Jump to content

Infected with Trojan.Dropper (0.6916499173532813.exe)


Recommended Posts

Hi guys,

I have this trojan called "0.6916499173532813.exe" Its known as Trojan.Dropper

It places in: C:\Users\<USER>\AppData\Local\Temp

I don't know how the file is being created but the Anti-Malware scanner does detect it.

Here is a link that I found: http://forums.malwarebytes.org/index.php?showtopic=59267

That exact thing happens when I open FireFox. I find it really annoying.

Anti-Malware has quarantined 2 times now. But its not stopping it from creating itself :lol:

Is there anyway I can stop this file from creating itself?

This is the content of the exe file when opened with NotePad++:

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /up/toolbar.exe was not found on this server.</p>
<hr>
<address>Apache/2.0.54 (Fedora) Server at www.upetgroup.ro Port 80</address>
</body></html>

If I am right, this is just an html file disguised as a .exe file.

When I right click on its icon on the taskbar, its actually running on ntvdm.exe, I don't think that app is even able to read html :S

If anyone has any idea to get rid of this please help :rolleyes:

I am using Windows 7 Ultimate 32bit and Free version of Anti-Malware v1.46.0001 with DB v4390

Any help will be highly appreciated.

I have attached the logs.

sudo.zip

Thank You

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

In the future please post all logs directly into your reply instead of attaching them.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

  • Staff

Hi,

It looks like whatever plugin you have installed in Firefox tries to download this file: http://www.upetgroup.ro/up/toolbar.exe

But, the file is not present anymore.

The random exe files malwarebytes detects are a generic/heuristic detection. In your case, the files are no executables, so you don't have to worry here and you can actually ignore these detections. This because in your case, those are False positives.

I guess that your Fireftp plugin is trying to download this one. This because I see you have this extension installed in your Firefox (DDs log you attached). Does that make any sense? Can you test and disable Fireftp extension in Firefox as a test?

< edit : Woops, I see screen317 already replied, so ignore this post >

Link to post
Share on other sites

Thank you for the replies guys ;)

Hi and welcome to Malwarebytes.

In the future please post all logs directly into your reply instead of attaching them.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Hi,

It looks like whatever plugin you have installed in Firefox tries to download this file: http://www.upetgroup.ro/up/toolbar.exe

But, the file is not present anymore.

The random exe files malwarebytes detects are a generic/heuristic detection. In your case, the files are no executables, so you don't have to worry here and you can actually ignore these detections. This because in your case, those are False positives.

I guess that your Fireftp plugin is trying to download this one. This because I see you have this extension installed in your Firefox (DDs log you attached). Does that make any sense? Can you test and disable Fireftp extension in Firefox as a test?

< edit : Woops, I see screen317 already replied, so ignore this post >

Thanks for the reply guys,

I've actually disabled FireFTP. And it seems it has stopped the stupid cmd popup B) :) YAY!

Thank You for helping guys :) I have uninstalled FireFTP and I'm going to use another FTP client.

I download Linux distros from torrents, might it that it came with those. Never gonna use torrents again. Again thanks for the help :)

Link to post
Share on other sites

  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.