Home Malware Programs Droppers Trojan-Dropper.Win32.Drooptroop.iih


Posted: March 3, 2011

As a backdoor Trojan and potential virus, Trojan-Dropper.Win32.Drooptroop.iih is an extreme danger to the integrity of your system and may be able to spread through networks and removable peripherals. The nullification of your firewall and other system defenses is accompanied by Trojan-Dropper.Win32.Drooptroop.iih downloading other malware that can cause even more problems. Trojan-Dropper.Win32.Drooptroop.iih has also been reported to block essential Windows programs; all these deadly traits result in a PC threat that should be terminated forcefully.

Deadly Downloads and Other Perils

Any Trojan's main purpose is to place extra malware onto the infected computer without letting the user know about it, and Trojan-Dropper.Win32.Drooptroop.iih definitely isn't an exception. Most obvious clues to the presence of a Trojan infection will come as side effects of the malware they've already put onto the computer! Strange files, programs and memory processes will be observable whenever a Trojan like Trojan-Dropper.Win32.Drooptroop.iih is around.

Trojan-Dropper.Win32.Drooptroop.iih's attacks may continue with other hostilities:

  • Trojan-Dropper.Win32.Drooptroop.iih may create a backdoor in your security; this can be seen be inexplicable changes in your security settings such as your firewall program. Remote criminals exploit backdoors to gain control over a computer and use it for essentially anything they want, although recruitment into botnet armies for DDoS attacks is the most well-publicized remote attack phenomenon.
  • Trojan-Dropper.Win32.Drooptroop.iih has also been documented to block programs that are used by Windows for maintenance and general security, such as the Registry Editor.
  • The above trait makes dealing deleting Trojan-Dropper.Win32.Drooptroop.iih a bit tougher, since Trojan-Dropper.Win32.Drooptroop.iih is quite likely to corrupt the registry for its own ends! Malware-altered registries can allow malware to survive being deleted and run as background processes when Windows boots.
  • As a last unique problem thrown in your path, some sources also report Trojan-Dropper.Win32.Drooptroop.iih to be able to propagate like a virus. This makes networked computers and computers that use removable drives vulnerable to infection, and in some cases can damage or destroy important system files.

Circumventing Trojan-Dropper.Win32.Drooptroop.iih's Attacks and Regaining Your Computer

The only thing you can do to reacquire control over your computer is delete Trojan-Dropper.Win32.Drooptroop.iih, but this requires that you first stop Trojan-Dropper.Win32.Drooptroop.iih from running at all. Trojan-Dropper.Win32.Drooptroop.iih hasn't been reported to use rootkit techniques or other sophisticated self-preservation mechanics, so rebooting into Safe Mode should let you access your security and Windows programs to take the necessary steps.

Trojan-Dropper.Win32.Drooptroop.iih may also be detected by the name of Trojan.Sasfis Trojan-Dropper.Win32.Bamital or W32/Pinkslipbot.gen.w among other aliases; the exact name depends on the anti-virus software used to detect Trojan-Dropper.Win32.Drooptroop.iih. Keep your scans all-inclusive, since Trojans like Trojan-Dropper.Win32.Drooptroop.iih will drop other infections, and you'll need to delete every last one if you want your computer to get back to its old self.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %CommonDocuments%\Server\admin.txt
    2 %CommonDocuments%\Server\hlp.dat
    3 %PROGRAM_FILES%\Trojan-Dropper.Win32.Drooptroop.iih
    4 %Templates%\memory.tmp
    5 %Windir%\Temp\explorer.dat
    6 c:\Documents and Settings\All Users\Start Menu\Trojan-Dropper.Win32.Drooptroop.iih\
    7 c:\Documents and Settings\All Users\Trojan-Dropper.Win32.Drooptroop.iih\

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\Software\Trojan-Dropper.Win32.Drooptroop.iih[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]