Trojan-PSW.Win32.Dripper
Trojan-PSW.Win32.Dripper is a dangerous Trojan which is increasingly being used by the rogue anti-spyware programs Additional Guard and Enterprise Suite to scare users by making them think their systems are infected. Trojan-PSW.Win32.Dripper is well known for it?s nefarious tactics used to steal personal information including passowords, account information and email addresses.
File System Modifications
- The following files were created in the system:
# File Name 1 %Program Files%\Mozilla Firefox\searchplugins\search.xml 2 %UserProfile%\Application Data\2565da61\278.mof 3 %UserProfile%\Application Data\2565da61\ag.cfg 4 %UserProfile%\Application Data\2565da61\AG.ico 5 %UserProfile%\Application Data\2565da61\AG345d.exe 6 %UserProfile%\Application Data\2565da61\AGSys 7 %UserProfile%\Application Data\2565da61\AGSys\vd952342.bd 8 %UserProfile%\Application Data\2565da61\mozcrt19.dll 9 %UserProfile%\Application Data\2565da61\sqlite3.dll 10 %UserProfile%\Recent\cb.exe 11 %UserProfile%\Recent\CLSV.tmp 12 %UserProfile%\Recent\ddv.dll 13 %UserProfile%\Recent\dudl.drv 14 %UserProfile%\Recent\energy.dll 15 %UserProfile%\Recent\energy.sys 16 %UserProfile%\Recent\exec.exe 17 %UserProfile%\Recent\fan.drv 18 %UserProfile%\Recent\FS.dll 19 %UserProfile%\Recent\PE.drv 20 %UserProfile%\Recent\ppal.exe 21 %UserProfile%\Recent\SICKBOY.tmp 22 %UserProfile%\Recent\tjd.sys
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CLASSES_ROOT\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=220&q={searchTerms}"HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\SearchScopes "URL" = "http://search-gala.com/?&uid=220&q={searchTerms}"HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download "RunInvalidSignatures" = "1"HKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{3F2BBC05-40DF-11D2-9455-00104BC936FF}HKEY_CLASSES_ROOT\xp_7a9be.DocHostUIHandler
Additional Information on Trojan-PSW.Win32.Dripper
- The following messages's were detected:
# Message 1 Warning! Virus Detected Threat Detected: Trojan-PSW.Win32.Dripper
Great, I have at last been able to boot into safe mode but this trojan keeps blocking internet access i think. Not sure what i am to do. Last resort will be trying your malware scanner thing and see if that can do it. I will even register to try it out. Well worth it instead of paying geek squad over $80 just to drop my PC off to get fixed.