Dropper: What it is, how it installs other malware, and how to remove it safely

Dropper

What it is

A dropper is a sneaky Trojan that looks harmless, gets past first checks, and then installs other malware - ransomware, stealers, spyware. Some droppers stick around (persistent) to keep the door open after a reboot; others do the job once and erase themselves.

What you may notice

  • New apps or processes you didn’t install

  • Security tools crash, won’t update, or exclusions appear

  • Sudden pop-ups, redirects, or weird browser extensions

  • CPU/disk spikes shortly after opening an email or installer

How it gets in

  • Fake updates and bundled “free” installers

  • Phishing attachments or links (archives, scripts, macro docs)

  • Cracked software and shady download sites

Remove it now (quick steps)

  1. Disconnect from the internet to stop more payloads.

  2. Run a full anti-malware scan; quarantine what it finds and reboot.

  3. Check startup items, scheduled tasks, services, and extensions; remove unknowns.

  4. From a clean device, change passwords and turn on MFA (in case a stealer was dropped).

  5. Block any domains/IPs the dropper contacted (from firewall/DNS logs).

Prevent it

  • Install software only from official sources; avoid cracks and “free” codecs.

  • Keep OS, browsers, and plugins updated; block macros by default.

  • Use reputable EDR/anti-malware and email/web filtering.

  • Consider DNS filtering to stop known malware hosts before download.

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • EDR (Endpoint Detection and Response)

        What it is EDR is your always-on security team for laptops and servers. It watches what’s happening on each device, spots attacks in progress, and helps you respond fast - quarantine, investigate, and clean up. For details on capabilities and use ...

      • Downloader Trojan

        What it is A downloader trojan is a malware dropper: it sneaks in looking harmless, then quietly downloads and runs more malware - ransomware, stealers, spyware, you name it. Think of it as the first domino in an infection chain. Learn more in our ...

      • NDR (Network Detection And Response)

        What it is Network Detection and Response (NDR) watches live network traffic to spot and investigate suspicious behavior in real time. Instead of relying on signatures, it analyzes patterns and anomalies to catch threats moving across your ...

      • XDR (Extended Detection and Response)

        What it is XDR is a security system that watches your company’s devices, email, cloud, and network together and connects the dots. Instead of separate tools, XDR pulls all the signals into one place, spots attacks faster, and can auto-block bad ...

      • Data Execution Prevention

        What it is Data Execution Prevention (DEP) is a Windows safety net that stops code from running in places it shouldn’t—like the stack or heap. If malware tries to execute from those memory areas, Windows blocks it and shuts the app down instead of ...