Cookies are very small text files that are stored on your computer when you visit some websites. We use cookies to help provide you with the best possible online experience. By using this site, you agree that we may store and access cookies on your device. Accept this cookie or find out more.

«

»

Security Alert: Trojan.Drover

Trojan.Drover is a Trojan horse that opens a back door on the PCs that it infects to allow hackers to gain access. It creates the following files and folders on infected systems:

  • %SystemDrive%\ system\ cxcore210.dll
  • %SystemDrive%\ system\ highgui210.dll
  • %SystemDrive%\ system\ libsndfile-1.dll

In addition to creating these files and folders, it creates the following registry entry:

  • HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run\ ”System Application” = %SystemDrive%\ system\ WindowsSecurityService2.exe

Finding these files and folders and this registry setting is an indication that you are infected with this Trojan. Before removing the infection, backup your registry following the steps
here.

Then, remove the infection as follows:

  1. Press [Windows Key] + [R], type
    REGEDIT and click OK.
  2. Navigate to the registry key: HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
  3. Delete the registry entry: “System Application” = %SystemDrive%\ system\ WindowsSecurityService2.exe
  4. Close the Registry Editor and re-boot your PC.
     

Powered by WordPress and the Graphene Theme.