win32:dropper-gen [drp] virus. Going to need some help here...

Tekelectric · Jan 23, 2014

Ok so this is what happened, I was got home, booted up my computer, and opened up Raidcall which is a voice chat primarily used for gaming. When I opened it, my Avast! found this virus win32:dropper-gen [drp]. When this happened, Avast! recommended me to do a boot-time scan. I did it and it found the virus and gave me a few options for fixing, repairing, or ignoring it. I decided to fix it automatically and it moved it to the virus chest and ran another scan. This made my impatient and I skipped the scan so I can boot up. After my computer derping and hanging on the login screen displaying "preparing windows" I restarted to get my computer to login right. After deleting the virus in the chest I decided to run full scans using Avast! and MalwareBytes. I then restarted my computer to make sure and tried to reinstall Raidcall. This is where I get frustrated. I see the virus AGAIN while downloading the program's exe. I decided to go into safe mode and run MalwareBytes's quick scan which found nothing. I went back and deleted anything relating to raidcall which was another exe file I downloaded a few months ago. I redownloaded raidcall's exe and there was nothing to be found. But at this point I'm kinda skeptical. Can someone help me make sure this thing is TRULY gone?

micropage7 · Jan 23, 2014

it looks your antivirus fails to erase some of it so it returns again

RCoon · Jan 23, 2014

Tekelectric said:
Ok so this is what happened, I was got home, booted up my computer, and opened up Raidcall which is a voice chat primarily used for gaming. When I opened it, my Avast! found this virus win32:dropper-gen [drp]. When this happened, Avast! recommended me to do a boot-time scan. I did it and it found the virus and gave me a few options for fixing, repairing, or ignoring it. I decided to fix it automatically and it moved it to the virus chest and ran another scan. This made my impatient and I skipped the scan so I can boot up. After my computer derping and hanging on the login screen displaying "preparing windows" I restarted to get my computer to login right. After deleting the virus in the chest I decided to run full scans using Avast! and MalwareBytes. I then restarted my computer to make sure and tried to reinstall Raidcall. This is where I get frustrated. I see the virus AGAIN while downloading the program's exe. I decided to go into safe mode and run MalwareBytes's quick scan which found nothing. I went back and deleted anything relating to raidcall which was another exe file I downloaded a few months ago. I redownloaded raidcall's exe and there was nothing to be found. But at this point I'm kinda skeptical. Can someone help me make sure this thing is TRULY gone?

go into the "Run" command (Win + R) and type in %appdata%
most malware/viruses dump a copy of themselves into your local or roaming app data folders, usually labelled as an .exe with a bunch of numbers and/or letters.

Note: You will need to go into folder options and unhide hidden files and folders

Shou Miko · Jan 23, 2014

which Malwarebytes program are you trying to run?

I most of the time run Chameleon that Malwarebytes has made it finds a lot of trojans, and other viruses, and it's small and got it own ff, chrome and ie with it so it can update even your browser may not work properly having a virus/trojan.

DL: https://www.malwarebytes.org/chameleon/

Tekelectric · Jan 23, 2014

RCoon said:
go into the "Run" command (Win + R) and type in %appdata%
most malware/viruses dump a copy of themselves into your local or roaming app data folders, usually labelled as an .exe with a bunch of numbers and/or letters.

Note: You will need to go into folder options and unhide hidden files and folders

Do I delete the files then?

Steevo · Jan 24, 2014

TDDS killer and RogueKiller

Tekelectric · Jan 24, 2014

Steevo said:
TDDS killer and RogueKiller

Ran both of these just now, and RogueKiller found only registry keys to delete. But what was weird is that my Avast! DeepScreen popped up twice while opening RogueKiller's exe, but meh. TDDS Killer found nothing and it was all good for it. Should I be fine now?

EDIT: Just called Avast! tech support. They said that having Windows Defender and Avast! at the same time is the culprit 0.o they also told me this is an aggressive virus and I may need to pay about a 100 bucks to get it fixed from them...uhhh...I dunno about that. But my computer seems clean at this point. But can you guys evaluate?

EDIT 2: I redownloaded Raidcall and it had my username saved which was pretty convenient

So should I be fine at this point?

Steevo · Jan 24, 2014

Run ESET online scanner, and allow Avast to run a boot time scan tonight with high heuristics, and make sure that not file paths are excluded or URL's.

And post a ~~hijackthis log~~ .

Actually run this a save a log.

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Tekelectric · Jan 24, 2014

Steevo said:
Run ESET online scanner, and allow Avast to run a boot time scan tonight with high heuristics, and make sure that not file paths are excluded or URL's.

And post a ~~hijackthis log~~ .

Actually run this a save a log.

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Ok but I dunno if I'm being paranoid but when I booted up my user for this computer had a shortcut for it. Which is kinda sketchy, should I worry about this?

Steevo · Jan 24, 2014

for hijackthis? Or what?

Tekelectric · Jan 24, 2014

Steevo said:
for hijackthis? Or what?

Nah I just booted up my computer right now and I saw an icon for my user for windows and it led to my files. It was kinda sketchy.

Steevo · Jan 24, 2014

I don't understand that at all. Pictures, or a better description.

