The Anonymous Widower

Something More Terminal

One of my computers suffered a terminal failure over the weekend, and I needed to take it to the menders yesterday. The symptoms were that it refused to even start, recycling round the login endlessly, but never getting near starting.

Before this a scan by Clamwin had shown that the computer was infected by the DroopTroop virus. There were several instances in a sub-directory where I had downloaded an old blog and Clamwin also flagged that winlogon.exe and Internet Explorer had been replaced by versions that had been modified by the trojan. The first explained why the computer wouldn’t start and the second, why Internet Explorer didn’t search properly and pointed me at a load of porn and shopping sites, I didn’t want.

The machine was completely unuseable.

So what caused it. Either the downloaded blog contained the data, so did someone find a way of commenting on the blog and adding the virus in that way?

But the machine had also been used by my late son to download all sorts of computer games from various sites. I would have thought that he would have been more sensible than to introduce a virus.

The computer has never been used for e-mail, so I doubt that route was possible.

On the other hand, the computer has been showing odd behaviour for months and I called the menders in to fix it. We thought that somehow McAffee was corrupted and this was causing the computer to stop. It looks like the virus was there then. I removed McAffee and replaced it with Clamwin. Another fault was that the computer wouldn’t run Windows Media Player. It just said it was an illegal win32 application.

This is a list of Drooptroop symptons from the PCThreat web site.

Modified browser homepage settings and search results
Hijacked Windows desktop wallpaper and strange desktop shortcuts and icons
Abnormal Trojan-Dropper.Win32.Drooptroop.cpt files in Windows task manager system processes, tower speaker error bleeping sound
Trojan-Dropper.Win32.Drooptroop.cpt reactivates itself after been deleted manually, extremely difficult to get rid of
Legal registry keys, dlls and system files missing, causing “Blue Screen Of Death” error
Abnormal bandwidth use, slow Internet browser and Windows system
Pop-up blocker unable to block annoying porn and gambling related bulk pop-ups

What Trojan-Dropper.Win32.Drooptroop.cpt will do when embedded within a computer is as follows:

Records browsing habits, monitors Windows system activity to generates equivalent pop-ups
Bypasses security tools and forwards credit card, usernames, passwords and other private information to outside hackers
Trojan-Dropper.Win32.Drooptroop.cpt downloads and installs diverse malicious programs via Windows and browser security loopholes

Trojan-Dropper.Win32.Drooptroop.cpt has also been seen to display the following behavior:

Adds a Registry Key (RUN) to auto start Programs on system start up
Registers a Dynamic Link Library File
Executes a Process
This Process Deletes Other Processes from Disk

 

So you can see it is an evil thing to get on your computer to say the least. Luckily, I only used this computer for developing Visual Basic programs and the odd bit of browsing of news and other respected web sites.

I suppose that I could have inadvertently installed something nasty in the last few months, becausev of my awful typing. But I hope not!

November 23, 2010 - Posted by | Computing, World |

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: