win32:dropper-gen [drp] virus. Going to need some help here...

Tekelectric · Jan 23, 2014

Ok so this is what happened, I was got home, booted up my computer, and opened up Raidcall which is a voice chat primarily used for gaming. When I opened it, my Avast! found this virus win32:dropper-gen [drp]. When this happened, Avast! recommended me to do a boot-time scan. I did it and it found the virus and gave me a few options for fixing, repairing, or ignoring it. I decided to fix it automatically and it moved it to the virus chest and ran another scan. This made my impatient and I skipped the scan so I can boot up. After my computer derping and hanging on the login screen displaying "preparing windows" I restarted to get my computer to login right. After deleting the virus in the chest I decided to run full scans using Avast! and MalwareBytes. I then restarted my computer to make sure and tried to reinstall Raidcall. This is where I get frustrated. I see the virus AGAIN while downloading the program's exe. I decided to go into safe mode and run MalwareBytes's quick scan which found nothing. I went back and deleted anything relating to raidcall which was another exe file I downloaded a few months ago. I redownloaded raidcall's exe and there was nothing to be found. But at this point I'm kinda skeptical. Can someone help me make sure this thing is TRULY gone?

micropage7 · Jan 23, 2014

it looks your antivirus fails to erase some of it so it returns again

RCoon · Jan 23, 2014

Tekelectric said:
Ok so this is what happened, I was got home, booted up my computer, and opened up Raidcall which is a voice chat primarily used for gaming. When I opened it, my Avast! found this virus win32:dropper-gen [drp]. When this happened, Avast! recommended me to do a boot-time scan. I did it and it found the virus and gave me a few options for fixing, repairing, or ignoring it. I decided to fix it automatically and it moved it to the virus chest and ran another scan. This made my impatient and I skipped the scan so I can boot up. After my computer derping and hanging on the login screen displaying "preparing windows" I restarted to get my computer to login right. After deleting the virus in the chest I decided to run full scans using Avast! and MalwareBytes. I then restarted my computer to make sure and tried to reinstall Raidcall. This is where I get frustrated. I see the virus AGAIN while downloading the program's exe. I decided to go into safe mode and run MalwareBytes's quick scan which found nothing. I went back and deleted anything relating to raidcall which was another exe file I downloaded a few months ago. I redownloaded raidcall's exe and there was nothing to be found. But at this point I'm kinda skeptical. Can someone help me make sure this thing is TRULY gone?

go into the "Run" command (Win + R) and type in %appdata%
most malware/viruses dump a copy of themselves into your local or roaming app data folders, usually labelled as an .exe with a bunch of numbers and/or letters.

Note: You will need to go into folder options and unhide hidden files and folders

Shou Miko · Jan 23, 2014

which Malwarebytes program are you trying to run?

I most of the time run Chameleon that Malwarebytes has made it finds a lot of trojans, and other viruses, and it's small and got it own ff, chrome and ie with it so it can update even your browser may not work properly having a virus/trojan.

DL: https://www.malwarebytes.org/chameleon/

Tekelectric · Jan 23, 2014

RCoon said:
go into the "Run" command (Win + R) and type in %appdata%
most malware/viruses dump a copy of themselves into your local or roaming app data folders, usually labelled as an .exe with a bunch of numbers and/or letters.

Note: You will need to go into folder options and unhide hidden files and folders

Do I delete the files then?

Steevo · Jan 24, 2014

TDDS killer and RogueKiller

Tekelectric · Jan 24, 2014

Steevo said:
TDDS killer and RogueKiller

Ran both of these just now, and RogueKiller found only registry keys to delete. But what was weird is that my Avast! DeepScreen popped up twice while opening RogueKiller's exe, but meh. TDDS Killer found nothing and it was all good for it. Should I be fine now?

EDIT: Just called Avast! tech support. They said that having Windows Defender and Avast! at the same time is the culprit 0.o they also told me this is an aggressive virus and I may need to pay about a 100 bucks to get it fixed from them...uhhh...I dunno about that. But my computer seems clean at this point. But can you guys evaluate?

EDIT 2: I redownloaded Raidcall and it had my username saved which was pretty convenient

So should I be fine at this point?

Steevo · Jan 24, 2014

Run ESET online scanner, and allow Avast to run a boot time scan tonight with high heuristics, and make sure that not file paths are excluded or URL's.

And post a ~~hijackthis log~~ .

Actually run this a save a log.

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Tekelectric · Jan 24, 2014

Steevo said:
Run ESET online scanner, and allow Avast to run a boot time scan tonight with high heuristics, and make sure that not file paths are excluded or URL's.

And post a ~~hijackthis log~~ .

Actually run this a save a log.

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

Ok but I dunno if I'm being paranoid but when I booted up my user for this computer had a shortcut for it. Which is kinda sketchy, should I worry about this?

Steevo · Jan 24, 2014

for hijackthis? Or what?

Tekelectric · Jan 24, 2014

Steevo said:
for hijackthis? Or what?

Nah I just booted up my computer right now and I saw an icon for my user for windows and it led to my files. It was kinda sketchy.

Steevo · Jan 24, 2014

I don't understand that at all. Pictures, or a better description.

If you are saying there was an icon on your desktop that led to your documents that is just an option for users in windows to see or not. If you are saying on the login screen your username only takes you to your user files it does have an issue, but most likely a minor one.

