What is this, (TR/Dldr.small.cml.7)
in [Anti-Virus]
|
Prev: Zlob Trojan - Newbie on group - Help please!
Next: Different packing = different scan results (remember Zlob posts?)
From: Joe on 14 Apr 2006 19:58 AntiVir has started reporting (TR/Dldr.small.cml.7) on each bootup of Win XP I can find no info (in English) on the web; can someone here help me out?
From: edgewalker on 14 Apr 2006 20:05 "Joe" <joedinmore(a)yahoo.com.au> wrote in message news:MPG.1eaadb39da47fc6a9896a0(a)news.aardvark.net.au... > AntiVir has started reporting > (TR/Dldr.small.cml.7) on each bootup of Win XP > I can find no info (in English) on the web; can someone here help me > out? TR - trojan (program that does something other than what the user expects) Dldr - downloader (downloads a file, and probably executes it) small - sort of a generic name for programs of less than some specific size. The rest you would have to ask the AntiVir about, it is specific to the malware itself - like a minor variation - and to their naming process. Where was it found, and what filename did it have? It might be a false positive declaration of that malware - or not.
From: Joe on 14 Apr 2006 21:20 In article <1240ei75rke7f26(a)corp.supernews.com>, null(a)null.invalid says... > > "Joe" <joedinmore(a)yahoo.com.au> wrote in message news:MPG.1eaadb39da47fc6a9896a0(a)news.aardvark.net.au... > > AntiVir has started reporting > > (TR/Dldr.small.cml.7) on each bootup of Win XP snip > > Where was it found, and what filename did it have? > Found it in windows/system32/winowk32.dll, which I suspect is a random name. > It might be a false positive declaration of that malware - or not. > I'm a bit worried that it might be a bagle variant, but I have no reason for this.
From: kurt wismer on 15 Apr 2006 00:38 Joe wrote: > In article <1240ei75rke7f26(a)corp.supernews.com>, null(a)null.invalid > says... >> "Joe" <joedinmore(a)yahoo.com.au> wrote in message news:MPG.1eaadb39da47fc6a9896a0(a)news.aardvark.net.au... >>> AntiVir has started reporting >>> (TR/Dldr.small.cml.7) on each bootup of Win XP > snip >> Where was it found, and what filename did it have? >> > Found it in windows/system32/winowk32.dll, which I suspect is a random > name. > >> It might be a false positive declaration of that malware - or not. >> > I'm a bit worried that it might be a bagle variant, but I have no reason > for this. i suspect that if it had been bagle your anti-virus would have said bagle... i don't think TR/Dldr.small.cml.7 is a generic name, i think it's the proper malware name for what you have... hopefully that's all you've got - a downloader trojan's purpose is to download other malware onto your computer and run it... i suspect this page describing trojandownloader.win32.small (http://www.f-secure.com/v-descs/trdlsmal.shtml) applies to what you've got... -- "it's not the right time to be sober now the idiots have taken over spreading like a social cancer, is there an answer?"
From: David H. Lipman on 15 Apr 2006 12:49
From: "Joe" <joedinmore(a)yahoo.com.au> | AntiVir has started reporting | (TR/Dldr.small.cml.7) on each bootup of Win XP | I can find no info (in English) on the web; can someone here help me | out? Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor's web site. The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. http://www.ik-cs.com/multi-av.htm Additional Instructions: http://pcdid.com/Multi_AV.htm * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm |