[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

TROJ_SMALL.AAL - removal from /windows/system32/exp.exe and wintask.exe

Posted on 2005-05-01
6
Medium Priority
?
471 Views
Last Modified: 2010-08-05
Hi.  I noticed my system running slower and it crashed a couple times today.  The black error screen (looks like a dos screen) closed so fast, I couldn't see what the error was.

So I ran complete system tests using V-Com Fix-it - http://www.v-com.com/.  It found a virus called trojan_small.aal.   I found reference to it in the TrendMicro virus encyclopedia.  I tried to follow the manual removal instructions located here http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_SMALL.AAL
but I couldn't find the files in registry or in processes.

The V-Com Fix-it asks me if I want to delete exp.exe and wintask.exe - which are both infected.
     ****Is there any reason why I SHOULD NOT delete these two files?****  

I'm disappointed in Norton's AntiVirsus (version 9.06.02a ) software as it didn't even detect the Trojan and it doesn't have it in it's virus encyclopedia.

I wonder if I should spend $50 to buy TrendMicro's PC-cillin Internet Security
http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm

I also run and keep updated Aluria Spyware eliminator.  

I understand the Troj_Small.AAL may not be the cause of my system crash - but I need to remove it as a first step.
0
Comment
Question by:aprillougheed
  • 2
  • 2
  • 2
6 Comments
 
LVL 9

Accepted Solution

by:
stengelj earned 1000 total points
ID: 13906914
"Is there any reason why I SHOULD NOT delete these two files?"

Both are known trojans.  I can't image any reason *not* to delete them. But, that may not fix your problems as there may be separate program that is creating/recreating them...

I helped someone out with a new spyware program called "Aurora".  It also used those files and can be a real pain to remove.  In my post I included a link to a removal tool and instructions.  It seemed to help this person out, maybe it will help you:

http:Q_21399611.html

Norton's AV seems to classify this as spyware instead of a virus or trojan.  Kind of a cop-out if you ask me.

0
 

Author Comment

by:aprillougheed
ID: 13906931
Ah, just what I needed to hear.  I didn't want to go blindly off making a bunch of changes.

thank you for the reference to the other post.

I'll try it too.

I so appreciate your time and knowledge.

April
0
 
LVL 9

Expert Comment

by:stengelj
ID: 13906967
You're welcome.

It is common for spyware programs to download/install numerous trojan-like programs in the hopes that you will not find them all.  It is best if you can figure which root spyware package was installed and then research specific removal techniques for that package.  Otherwise, the "master" program will continuously download/re-install its child programs.

Also, it helps to keep more than one spyware tool available for use.  HijackThis and the MS Anti-Spyware programs are popular spyware tools.

Best of luck!
0
New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

 
LVL 32

Assisted Solution

by:r-k
r-k earned 1000 total points
ID: 13907228
I agree that you should remove exp.exe and wintask.exe

Another useful program to have is Autoruns from sysinternals:

 http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml

It can quickly list most of the programs that get started when you log-in, and further you can quickly un-check (disable) the suspicious ones so they don't start the next time.

Good luck.
0
 

Author Comment

by:aprillougheed
ID: 13908628
Thank you so much.  The Troj_small is gone as far as I can ell - but my computer is still running slow as heck.

I'll run some more tests and post some results.

I have a toshiba satiliate notebook and it's the best computer I've ever had.  This is the first time it's ever had troubles.  (well, of course I've had virus, spyware before but never any system crashing.)

Well, maybe my Internet Connection (cable) is just slow today - hopefully.

april
0
 
LVL 32

Expert Comment

by:r-k
ID: 13909521
If you think the computer is slow: (assuming you have Win/XP SP2)

(1) Task Manager: Check Performance and Network tabs. Check memory usage in Performance tab also.

(2) If any unusual activity in above, get list of tasks and network connections and post it here if not sure:

  > tasklist /svc > task.txt
  > netstat -ab > net.txt

(3) If nothing suspicious noticed above, then:

 (a) Clear all files from Temp folder (under c:\Documents and Settings\Username\Local Setting)
(b) Clear you Internet Explorer Cache
(c) Make sure disk is not too full.

etc.
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Change your password...do it now!. Probably the easiest point of access to your account is through guessing your password. If your password is guessable, do change it now. If not for your sake but for everyone else in your friends list. Remember …
PREFACE The purpose of this guide is to provide information to successfully install the MS SQL client tools for the Symantec Endpoint Protection Manager (SEPM) to function properly when installed on Windows 2008. AUDIENCE Information Technology…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question