F-Secure
Tools
Other:W32/Dropper
| Name : | Other:W32/Dropper |
| Detection Names : |
dropper |
| Category: | Malware |
| Type: | Other |
| Platform: | W32 |
Summary
A malicious program which does not easily fit into any other malware category.
Disinfection
Automatic Disinfection
Starting from F-Secure Anti-Virus (FSAV) version 5.40, standalone malware (backdoors, worms, trojans, etc.) is automatically removed. FSAV automatically renames malware files to prevent them from being executed.
In rare cases, automatic disinfection is not possible and the user must instruct FSAV to perform disinfection (renaming and/or deleting the infected file).
In special cases, the user is recommended to perform disinfection using specific tools provided by F-Secure. The tools can be downloaded from:
In some cases F-Secure Anti-Virus may not automatically disinfect a system. If so, please visit our Support pages at:
Manual Disinfection
Note: Manual disinfection is a risky process; it is recommended only for advanced users.
To manually disinfect standalone malware (backdoors, worms, trojans, etc.) it is usually enough to delete all infected files from a computer and to restart it.
Active malware files are usually locked by the operating system; different disinfection approaches are required for different operating systems. If the computer is running on the Windows 95, 98 or ME operating systems, the recommended action is to restart the computer from a bootable system diskette and delete the infected file using command prompt. For example, if malicious file ABC.EXE is located in the Windows folder, type the following command at the command prompt:
and press Enter to delete the infected file. If the computer system is running on the Windows NT, 2000 or XP operating systems, a malicious file must be renamed with a different extension (for example .VIR) before the system is restarted. After restart, the renamed malicious file will no longer be active and it can then be manually deleted.
Windows System Restore Issues
If the computer is running on the Windows ME or XP operating systems, disabling the System Restore feature before disinfection is recommended. This is to avoid possible re-infection by a threat that has just been disinfected, as the System Restore feature may have unknowingly saved a copy of the infected file during its normal procedures. If the System Restore feature is active, it may then copy the infected file back to the hard drive after the user or an antivirus program has renamed or deleted it.
Instructions on how to disable the System Restore feature are here:
Once disinfection is complete, re-enabling the System Restore feature is recommended. This will allow the user to restore the system to a stable configuration in the event that a crash or incompatibility issue occurs in the future.
F-Secure Anti-Virus
F-Secure Anti-Virus can be purchased from our online web store or from authorized distributors. A 30-day limited trial verson of F-Secure Anti-Virus may be downloaded from our website:
All the latest versions of FSAV can automatically download the latest signature database updates. These updates can also be manually downloaded and installed from our web or ftp sites:
Starting from F-Secure Anti-Virus (FSAV) version 5.40, standalone malware (backdoors, worms, trojans, etc.) is automatically removed. FSAV automatically renames malware files to prevent them from being executed.
In rare cases, automatic disinfection is not possible and the user must instruct FSAV to perform disinfection (renaming and/or deleting the infected file).
In special cases, the user is recommended to perform disinfection using specific tools provided by F-Secure. The tools can be downloaded from:
In some cases F-Secure Anti-Virus may not automatically disinfect a system. If so, please visit our Support pages at:
Manual Disinfection
Note: Manual disinfection is a risky process; it is recommended only for advanced users.
To manually disinfect standalone malware (backdoors, worms, trojans, etc.) it is usually enough to delete all infected files from a computer and to restart it.
Active malware files are usually locked by the operating system; different disinfection approaches are required for different operating systems. If the computer is running on the Windows 95, 98 or ME operating systems, the recommended action is to restart the computer from a bootable system diskette and delete the infected file using command prompt. For example, if malicious file ABC.EXE is located in the Windows folder, type the following command at the command prompt:
• DEL C:\WINDOWS\ABC.EXE
and press Enter to delete the infected file. If the computer system is running on the Windows NT, 2000 or XP operating systems, a malicious file must be renamed with a different extension (for example .VIR) before the system is restarted. After restart, the renamed malicious file will no longer be active and it can then be manually deleted.
Windows System Restore Issues
If the computer is running on the Windows ME or XP operating systems, disabling the System Restore feature before disinfection is recommended. This is to avoid possible re-infection by a threat that has just been disinfected, as the System Restore feature may have unknowingly saved a copy of the infected file during its normal procedures. If the System Restore feature is active, it may then copy the infected file back to the hard drive after the user or an antivirus program has renamed or deleted it.
Instructions on how to disable the System Restore feature are here:
• Windows ME: http://www.f-secure.com/v-descs/sfc_dis.shtml
• Windows XP: http://www.f-secure.com/v-descs/sfc_dis1.shtml
Once disinfection is complete, re-enabling the System Restore feature is recommended. This will allow the user to restore the system to a stable configuration in the event that a crash or incompatibility issue occurs in the future.
F-Secure Anti-Virus
F-Secure Anti-Virus can be purchased from our online web store or from authorized distributors. A 30-day limited trial verson of F-Secure Anti-Virus may be downloaded from our website:
All the latest versions of FSAV can automatically download the latest signature database updates. These updates can also be manually downloaded and installed from our web or ftp sites:
Additional Details
This is the Dropper General Information page.
A dropper is a standalone program that drops a virus to a system. Usually a dropper of a file virus is a very small program (a few bytes) infected by a virus.
A dropper of a boot virus is usually a program that writes the image of a boot sector virus stored inside it to a hard or floppy drive.
Some well-known worms drop viruses. For example, Worm:W32/Klez creates a dropper for Virus:W32/Elkern and runs it; the dropped virus proceeds to live its own life. Also, Worm:W32/Funlove creates its dropper file and makes it run during all Windows sessions.
Virus droppers are not any more widespread as standalone malware is becoming more and more popular.
Note
Droppers for standalone malware are identified as Trojan-Droppers. For more information on terms used, please see our Terminology Index.
A dropper is a standalone program that drops a virus to a system. Usually a dropper of a file virus is a very small program (a few bytes) infected by a virus.
A dropper of a boot virus is usually a program that writes the image of a boot sector virus stored inside it to a hard or floppy drive.
Some well-known worms drop viruses. For example, Worm:W32/Klez creates a dropper for Virus:W32/Elkern and runs it; the dropped virus proceeds to live its own life. Also, Worm:W32/Funlove creates its dropper file and makes it run during all Windows sessions.
Virus droppers are not any more widespread as standalone malware is becoming more and more popular.
Note
Droppers for standalone malware are identified as Trojan-Droppers. For more information on terms used, please see our Terminology Index.