Internet threat level: 1
Home→Descriptions→Trojan-Dropper.Win32.Small.go
Trojan-Dropper.Win32.Small.go
| Detected | May 14 2004 00:43 GMT |
| Released | May 14 2004 00:43 GMT |
| Published | Mar 20 2007 10:09 GMT |
Payload
Removal instructions
Technical Details
This Trojan is designed to install and launch other programs on the victim machine. It is a Windows PE EXE file. It is 10,752 bytes in size.Payload
When launching, the Trojan extracts the following file from its body and launches it for execution:
- %System%\svchosd.exe — this file is 7,000 bytes in size. It will be detected by Kaspersky Anti-Virus as Trojan-Downloader.Win32.Small.jm
The Trojan also creates the following value in the system registry:
"Aplune Service" = "svchosd.exe"
The Trojan modifies the value of the following system registry key:
"Shell" = "Explorer.exe svchosd.exe"
This ensures that the Trojan will be launched each time Windows is booted on the victim machine.
Removal instructions
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the Trojan process.
- Delete the original Trojan file (the location will depend on how the program originally penetrated the victim machine).
- Delete the file created by the Trojan:
%System%\svchosd.exe
- Delete the following system registry key parameter:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
"Aplune Service" = "%System%\svchosd.exe" - Revert the value of the registry key as shown below:
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Shell" = "Explorer.exe" - Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
Trojan-Dropper programs are designed to secretly install malicious programs built into their code to victim computers.
This type of malicious program usually save a range of files to the victim’s drive (usually to the Windows directory, the Windows system directory, temporary directory etc.), and launches them without any notification (or with fake notification of an archive error, an outdated operating system version, etc.).
Such programs are used by hackers to:
- secretly install Trojan programs and/or viruses
- protect known malicious programs from being detected by antivirus solutions; not all antivirus programs are capable of scanning all the components inside this type of Trojans.
Trojan-Dropper.
- TrojanDropper.
Win32. Small. go (Kaspersky Lab) - Troj/Small-GO (Sophos)
- Trojan.
Dropper. Small-44 (ClamAV) - Trj/Cook.
A (Panda) - W32/Trojan_Dropper!4301 (FPROT)
- TrojanDropper:
Win32/Small. GO (MS(OneCare)) - Trojan.
MulDrop. 896 (DrWeb) - Win32/TrojanDropper.
Small. GO (Nod32) - Generic.
Malware. Sdld!!. 1EB3C453 (BitDef7) - Trojan.
DR. Small. ATMG (VirusBuster) - Win32:
Trojan-gen. (AVAST) - Trojan-Downloader.
Win32. Small (Ikarus) - Downloader.
Small. 7. O (AVG) - TR/Dldr.
Small. Go (AVIRA) - Trojan.
Dropper (NAV) - W32/Smalldrp.
YX (Norman) - MultiDropper-KO (NAI)
- TROJ_SMALL.
BQY (PCCIL) - Dropper.
Small. ADM (Rising)
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.