Trojan.Drooper
Terry Pinnell
threat which my various 'anti-malware' programs protect me against, so
the following is probably embarrassingly obvious!
I regularly run Adaware SE and Spybot, and did so this morning. No
threats were detected.
I have BHO Demon running, 'in residence'. No new entries have
appeared.
I have Norton AntiVirus auto-protect enabled, and very rarely see
anything from it. But at some point (actually it was while I was
running Spybot, but I was doing other things too) I got this:
Norton AntiVirus has detected a virus on your computer.
Object Name: C:\WINDOWS\iun6002.exe
Virus Name: Trojan.Dropper
Action Taken: Unable to repair this file... it has been quarantined.
Could the experts here please advise me:
1. What is this trojan and where is it likely to have come from?
2. Why didn't Spybot report it?
3. Does AdAware not detect trojans?
4. Can I go one step further than this 'quarantining', and get it off
my PC completely?
Much appreciate any advice please.
--
Terry, West Sussex, UK
Panda_man
> Object Name: C:\WINDOWS\iun6002.exe
> Virus Name: Trojan.Dropper
> Action Taken: Unable to repair this file... it has been quarantined.
>
> Could the experts here please advise me:
> 1. What is this trojan and where is it likely to have come from?
Trojans comes from downloading bad softwares.
> 2. Why didn't Spybot report it?
> 3. Does AdAware not detect trojans?
Both SpyBot S&D and Ad-Aware SE Personal
detects chosen trojans,not all,because trojans are viral problems.
SpyBot + Ad-Aware detects spywares/adwares/hijackers and spy stuff like this.
> 4. Can I go one step further than this 'quarantining', and get it off
> my PC completely?
Delete the quarantee ,but keep in mind that when you remove the quarantee,
you'll destroy the program that uses it.
You can see removable instructions on the link above
Goto Start-Settings-Control Panel-Add/Remove programs and remove any
unwanred programs,suspicious programs and programs recently installed that
are suspicious to you.
----------------------
You may have a look at these protection steps,offered by me:
| PROTECT YOUR COMPUTER
AND THE INFORMATION STORED ON IT |
Microsoft suggest 3 +1 steps general steps to help protecting your
computer.Here they are plus some additional !
1. Firewall ON
It is very important to know that you REALLY SHOULD
use only one firewall (to prevent software conflict ) !!!
Firewall is a protective barrier between your PC and the outside world.
It protects you from hackers and other intruders from gaining
remote access to your PC and also from viruses and network worms (like
Sasser).
It also makes your PC invisiable for hacker softwares and
even if hackers find your PC it will block the attack.
Firewalls scans all your incoming (or outgoing) traffic and
immediately block it if it is unsolicated.
** Windows XP **
has integrated firewall -
Internet Connection Firewall (ICF) for SP1 and
Windows Firewall (WF) for SP2
>> Windows Firewall (for SP 2)
is full firewall ,suitable for all kind of users and connections.
Windows Firewall is designed especially for home users with
not very big computer literacy and that's why it works almost
automatically,asks rarely !
When using it,check the Exception list .
If you are home user and do not want to play network games,exchange files
over chat
or you are connected to internet via none/less secure server, you can check
" Don't allow exception "
This guarantees you maximum protection!
Start - Settings - Contol Panel - Windows Firewall .See its settings.
>>>Users with no Service Pack or with SP 1 you should upgrade to SP 2
because ICF is partial firewall made for direct internet connection only
** Windows versions different from XP **
They do not have integrated firewall and they are not protected
from hackers and intruders,network viruses and etc.
They MUST use software firewall.So choose one firewall
You may get Zone Alarm personal (free) from :
http://www.zonelabs.com
2. Windows Updates ON
Windows Updates can protect your PC from different OS vulnerabilities and
security threats.