Tekelectric · Jan 24, 2014

Steevo said:
I don't understand that at all. Pictures, or a better description.

If you are saying there was an icon on your desktop that led to your documents that is just an option for users in windows to see or not. If you are saying on the login screen your username only takes you to your user files it does have an issue, but most likely a minor one.

There was an icon on my desktop that led to my documents, that's the one.

EDIT: At this point I'm planning on reinstalling Windows 8, I'm going to do this tomorrow, I guess then we'll see how my computer is.

System Name	4 year old computer
Processor	Intel Core i5 3 i5-3350P 3.3 Ghz
Motherboard	ASUS CM6730
Memory	16 GBs DDR3 1600
Video Card(s)	ASUS STRIX RX 480 8gb
Storage	1 Tb
Display(s)	ASUS MG248Q
Case	Generic ASUS mini tower
Power Supply	Antec HCG-520w
Mouse	Logitech G403/G400s
Keyboard	Coolermaster Quickfire TK Cherry MX red

System Name	micropage7
Processor	Intel Xeon X3470
Motherboard	Gigabyte Technology Co. Ltd. P55A-UD3R (Socket 1156)
Cooling	Enermax ETS-T40F
Memory	Samsung 8.00GB Dual-Channel DDR3
Video Card(s)	NVIDIA Quadro FX 1800
Storage	V-GEN03AS18EU120GB, Seagate 2 x 1TB and Seagate 4TB
Display(s)	Samsung 21 inch LCD Wide Screen
Case	Icute Super 18
Audio Device(s)	Auzentech X-Fi Forte
Power Supply	Silverstone 600 Watt
Mouse	Logitech G502
Keyboard	Sades Excalibur + Taihao keycaps
Software	Win 7 64-bit
Benchmark Scores	Classified

System Name	HP Omen 17
Processor	i7 7700HQ
Memory	16GB 2400Mhz DDR4
Video Card(s)	GTX 1060
Storage	Samsung SM961 256GB + HGST 1TB
Display(s)	1080p IPS G-SYNC 75Hz
Audio Device(s)	Bang & Olufsen
Power Supply	230W
Mouse	Roccat Kone XTD+
Software	Win 10 Pro

System Name	Lynni Zen \| Lenowo TwinkPad L14 G2 \| Tiny Tiger
Processor	AMD Ryzen 7 7700 Raphael \| i5-1135G7 Tiger Lake-U \| i9-9900k (Turbo disaabled)
Motherboard	ASRock B650M PG Riptide Bios v. 3.20 AMD AGESA 1.2.0.3a \| Lenowo BDPLANAR Bios 1.68 \| Lenowo M720q
Cooling	AMD Wraith Cooler \| Lenowo C-267C-2 \| Lenowo 01MN631 (65W)
Memory	Flare X5 2x16GB DDR5 6000MHZ CL36 (AMD EXPO) \| Willk Elektronik 2x16GB 2666MHZ CL17 \| Crucial 2x16GB
Video Card(s)	Sapphire PURE AMD Radeon™ RX 9070 Gaming OC 16GB \| Intel® Iris Xe Graphics \| Intel® UHD Graphics 630
Storage	Gigabyte M30 1TB\|Sabrent Rocket 2TB\| HDD: 1TB \| WD RED SN700 1TB \| M30 1TB\ SSD 1TB HDD: 16TB\10TB
Display(s)	KTC M27T20S 1440p@165Hz \| LG 48CX OLED 4K HDR \| Innolux 14" 1080p
Case	Asus Prime AP201 White Mesh \| Lenowo L14 G2 chassis \| Lenowo M720q chassis
Audio Device(s)	Steelseries Arctis Pro Wireless
Power Supply	Be Quiet! Pure Power 12 M 750W Goldie \| Cyberpunk GaN 65W USB-C charger \| Lenowo 95W slim tip
Mouse	Logitech G305 Lightspeedy Wireless \| Lenowo TouchPad & Logitech G305
Keyboard	Ducky One 3 Daybreak Fullsize \| L14 G2 UK Lumi
Software	Win11 IoT Enterprise 24H2 UK \| Win11 IoT Enterprise LTSC 24H2 UK / Arch (Fan)
Benchmark Scores	3DMARK: https://www.3dmark.com/3dm/89434432? GPU-Z: https://www.techpowerup.com/gpuz/details/v3zbr

System Name	4 year old computer
Processor	Intel Core i5 3 i5-3350P 3.3 Ghz
Motherboard	ASUS CM6730
Memory	16 GBs DDR3 1600
Video Card(s)	ASUS STRIX RX 480 8gb
Storage	1 Tb
Display(s)	ASUS MG248Q
Case	Generic ASUS mini tower
Power Supply	Antec HCG-520w
Mouse	Logitech G403/G400s
Keyboard	Coolermaster Quickfire TK Cherry MX red

System Name	Compy 386
Processor	7800X3D
Motherboard	Asus
Cooling	Air for now.....
Memory	64 GB DDR5 6400Mhz
Video Card(s)	7900XTX 310 Merc
Storage	Samsung 990 2TB, 2 SP 2TB SSDs, 24TB Enterprise drives
Display(s)	55" Samsung 4K HDR
Audio Device(s)	ATI HDMI
Mouse	Logitech MX518
Keyboard	Razer
Software	A lot.
Benchmark Scores	Its fast. Enough.