Classification

Category :

Malware

Type :

Trojan

Aliases :

Dropper

Summary

A program that saves and installs another file (usually a harmful program) onto a computer or device.

Removal

Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.

A False Positive is when a file is incorrectly detected as harmful, usually because its code or behavior resembles known harmful programs. A False Positive will usually be fixed in a subsequent database update without any action needed on your part. If you wish, you may also:

  • Check for the latest database updates

    First check if your F-Secure security program is using the latest updates, then try scanning the file again.

  • Submit a sample

    After checking, if you still believe the file is incorrectly detected, you can submit a sample of it for re-analysis.

    Note: If the file was moved to quarantine, you need to collect the file from quarantine before you can submit it.

  • Exclude a file from further scanning

    If you are certain that the file is safe and want to continue using it, you can exclude it from further scanning by the F-Secure security product.

    Note: You need administrative rights to change the settings.

Technical Details

A dropper acts as a carrier or delivery vehicle for the file that is to be dropped, which is referred to as the dropper's payload. The payload is usually stored in the dropper's body as a compressed file.

Droppers are almost always used to deliver harmful programs. It was once common to see droppers delivering viruses, but it is now more usual to see them drop trojans.

Dropping the payload

When the dropper is run, it extracts the compressed file from its body and drops it, or saves it onto the computer or device. The dropper may also run the dropped file to install it onto the computer or device.

A dropper can drop more than one file as its payload. Many droppers will also drop images or videos, which are used as decoys and displayed to the user to distract them from any overt actions that the other dropped files may perform.

From droppers to Trojan-Droppers

Today, droppers are detected by F-Secure products as Trojan-Droppers.