** Windows XP and ME **
| Critical updates |
Automatic Updates ON
Right click on My computer - Properties - Automatic Updates -
Download updates automatically but let me choose when to install them
** Different form XP and ME **
| Critical updates |
Automatic updates are not offered
Manually download critical updates
Start – Windows Update or http://windowsupdate.microsoft.com
** All Windows Versions **
| Optional updates |
Because of the fact Automatic updates downloads only critical updates (they
are the most important),
regularly visit http://windowsupdate.microsoft.com
and download some of the optional software and hardware updates available.
3. Virus Protection ON
Antivirus Software can protect you from viruses,worms,trojans and other
security threats
>> Always use the latest version of your program and update it at least every two days.
The more often you update it ,the higher protection for new threats you have.
>> Make sure it has real-time scanner which is enabled
>> Make sure all security settings are turned ON
(e.g. scanning All files,scanning compressed files,mail scanning,
disinfecting, heuristic scan,behaviour analyze
or detecting spyware,hacking tools, jokes and so on…..)
Use only 1 av software .More than one may cause your PC
problems because of the permanent protection ! ! !
Other : List with all Microsoft Anti-virus partners
http://www.microsoft.com/security/partners/antivirus.asp
| PROTECT YOURSELF AND YOUR PRIVACY |
1. Spyware protection ON
>> Spybot Search & Destroy
http://www.safer-networking.org/microsoft.en.html
>> Ad-Aware SE Personal
http://www.lavasoftusa.com/software/adaware
>> Microsoft Antispyware
http://www.microsoft.com/athome/security/downloads/default.mspx
These 3 programs(all free) are the most famous
in the world and ,of course,are the best.
Using two of them guarantees you very ,very good protection !
2. Manage your Internet Settings
Start->Settings->Contol Panel->Internet Options
| On the General tab |
Delete all temporary internet files,cookies,history ( often do this)
| On the Security tab |
Make sure the Internet level is Medium.Check other levels
| On the Privacy tab |
Make sure the level is Medium High.
| On the Content tab |
Goto Auto complete
Delete(clear) forms and passwords and check the settings
3. Use a pop-up blocker
Internet Explorer 6 with XP SP 2 has integrated pop-up blocker
However ,if you are not XP SP 2 user ,or you are without IE 6
get the Free MSN Tool Bar that has pop-up protection
http://toolbar.msn.com
3.1 MSN toolbar
This toolbar become more useful everyday
It has either pop-up blocker and also Anti-Phising filter
Recently Microsoft had established this Anti-phishing filter
as an add-in for the Toolbar
http://toolbar.msn.com to get the toolbar
http://toolbar.msn.com click on Add-ins and search for the Anti-Phishing
4. Other
4.1
( Depending on your mail program -> this below is for Outlook Express )
Open Outlook Express
Tools - Options - Security
Make sure you have checked these:
` Warn me when...
` Do not allow...
4.2
Create free web-based mail
Lots of free web-based mail accounts exist.
You may create one in Hotmail , Yahoo , Gmail or Mail.RU
They are all for free with a lot of space and intergrated SPAM and Virus
protection
Yahoo.co.uk and Mail.ru offer free POP 3 / SMTP /HTML access
so you may use them with Outlook Express
4.3
Think first , then click !!!
Nothing can protect the computer from its user.
Even though you could have firewall,av software,
antispyware software and all updates downloaded,
you are not protected 100 %.NOTHING guarantees you 100 % protection.
So if you don't know what exactly to do and when to do it,you'll probably
fall a victim
of a virus , spyware or hacker.
You can find it ridiculous,but it is true! :-)
BE CAREFUL which sites you visit
BE EXTREMELY CAREFUL what you install,especially free or shareware software.
ALWAYS check everything you download from internet with AV and AS software.
4.4
Be aware of SPAM messages and especially PHISHING !!!
Spam messages are unsolicated mail.You really do not want them !
In most cases SPAM is just annoying,however PHISHING is a type of spam that
is
is really dangerous.Someone unknown sends you a messages,which is
trying to get personal information,such as bank account number
and passwords ! That's why :
NEVER give your email and/or passwords to strangers.
