|Orange Internet Everywhere connection box|
There is a not-so-easy to detect virus on windows XP that quickly uses your internet connection. It is not easy to detect because very few major antivirus programs are able to scan and uproot it from your system.
How to tell if your computer is infected with this type of virus?
The only way is if you are using the mobile Internet bundles using huawei modems, such MTN broadband, Orange Internet everywhere, Airtel Internet everywhere. You need to know how much Megabytes you use in a month.
How I found out
In february, my girlfriend was still using a windows xp computer while i had ubuntu 9.10 laptop. We were using the mtn ball broadband Internet huawei modem. 500MB was enough data for a month to use at home considering we both had access to the Internet at our workplaces.
She contracted the dropper virus and we had the 500mb bundle wiped out in 3 days. I thought maybe she had done some updates or downloaded a heavy movie. Anyway, we renewed again. 500mb was again wiped out in 3days. We suspected a virus (we updated avira & scanned entire system) but we also thought that the service provider was giving us less. We switched off any wifi connections.
Considering that we needed to use the Internet, we paid up again for another 500mb. This one ran out again in 3days with only the windows computer using it. We opted for another provider, this time, we bought a 1gb Orange Internet everywhere bundle.
The Orange Internet Everywhere software connection box after being connected used up 5MB in 3minutes without having any browser open. No, i don't think it was an antivirus update either!
The Trojan.Dropper malware attack
From the Symantec website:
A Trojan.Dropper is a type of Trojan whose purpose is to deliver an enclosed payload onto a destination host computer. A dropper is a means to an end rather than the end itself. In other words, the dropper is usually used at the start or in the early stages of a malware attack.These dropper viruses are becoming very common among windows users. They will use up much of your mobile Internet bundles without your notice leaving you to constantly pay for more megabytes of data you never use. In this day of hard economic times, this can be a headache you can very well spare yourself.
Once a dropper is executed, its own code is simply to load itself into memory and then extract the malware payload and write it to the file system. It may perform any installation procedures and execute the newly dropped malware. The dropper usually ceases to execute at this point as its primary function has been accomplished.
Droppers are used by malware creators to disguise their malware. They create confusion amongst users by making them look like legitimate applications or well known and trusted files.
Since using a Trojan.Dropper form of attack on computers running Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows 2000; Symantec has issued a Latest Rapid Release version June 13, 2011 revision 039
5 ways to Get rid of Trojan.Dropper
1. Get freely available ubuntu software - Ubuntu is the most locally used free operating system in Uganda. There is a great ready-to-help community, free locally available downloads of the latest ubuntu releases at the Uganda linux users group (LUG). Remember to join the mailinglist and ask all your newbie questions there.
After you install ubuntu, your Internet everywhere modem should be able to work well without giving you any headache.
2. Download Symantec Trojan.Dropper June 2011 release - Download the Symantec Trojan.Dropper latest release and follow their instructions. The trojan.dropper is not at all detected by several other antiviruses however updated they may be.
3. Backup. Format Disk and Re-install Windows - Backup your files and reinstall your windows XP, 2000, vista etc. Before re-installing your system remember to format your disk. This way, everything being installed on the computer harddisk is new.
4. Stop renewing Mobile Internet bundle - Use Internet cafe - Use Internet cafe computers to access the Internet. Otherwise, loosing your hard-earned money every 3 days buying Mobile Internet bundles that would otherwise last you a month does not make sense.
5. Use ubuntu live-CD - If you don't have power to reinstall the computer you use, you could download a ubuntu image and burn it on CD. You would then walk around with Ubuntu live-cd and use it before you plugged in your modem. Ubuntu 10.04 onwards should work fine without having to install usb-modeswitch file.