How do you get rid of Trojan horse Downloader Small 4 D?

Answer 1

I recently ran AVG free antivirus software (GriSoft) on a friend's PC because he was complaining of various problems, and it detected not only the Trojan Horse Downloader.Small.4.D, but also Downloader.Dyfica.AJ (in two files), PSW.Briss.A, and PSW.Briss.B. These were found attached to the following files:

In the C:\Windows\System directory:A.exeBridge.dll

In the C:\Windows\Temp directory:Optimize.exeBridge.exeCLN9352.tmp

From my own research, these files come from two places:

Installing, knowingly or unknowingly, spyware applications. Installing a fake "crack", called "crack.exe", from the internet for various applications.

AVG Free Edition managed to wipe out these files without any problem.

Also, F-Prot (run from DOS) has been know to take care of these viruses very well.

After "healing" your files, you should run a spyware checker, such as Ad-aware or Spybot, to remove any spyware files that may have been left behind. Bridge.exe, Bridge.dll, and A.exe have been known to re-install themselves otherwise.

Also, you may also want to scan your registry for those files as well, especially "A.exe". Ad-aware, which I personally run, does a good job of removing spyware entries from the registry, but sometimes it does manage to leave a thing or two behind. It's always better to be safe than to regret it later. I too had this virus.

AVG (free version) did indeed detect the virus and said the infected files had been healed. In fact they had not been healed at all as the virus was present two minutes later in a second scan. This was when the machine was not continually crashing.

AVG was subsequently removed and the crashing stopped! McAfee is now installed and all problems are solved. I hope. AVG, superficially made matters worse! This is a particularly nasty Trojan. It often invades your computer on the back of Spyware and Adware. Just disinfecting with an anti-virus is not enough because it will just re-install when you next boot up.Run your anti-virus and clear the Trojan, then run Spybot or Adaware (Free downloads from www.spybot.com or www.adaware.com). Quarantine all the spyware these pick up before you re-boot.Sometimes this Trojan will infect your Restore files (Me & XP only). Windows will not let you delete any files from this location, so after you've run the anti-virus and the spy cleaner disable System Restore and re-boot. Then enable System Restore and re-boot again. This will re-write the Restore files with (hopefully) clean data. To be extra safe run your anti-virus and Spy Cleaner again. I just had this virus today and Im not sure if i was able to remove it.

Im using Windows XP Pro, with SP1 and 2 and all the necessary updates. I also have the AVG free edition with the recent virus updates. AVG detected this virus first located at c:\windows\system32\CS4PO28.exe and deleted the file. I downloaded ad-aware and it removed some suspicious registry files.

It was okay after I booted it. I didnt seem to have problems until a few hours later, say, 5 hours later, when AVG detected the same virus in another location, this time at the c:\system volume\_restore{B96C9349-3ECB-4C07-B7AF-1B0A537037B1}\RP43\A0007546.exe.

I remember having a Trojan virus of another version before in my winxp that located itself at the system volume. All i did at that time was to turn off the system restore service. You can do this at control panel > system > system restore tab.

Hope this will work for the others. I too got the Trojan horses. After many hours trying to rid my PC of them, I contacted AVG.

Here is their response:

"Because these files were located in folders for temporary usage, thevirus is probably downloaded from the Internet (on e-mail). I recommend that you delete the contents of these folder. - the content of C:\Documents and Settings\Marty Roberts\LocalSettings\Temp\ folder must be deleted manually

- to empty C:\Documents and Settings\Marty Roberts\LocalSettings\Temporary Internet Files\ folder do following: Start Internet Explorer -> Tools -> Internet option Options ->Temporary Internet Files section -> Delete Files button -> Delete AllOffline Content -> OK button

I also recommend doing Windows update from Start menu and enabling "Onclose Scanning" function in AVG COntrol Center -> AVG ResidentShield settings."

After doing this I have been virus free for 3 days now. I have been battling the Downloader Small 4.D for weeks now, I have taken all the advice, done everything you can think of but still it has persists. It is always on file 'bridge.exe' or 'bridge(1).exe' Then I was discussing it with a friend and he said that the 'bridge.exe' might be in Add/Remove, so I went in there and found it, I have now uninstalled it and hopefully the virus will go too! AVG found it but could not heal it or put it in the fault. Manually went into local settings and removed all temp files. Dload.exe was in the temp file. Also checked Windows\Temp and others as recommended nothing there.

Still came back so I went into regedit and serached on the files suggested ie. bridge.dll, a.exe, bridge.exe and CLN9352.tmp.All files were found in one place under a folder called Search Assistant.

Hope that helps All Trojan horses are hidden files so you would need to go to the Files Option (click the View tab)at Control Panel and uncheck both the *Hide file extension for known file types & *Hide protected operating system files (Recommended)-boxes, then OK yourself out. You will then need to restart your computer and and go into Safe Mode by holding the F8 key down -(kind of at the beginning of start up). When you're at the DeskTop screen go to Start/ Search/ For Files and Folders and type up the NAME OF THE FILE & EXT of that virus, which would have shown up on your Anti-Virus software, you can delete this file from here.

I have had 4 Trojan horses on my C drive and kinda figured out the above method a week ago. I also deleted the Temp file from the Restore folder after unchecking the hidden files boxes, then went to SafeMode to delete these 4 virus files. My computer is now absolutely FREE of these pests! Try switching off the resident shield before running AVG somehow it seems to work for me. It may not be able to remove the file because it is already being accessed by AVG. It may be a bug that the makers of AVG might have to look at. I had the Trojan horse downloader small.21.D and used every online scan and AVG to try to get rid of it. I tried the suggestion of emptying the temporary internet folder and like magic...no more Trojan found by AVG. THANKS

I had troubles with this Trojan. Your best bet would be to clear it with AVG, or the solution offered by MalwareBytes. It would not hurt to become educated with finding processes and files that are out of place as well.

I'm not very good at computer. I just ran the AVG and hoped it can catch it. however, the AVG detected it but can't remove it. I find computer experts 24/7 online, called Tee Support. they helped me get rid of the virus so quickly. I think I will contact them if there is virus on my PC next time.