Don't post your mail or passwords in forums and chats.
NEVER read email messages from people you don't know. Just delete
them!!!
NEVER answer to strangers or even open the attachments,if any !!!
Delete the mail !
NEVER follow links in email from stranger and in mail that you
doubt and do not trust !
For more info about SPAM / Phishing visit
http://www.microsoft.com/athome/security -> Email section
4.5
Regularly :
> Run Disc clean-up (with all checked)
Start - Programs - Accessories - System Tools - Disc Clean-up
> Check all hard drives for errors
> Back-up all your information (at least montly)
> Defragment all hard drives
> Scan all your computer with antivirus and antispyware software
(should be twice a week)
4.6
The best programs (according to me)
*Panda Software*
Titanium , Platinum , TruPrevent !!!
http://www.pandasoftware.com
*Frisk Software International*
F-prot AV ,for all kind of OS,works fine on every Win version
http://www.f-prot.com
*Kaspersky Labs*
AV Personal, AV Personal Pro,Anti SPAM ,Anti hacker
http://www.kaspersky.com
--- Useful pages ---
http://www.microsoft.com/athome/security/downloads/default.mspx
different kinds of free or trial security software.
http://www.pandasoftware.com/about/resp_social/children_internet
Because of the campaign "Children and the Internet"
Panda Software offers 90 day free trial version of one of the best security
software
Panda Platininum Internet Security 2005
http://www.pandasoftware.com/protected/tips.htm
useful tips for protecting computers
http://www.pandasoftware.com/products/activescan/com/activescan_principal.htm
Panda Software free Active Scan,where you can check your
PC for ALL TYPES of security threats and clean viruses and worms
http://housecall.trendmicro.com
Trend-Micro free online scanner HouseCall where you can scan for
Viruses and Spywares and clean them. CWShredder is also available here
http://www.kaspersky.com/virusscanner
Kaspersky free online scanner
and checker for suspicious files.If you have issues with suspicious
file,here is the right place!
http://www.f-prot.com/virusinfo/submission_form.html
Send F-prot AV suspicious files for fast analyze and and it is all for FREE
http://www.microsoft.com/malwareremove
Microsoft Windows Malware Removal Tool
http://support.microsoft.com
Free Microsoft support and suggestions (for genuie clients)
If you would like more information about
how to protect your PC
what security software to use
or something else connected to IT
you are welcome to post again and I'll give you the required information.
Panda_man
" Let's beat malware black and blue "
" No new epidemic of all kind of malware -> Panda TruPrevent "
Certisified from Microsoft BG " Protection and Security for Windows XP with
SP 2 "
PA Bear
definition updates before each and every scan? If not, you're wasting your
time.
Trojan.Dropper:
http://securityresponse.symantec.com/avcenter/venc/data/trojan.dropper.html
More likely is that iun6002.exe is the signature of one of the following or
recent variant:
Spyware.Shopnav:
http://securityresponse.symantec.com/avcenter/venc/data/spyware.shopnav.html
Spyware.Wiretap:
http://securityresponse.symantec.com/avcenter/venc/data/spyware.wiretap.html
Home and Home Office Editions of NAV do not detect or remove such "security
risks". (Nice, huh?)
Checking for/Help with Hijackware
http://aumha.org/a/parasite.htm
http://aumha.org/a/quickfix.htm
http://aumha.net/viewtopic.php?t=5878
http://mvps.org/winhelp2002/unwanted.htm
http://inetexplorer.mvps.org/data/prevention.htm
http://inetexplorer.mvps.org/archive/tshoot.html
http://www.mvps.org/sramesh2k/Malware_Defence.htm
http://defendingyourmachine.blogspot.com/
When all else fails, HijackThis v1.99.1
(http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. **Post
your log to http://forums.spywareinfo.com/,
http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30
for expert analysis, not here.**
--
~Robear Dyer (PA Bear)
MS MVP-Windows (IE/OE, Security, Shell/User)