If you are saying there was an icon on your desktop that led to your documents that is just an option for users in windows to see or not. If you are saying on the login screen your username only takes you to your user files it does have an issue, but most likely a minor one.

Tekelectric · Jan 24, 2014

Steevo said:
I don't understand that at all. Pictures, or a better description.

If you are saying there was an icon on your desktop that led to your documents that is just an option for users in windows to see or not. If you are saying on the login screen your username only takes you to your user files it does have an issue, but most likely a minor one.

There was an icon on my desktop that led to my documents, that's the one.

EDIT: At this point I'm planning on reinstalling Windows 8, I'm going to do this tomorrow, I guess then we'll see how my computer is.

System Name	4 year old computer
Processor	Intel Core i5 3 i5-3350P 3.3 Ghz
Motherboard	ASUS CM6730
Memory	16 GBs DDR3 1600
Video Card(s)	ASUS STRIX RX 480 8gb
Storage	1 Tb
Display(s)	ASUS MG248Q
Case	Generic ASUS mini tower
Power Supply	Antec HCG-520w
Mouse	Logitech G403/G400s
Keyboard	Coolermaster Quickfire TK Cherry MX red

System Name	micropage7
Processor	Intel Xeon X3470
Motherboard	Gigabyte Technology Co. Ltd. P55A-UD3R (Socket 1156)
Cooling	Enermax ETS-T40F
Memory	Samsung 8.00GB Dual-Channel DDR3
Video Card(s)	NVIDIA Quadro FX 1800
Storage	V-GEN03AS18EU120GB, Seagate 2 x 1TB and Seagate 4TB
Display(s)	Samsung 21 inch LCD Wide Screen
Case	Icute Super 18
Audio Device(s)	Auzentech X-Fi Forte
Power Supply	Silverstone 600 Watt
Mouse	Logitech G502
Keyboard	Sades Excalibur + Taihao keycaps
Software	Win 7 64-bit
Benchmark Scores	Classified

System Name	HP Omen 17
Processor	i7 7700HQ
Memory	16GB 2400Mhz DDR4
Video Card(s)	GTX 1060
Storage	Samsung SM961 256GB + HGST 1TB
Display(s)	1080p IPS G-SYNC 75Hz
Audio Device(s)	Bang & Olufsen
Power Supply	230W
Mouse	Roccat Kone XTD+
Software	Win 10 Pro

System Name	Lynni PS \ Lenowo TwinkPad T480
Processor	AMD Ryzen 7 7700 Raphael \ i7-8550U Kaby Lake-R
Motherboard	ASRock B650M PG Riptide Bios v. 2.02 AMD AGESA 1.1.0.0 \ Lenowo 20L60036MX Bios 1.47
Cooling	Noctua NH-D15 Chromax.Black (Only middle fan) \ Lenowo WN-2
Memory	G.Skill Flare X5 2x16GB DDR5 6000MHZ CL36-36-36-96 AMD EXPO \ Willk Elektronik 2x16GB 2666MHZ CL17
Video Card(s)	Asus GeForce RTX™ 4070 Dual OC GPU: 2325-2355 MEM: 1462\| Nvidia GeForce MX™ 150 2GB GDDR5 Micron
Storage	Gigabyte M30 1TB\|Sabrent Rocket 2TB\| HDD: 10TB\|1TB \ SKHynix 256GB 2242 3x2
Display(s)	LG UltraGear 27GP850-B 1440p@165Hz \| LG 48CX OLED 4K HDR \| AUO 14" 1440p IPS
Case	Asus Prime AP201 White Mesh \| Lenowo T480 chassis
Audio Device(s)	Steelseries Arctis Pro Wireless
Power Supply	Be Quiet! Pure Power 12 M 750W Goldie \| 65W
Mouse	Logitech G305 Lightspeedy Wireless \| Lenowo TouchPad & Logitech G305
Keyboard	Akko 3108 DS Horizon V2 Cream Yellow \| T480 UK Lumi
Software	Win11 Pro 23H2 UK
Benchmark Scores	3DMARK: https://www.3dmark.com/3dm/89434432? GPU-Z: https://www.techpowerup.com/gpuz/details/v3zbr

System Name	4 year old computer
Processor	Intel Core i5 3 i5-3350P 3.3 Ghz
Motherboard	ASUS CM6730
Memory	16 GBs DDR3 1600
Video Card(s)	ASUS STRIX RX 480 8gb
Storage	1 Tb
Display(s)	ASUS MG248Q
Case	Generic ASUS mini tower
Power Supply	Antec HCG-520w
Mouse	Logitech G403/G400s
Keyboard	Coolermaster Quickfire TK Cherry MX red

System Name	Compy 386
Processor	7800X3D
Motherboard	Asus
Cooling	Air for now.....
Memory	64 GB DDR5 6400Mhz
Video Card(s)	7900XTX 310 Merc
Storage	Samsung 990 2TB, 2 SP 2TB SSDs and over 10TB spinning
Display(s)	56" Samsung 4K HDR
Audio Device(s)	ATI HDMI
Mouse	Logitech MX518
Keyboard	Razer
Software	A lot.
Benchmark Scores	Its fast. Enough.