detection of the whole trojan dropper package is added.

 

The type of trojan that the piece of malware dropped is called Supercool, therefore it is classified as a dropper :smile:

Link to comment
Share on other sites
wozofoz Newbie

wozofoz

Posted
Posted

I deleted SuperCool from the Security 360 Quarratine

I did another Security 360 full Scan and there were no nasties at all.

I also did a SpyBot S&D plus SuperAntiSpyWare plus Avast. All gave me a clean result.

 

I turned Off System Restore which deleted all my restore points.

I turned System restore back On (I want to use System Restore) and there was just the one restore point created.

 

Is that ok ? Should I have done a ReStart after turning System restore Off and before turning it back On again ?

Thanks for your help :smile:

 

All the best, woz of oz

Link to comment
Share on other sites
enoskype Newbie

enoskype

Posted
Posted

Hi wozofoz,

 

You have done it OK.

It is always a good practise to have preferably a clean System Restore Point before Restart.

After restart, you can turn it OFF again and then turn it ON to have only one restore point. (You have to create one yourself for Vista and Win7.)

Link to comment
Share on other sites
wozofoz Newbie

wozofoz

Posted
Posted

Thanks all

 

Thanks for the confirmation and extra tips enoskype and thanks also to 333halfevil and 肥皂泡脑袋 肥皂泡脑袋 :-)

 

This was my first ever genuine nasty and I must admit it was a bit exciting but I'm glad it's over and done with.

 

Thanks to IObit, the real Super Cool software :-D

 

EDIT: One more question please.

When a trojan dropper is run, it extracts all files it contains to some folder (usually temporary folder) and runs all of them simultaneously.

How would a trojan dropper normally be run ?

Would the user have to run it like any other .exe file or does it have it's own way ?

 

All the best, woz of oz

Link to comment
Share on other sites
333halfevil Newbie

333halfevil

Posted
Posted
Thanks for the confirmation and extra tips enoskype and thanks also to 333halfevil and 肥皂泡脑袋 肥皂泡脑袋 :-)

 

This was my first ever genuine nasty and I must admit it was a bit exciting but I'm glad it's over and done with.

 

Thanks to IObit, the real Super Cool software :-D

 

EDIT: One more question please.

 

How would a trojan dropper normally be run ?

Would the user have to run it like any other .exe file or does it have it's own way ?

 

All the best, woz of oz

 

Trojan droppers usually hide behind safe files. This means that they have copied their piece of malicious code and hidden it in a safe program, making it harder for antimalware software to detect it. A trojan dropper can be in any format, but yes mainly *.exe's.

Link to comment
Share on other sites
Maxxwire Newbie

Maxxwire

Posted
Posted
This was my first ever genuine nasty and I must admit it was a bit exciting but I'm glad it's over and done with.

 

wozofoz- I've seen demonstrations where these Trojan droppers were purposely downloaded into a sandboxed Browser and you can actually see them as they prolifically copy malicious code to what they think is the compter completely unaware that they are in Virtual Sandbox located on a completely isolated section of the computer's hard drive. The best part is when the sandbox is deleted and 100% of the Malware along with all the other changes that were not intentionally saved to the computer by the operator are instantly eliminated as though they never existed.

 

These days I never go on line without by Browser being protected by the freeware Sandboxie program which is running on my computer for 3.3 MB as I type this.

 

Prevention is the most effective Cure!

 

~Maxx~

Link to comment
Share on other sites
Maxxwire Newbie

Maxxwire

Posted
Posted

http://i468.photobucket.com/albums/rr44/Maxxwire_Photos/Album%202/3_sandbox3-1.jpg

 

wozofoz- This very simple and yet amazingly effective 569 KB freeware program has improved the protection of my computer more than any other program I have installed regardless of size and complexity and I start each one of the 3 Browsers which I might be using in Sandboxie before venturing out on the internet each day.

 

http://i468.photobucket.com/albums/rr44/Maxxwire_Photos/Album%202/ImmediateRecovery.png

 

This is the Sandboxie Immediate Recovery message that I got moments after downloading the picture above into the Virtual Sandbox. With Sandboxie you will not have to be concerned with things getting into your computer without your prior approval.

 

~Maxx~

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...