What is this, (TR/Dldr.small.cml.7)

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
AntiVir has started reporting
(TR/Dldr.small.cml.7) on each bootup of Win XP
I can find no info (in English) on the web; can someone here help me
out?

Re: What is this, (TR/Dldr.small.cml.7)


Quoted text here. Click to load it

TR - trojan (program that does something other than what the user expects)

Dldr - downloader (downloads a file, and probably executes it)

small - sort of a generic name for programs of less than some specific size.

The rest you would have to ask the AntiVir about, it is specific to the
malware itself - like a minor variation - and to their naming process.

Where was it found, and what filename did it have?

It might be a false positive declaration of that malware - or not.



Re: What is this, (TR/Dldr.small.cml.7)

says...
Quoted text here. Click to load it
snip
Found it in windows/system32/winowk32.dll, which I suspect is a random
name.
 
Quoted text here. Click to load it
I'm a bit worried that it might be a bagle variant, but I have no reason
for this.

Re: What is this, (TR/Dldr.small.cml.7)

Joe wrote:
Quoted text here. Click to load it

i suspect that if it had been bagle your anti-virus would have said
bagle... i don't think TR/Dldr.small.cml.7 is a generic name, i think
it's the proper malware name for what you have... hopefully that's all
you've got - a downloader trojan's purpose is to download other malware
onto your computer and run it...

i suspect this page describing trojandownloader.win32.small
(http://www.f-secure.com/v-descs/trdlsmal.shtml ) applies to what you've
got...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"

Re: What is this, (TR/Dldr.small.cml.7)

kurtw@sympatico.ca says...
Quoted text here. Click to load it
 
Quoted text here. Click to load it
Aha! yes - that appears to be it. I went looking in the file system, and
found Adservice.bat, adservice.dll along with the winowk32.dll all with
the same date and time. The dlls were both 17408bytes long and identical
in content.
 I haven't checked the registry yet, but I'm
feeling better about things now. Renaming the three files just mentioned
makes the problem disappear. (Whether that is the same as "problem goes
away" is yet to be determined.
Thanks VERY much indeed.

Re: What is this, (TR/Dldr.small.cml.7)


Quoted text here. Click to load it

A name like that, and in that location, I suspect you're right.

Quoted text here. Click to load it

Bagle schmagle - it's bad enough you have a downloader and you don't
know what it might have done if executed.

Now that you have a filename, you can send that file to online single file
scanners like jotti or virustotal to see what other detectors have to say
about it. You can get more info to determine for yourself if it is a FP or
not, and get some names that other vendors use for this piece of malware.
Armed with new names, even more info becomes available.



Re: What is this, (TR/Dldr.small.cml.7)


| AntiVir has started reporting
| (TR/Dldr.small.cml.7) on each bootup of Win XP
| I can find no info (in English) on the web; can someone here help me
| out?


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.  http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Site Timeline