Don't you just want to take these Trojan writers and throttle the life
right out of them? Slowly, and maybe dig their hearts out with a
blunted spoon, so it really hurts?
The Trojan bkdr_sm.ai is actually a dropped DLL file from another Trojan:
It looks like this one is a really stubborn one, and it's going to
require some hideous tinkering to get your system scrubbed out.
According to TrendMicro, you're going to have to take this bad boy out
manually, and you're going to need a clean (non-infected) hard disk
with your operating system installed on it to get the job done
[ If you don't have spare hard drive lying about and aren't in a
position to drop $80 on another one at the moment, try your local
Freecycle list: http://www.freecycle.org Computer bits come up on
offer all the time, and many people who post WANTED notices for such
end up with several offers of help. ]
First, make sure System Restore is turned off, then go back and run
Housecall again. WRITE DOWN the path for EVERY occurence of
Next, shut down your computer and remove the infected hard disk. Set
it to function as a slave, install a clean Master disk (and make sure
to keep System Restore OFF), then connect the infected drive. Start
up your computer, browse to the slave drive, then browse to all
occurences of bkdr_small.ai (consult your list from the first step to
make sure you get them all) and delete them.
Disconnect both drives, return the slave to Master function, and
reconnect it. Boot your computer and open up Regedit. You'll need to
delete a number of Autostart entries from the registry to make sure
this thing is good and gone:
# Open Registry Editor. Click Start>Run, type REGEDIT, then press Enter.
# In the left panel, double-click the following:
# In the right panel, locate and delete the entry or entries whose
data value is the malware path and file name of the file(s) detected
# In the left panel, locate and delete the following entries:
# Close Registry Editor.
Now reboot your computer.
Surprisingly, neither Grisoft nor Symantec has information about this
Trojan in their virus lists, even though the Trojan appears to be
about a month old. I'm not surprised you had a hard time finidning
information about this!
Good luck with the system scrubbing. If I can be of further
assistance, please do let me know.
Search terms: [ bkdr_small.ai ] at Grisoft, Symantec and TrendMicro