Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Win32.Trojan.Dropper.Small.156

  1. #1
    thoris Guest

    Default Win32.Trojan.Dropper.Small.156

    Great ... Was just informed by ZoneAlarm Scanning Status that I had the above "Trojan" in my system. Unfortunately, I followed the recommended action and deleted BEFORE coming here to read up on it.

    Now I see by the postings here that it in fact it may be part of the driver function for my monitor and/or graphics card!!!! Others have deleted it as I did and on reboot found they had no monitor. Needless to say, I can not do a system restore so I might be screwed here. My only chance is that I have not yet shut the system down and I did take note of the "offending" registration key:
    "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Cont rol\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001"

    Any chance I can open the registry and add this on my own or should I just reboot and see if I am **bleep**ed?
    Also, are we sure that this is NOT a Trojan that has embedded itself in the drivers files?

    Thanks ahead of time and belatedly sorry for my lack of knowledge.

    Geoff T.

    Operating System:Windows 2000 Pro
    Software Version:
    Product Name:ZoneAlarm Internet Security Suite

  2. #2

    Default Re: Win32.Trojan.Dropper.Small.156

    The current set of ZA Anti-Spyware signatures is mistakenly calling the files

    C:\windows\inf\oem8.pnf or (C:\winnt\inf\oem8.pnf on Windows 2000 systems)
    C:\windows\inf\oem9.pnf or (C:\winnt\inf\oem9.pnf on Windows 2000 systems)

    as the Trojan Win32.Trojan.Dropper.Small.156.

    Those are driver-related files - and they are not infected. It's a false positive.

  3. #3
    thoris Guest

    Default Re: Win32.Trojan.Dropper.Small.156

    Thanks, that seems to be what I am reading elsewhere here.

    My question was how do I solve the problem now?

    I deleted as instructed, now can't find any reference to oem8.pnf or oem9.pnf on my system. All I have is the registration key that I wrote copied to a NOTE file. I thoughts on where I might find these files?

    Thanks again.

  4. #4
    ssflyer Guest

    Default Re: Win32.Trojan.Dropper.Small.156

    If it is like mine, then I would simply re-install the video drivers.

  5. #5

    Default Re: Win32.Trojan.Dropper.Small.156

    If you are using Windows XP, there's System Restore which can bring them back.
    Since you are using Windows 2000 which lacks this feature, I'm not sure.

    I'm going to have to more research, I never dealt with missing PNF files before.
    And this false positive could be deleting different files on Windows 2000 as well

    Message Edited by Jeruselem on 08-01-2007 11:49 PM

  6. #6
    tomdelonge Guest

    Default Re: Win32.Trojan.Dropper.Small.156

    When it detected this "win32.Trojan.Dropper.Small.156" i never applied for it to be Quaranteen'd infact i just google searched and then read about it being false so i updated anti-spyware by clicking on the anti-spyware tab and clicking "update now" and the warning seem to have disapeared. So it comes to show that this is a false positive.

  7. #7
    abannister Guest

    Default Re: Win32.Trojan.Dropper.Small.156

    Thank goodness for this forum.
    I have just spent most of the day chasing the problem with my monitor.
    After about 8 hours of changing video cards, installing new drivers, etc. I had just come to the conclusion that the bit of spyware I removed this morning might be at the root of the problem, and thought it was time to check in here.
    Thanks guys
    and gals - ZASS has a nasty habit of finding these false positives (this is about the third I have come accross).
    Wish they would check the consequences of removal on a few more machines beofre throwing us to the lions to do a beta test.
    I found going into
    safe mode (F8 at start up) and then choose 'last working version'.
    Just don't make the mistake of doing a spyware scan once it is all up and working again!
    If it finds it again tonight, I hope I can override the auto clean.

  8. #8
    thoris Guest

    Default Re: Win32.Trojan.Dropper.Small.156

    Well looks like Check Point is no longer interested in supporting (therefore marketing) ZoneAlarm. Went through **bleep** with this problem (CAUSED BTW BY SLOPPY BEHAVIOUR AT ZA!!!) all morning, re-installing video card and monitor drivers and dicking around with internals trying to get the system functioning as it was previously.

    Things are pretty much back together now with the exception of one small detail ... ZoneAlarm will not work. Keeps telling me that my 14 day trial is over and asking me to either buy the program or re-install my key. Problem is key won't work. Customer support is basically shrugging their shoulders and telling me I need to talk to someone in tech support. There is no free phone support or link to email tech support (that I can find). I must therefore assume that, after approximately 12 years as an ardent supporter of ZA, they would just as soon see me disappear.

    Fair enough. At this point I am more than happy to comply. If I don't get this resolved today, I will be uninstalling this piece of **bleep** from my system and going to plan B. I will also use abundant amounts of my abundant free time to relay my sad tale to as many people as possible in hopes that they do not have to suffer the same level of abuse as I.

    Thanks for your help guys. At least someone gives a rats **bleep** about this product; too bad its not Check Point.

    Geoff T.

  9. #9
    abannister Guest

    Default Re: Win32.Trojan.Dropper.Small.156

    And there was me thiking Canadians were always cool, calm, and collected!

    My view of ZoneLabs since the CheckPoint takeover is much the same. I am still waiting to pluck up courage to install Version 7 on my laptop. The first time it died in a spectacular way and all the help desk could do was repeat the same old script about clean install. I rolled back to V6 and it has been fine but I guess it will not be long before they stop supporting it and I will have to bite the bullet.

  10. #10
    jimscarff Guest

    Default Reinstalling the display driver while in Windows Safe Mode worked (once) for me

    I feel your pain. I have spent the last 6 hours struggling with this problem. I deleted the "trojan" when that was what ZA recommended doing. After hours and hours, I was able to boot into safe mode (XP Professional), download the video driver and reinstall it. That apparently restored the deleted file, and the rebooted normally.

    Then in a particularly Homer Simpsonesque moment, I was shocked to see that I had again been attacked by the same trojan! Not realizing that this alert was false, I again deleted the trojan as recommended!

    Then, I finally found this forum which gives me hope that my pain will eventually go away. I've just reinstalled the display driver (again), "updated" the virus definitions and am about to reboot...

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts