• We've upgraded our forums. Please post any issues/requests in this thread.

win32:dropper-gen [drp] virus. Going to need some help here...

Joined
Dec 5, 2013
Messages
127 (0.09/day)
Likes
10
System Name 4 year old computer
Processor Intel Core i5 3 i5-3350P 3.3 Ghz
Motherboard ASUS CM6730
Memory 16 GBs DDR3 1600
Video Card(s) ASUS STRIX RX 480 8gb
Storage 1 Tb
Display(s) ASUS MG248Q
Case Generic ASUS mini tower
Power Supply Antec HCG-520w
Mouse Logitech G403/G400s
Keyboard Coolermaster Quickfire TK Cherry MX red
#1
Ok so this is what happened, I was got home, booted up my computer, and opened up Raidcall which is a voice chat primarily used for gaming. When I opened it, my Avast! found this virus win32:dropper-gen [drp]. When this happened, Avast! recommended me to do a boot-time scan. I did it and it found the virus and gave me a few options for fixing, repairing, or ignoring it. I decided to fix it automatically and it moved it to the virus chest and ran another scan. This made my impatient and I skipped the scan so I can boot up. After my computer derping and hanging on the login screen displaying "preparing windows" I restarted to get my computer to login right. After deleting the virus in the chest I decided to run full scans using Avast! and MalwareBytes. I then restarted my computer to make sure and tried to reinstall Raidcall. This is where I get frustrated. I see the virus AGAIN while downloading the program's exe. I decided to go into safe mode and run MalwareBytes's quick scan which found nothing. I went back and deleted anything relating to raidcall which was another exe file I downloaded a few months ago. I redownloaded raidcall's exe and there was nothing to be found. But at this point I'm kinda skeptical. Can someone help me make sure this thing is TRULY gone?
 
Joined
Mar 26, 2010
Messages
7,646 (2.71/day)
Likes
1,983
Location
Jakarta, Indonesia
System Name micropage7
Processor Intel G4400
Motherboard MSI B150M Bazooka D3
Cooling Stock ( Lapped )
Memory 16 Gb Team Xtreem DDR3
Video Card(s) Nvidia GTX460
Storage Seagate 1 TB, 5oo Gb and SSD A-Data 128 Gb
Display(s) LG 19 inch LCD Wide Screen
Case HP dx6120 MT
Audio Device(s) Stock
Power Supply Be Quiet 600 Watt
Software Windows 7 64-bit
Benchmark Scores Classified
#2
it looks your antivirus fails to erase some of it so it returns again
 

RCoon

Gaming Moderator
Staff member
Joined
Apr 19, 2012
Messages
11,370 (5.50/day)
Likes
9,511
Location
Gypsyland, UK
System Name HP Omen 17
Processor i7 7700HQ
Memory 16GB 2400Mhz DDR4
Video Card(s) GTX 1060
Storage Samsung SM961 256GB + HGST 1TB
Display(s) 1080p IPS G-SYNC 75Hz
Audio Device(s) Bang & Olufsen
Power Supply 230W
Mouse Roccat Kone XTD+
Software Win 10 Pro
#3
Ok so this is what happened, I was got home, booted up my computer, and opened up Raidcall which is a voice chat primarily used for gaming. When I opened it, my Avast! found this virus win32:dropper-gen [drp]. When this happened, Avast! recommended me to do a boot-time scan. I did it and it found the virus and gave me a few options for fixing, repairing, or ignoring it. I decided to fix it automatically and it moved it to the virus chest and ran another scan. This made my impatient and I skipped the scan so I can boot up. After my computer derping and hanging on the login screen displaying "preparing windows" I restarted to get my computer to login right. After deleting the virus in the chest I decided to run full scans using Avast! and MalwareBytes. I then restarted my computer to make sure and tried to reinstall Raidcall. This is where I get frustrated. I see the virus AGAIN while downloading the program's exe. I decided to go into safe mode and run MalwareBytes's quick scan which found nothing. I went back and deleted anything relating to raidcall which was another exe file I downloaded a few months ago. I redownloaded raidcall's exe and there was nothing to be found. But at this point I'm kinda skeptical. Can someone help me make sure this thing is TRULY gone?
go into the "Run" command (Win + R) and type in %appdata%
most malware/viruses dump a copy of themselves into your local or roaming app data folders, usually labelled as an .exe with a bunch of numbers and/or letters.

Note: You will need to go into folder options and unhide hidden files and folders
 
Joined
Aug 29, 2005
Messages
4,802 (1.07/day)
Likes
1,576
Location
Whatever my internet protocol shows I guess O.o
System Name Lynni and The Great White Dragon in Tempered Glass | Lynni-Stick
Processor Intel Core i7-6700K "Skylake" | Intel Atom X5-Z8300 "Cherry Trail"
Motherboard Gigabyte Aorus GA-Z270X-Gaming 7 "Union Point" | Intel Compute Stick board
Cooling Thermalright True (Old legend still going strong) 1xNoctua NF-F12 PWM | Fan xD
Memory Geil Dragon 2x8GB@3000mhz 15-17-17-35 (GWW416GB3000C15DC) | 2GB DDR3-L @ 1600mhz
Video Card(s) MSI GTX 1080 Ti FE "Pascal" | Intel HD Graphics
Storage OS/Games:Samsung 960 EVO 250GB NVME|2xSamsung EVO 850 1TB SSD|Data:3xWD Red/Purple 4TB & WD SE 1TB
Display(s) Dell S2417DG 1440p@165hz G-Sync | Philips 50PFT4009/12
Case Phantek Eclipse P400 Black/White | Intel Compute Case
Audio Device(s) Creative Core3D (Onboard) | Intel HD Audio
Power Supply Corsair SF600 | Generic Intel Power Adapter (3amp)
Mouse Logitech G502 | Logtech MK270 kit @ Lynni-Stick
Keyboard Razer Blackwidow Chroma X UK
Software Win10 Pro CU UK x64 | Win10 Home CU x86
Benchmark Scores 3DMark Skydrive @ 1440p: GS: 25188 / PS: 12238 / CS: 25308: http://www.3dmark.com/3dm/11665249
#4
which Malwarebytes program are you trying to run?

I most of the time run Chameleon that Malwarebytes has made it finds a lot of trojans, and other viruses, and it's small and got it own ff, chrome and ie with it so it can update even your browser may not work properly having a virus/trojan.

DL: https://www.malwarebytes.org/chameleon/
 
Joined
Dec 5, 2013
Messages
127 (0.09/day)
Likes
10
System Name 4 year old computer
Processor Intel Core i5 3 i5-3350P 3.3 Ghz
Motherboard ASUS CM6730
Memory 16 GBs DDR3 1600
Video Card(s) ASUS STRIX RX 480 8gb
Storage 1 Tb
Display(s) ASUS MG248Q
Case Generic ASUS mini tower
Power Supply Antec HCG-520w
Mouse Logitech G403/G400s
Keyboard Coolermaster Quickfire TK Cherry MX red
#5
go into the "Run" command (Win + R) and type in %appdata%
most malware/viruses dump a copy of themselves into your local or roaming app data folders, usually labelled as an .exe with a bunch of numbers and/or letters.

Note: You will need to go into folder options and unhide hidden files and folders
Do I delete the files then?
 
Joined
Nov 4, 2005
Messages
9,950 (2.25/day)
Likes
2,309
System Name MoFo 2
Processor AMD PhenomII 1100T @ 4.2Ghz
Motherboard Asus Crosshair IV
Cooling Swiftec 655 pump, Apogee GT,, MCR360mm Rad, 1/2 loop.
Memory 8GB DDR3-2133 @ 1900 8.9.9.24 1T
Video Card(s) HD7970 1250/1750
Storage Agility 3 SSD 6TB RAID 0 on RAID Card
Display(s) 46" 1080P Toshiba LCD
Case Rosewill R6A34-BK modded (thanks to MKmods)
Audio Device(s) ATI HDMI
Power Supply 750W PC Power & Cooling modded (thanks to MKmods)
Software A lot.
Benchmark Scores Its fast. Enough.
#6
TDDS killer and RogueKiller
 
Joined
Dec 5, 2013
Messages
127 (0.09/day)
Likes
10
System Name 4 year old computer
Processor Intel Core i5 3 i5-3350P 3.3 Ghz
Motherboard ASUS CM6730
Memory 16 GBs DDR3 1600
Video Card(s) ASUS STRIX RX 480 8gb
Storage 1 Tb
Display(s) ASUS MG248Q
Case Generic ASUS mini tower
Power Supply Antec HCG-520w
Mouse Logitech G403/G400s
Keyboard Coolermaster Quickfire TK Cherry MX red
#7
TDDS killer and RogueKiller
Ran both of these just now, and RogueKiller found only registry keys to delete. But what was weird is that my Avast! DeepScreen popped up twice while opening RogueKiller's exe, but meh. TDDS Killer found nothing and it was all good for it. Should I be fine now?

EDIT: Just called Avast! tech support. They said that having Windows Defender and Avast! at the same time is the culprit 0.o they also told me this is an aggressive virus and I may need to pay about a 100 bucks to get it fixed from them...uhhh...I dunno about that. But my computer seems clean at this point. But can you guys evaluate?

EDIT 2: I redownloaded Raidcall and it had my username saved which was pretty convenient :D So should I be fine at this point?
 
Last edited:
Joined
Nov 4, 2005
Messages
9,950 (2.25/day)
Likes
2,309
System Name MoFo 2
Processor AMD PhenomII 1100T @ 4.2Ghz
Motherboard Asus Crosshair IV
Cooling Swiftec 655 pump, Apogee GT,, MCR360mm Rad, 1/2 loop.
Memory 8GB DDR3-2133 @ 1900 8.9.9.24 1T
Video Card(s) HD7970 1250/1750
Storage Agility 3 SSD 6TB RAID 0 on RAID Card
Display(s) 46" 1080P Toshiba LCD
Case Rosewill R6A34-BK modded (thanks to MKmods)
Audio Device(s) ATI HDMI
Power Supply 750W PC Power & Cooling modded (thanks to MKmods)
Software A lot.
Benchmark Scores Its fast. Enough.
#8
Joined
Dec 5, 2013
Messages
127 (0.09/day)
Likes
10
System Name 4 year old computer
Processor Intel Core i5 3 i5-3350P 3.3 Ghz
Motherboard ASUS CM6730
Memory 16 GBs DDR3 1600
Video Card(s) ASUS STRIX RX 480 8gb
Storage 1 Tb
Display(s) ASUS MG248Q
Case Generic ASUS mini tower
Power Supply Antec HCG-520w
Mouse Logitech G403/G400s
Keyboard Coolermaster Quickfire TK Cherry MX red
#9
Run ESET online scanner, and allow Avast to run a boot time scan tonight with high heuristics, and make sure that not file paths are excluded or URL's.


And post a hijackthis log .

Actually run this a save a log.

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
Ok but I dunno if I'm being paranoid but when I booted up my user for this computer had a shortcut for it. Which is kinda sketchy, should I worry about this?
 
Joined
Nov 4, 2005
Messages
9,950 (2.25/day)
Likes
2,309
System Name MoFo 2
Processor AMD PhenomII 1100T @ 4.2Ghz
Motherboard Asus Crosshair IV
Cooling Swiftec 655 pump, Apogee GT,, MCR360mm Rad, 1/2 loop.
Memory 8GB DDR3-2133 @ 1900 8.9.9.24 1T
Video Card(s) HD7970 1250/1750
Storage Agility 3 SSD 6TB RAID 0 on RAID Card
Display(s) 46" 1080P Toshiba LCD
Case Rosewill R6A34-BK modded (thanks to MKmods)
Audio Device(s) ATI HDMI
Power Supply 750W PC Power & Cooling modded (thanks to MKmods)
Software A lot.
Benchmark Scores Its fast. Enough.
#10
for hijackthis? Or what?
 
Joined
Dec 5, 2013
Messages
127 (0.09/day)
Likes
10
System Name 4 year old computer
Processor Intel Core i5 3 i5-3350P 3.3 Ghz
Motherboard ASUS CM6730
Memory 16 GBs DDR3 1600
Video Card(s) ASUS STRIX RX 480 8gb
Storage 1 Tb
Display(s) ASUS MG248Q
Case Generic ASUS mini tower
Power Supply Antec HCG-520w
Mouse Logitech G403/G400s
Keyboard Coolermaster Quickfire TK Cherry MX red
#11
for hijackthis? Or what?
Nah I just booted up my computer right now and I saw an icon for my user for windows and it led to my files. It was kinda sketchy.
 
Joined
Nov 4, 2005
Messages
9,950 (2.25/day)
Likes
2,309
System Name MoFo 2
Processor AMD PhenomII 1100T @ 4.2Ghz
Motherboard Asus Crosshair IV
Cooling Swiftec 655 pump, Apogee GT,, MCR360mm Rad, 1/2 loop.
Memory 8GB DDR3-2133 @ 1900 8.9.9.24 1T
Video Card(s) HD7970 1250/1750
Storage Agility 3 SSD 6TB RAID 0 on RAID Card
Display(s) 46" 1080P Toshiba LCD
Case Rosewill R6A34-BK modded (thanks to MKmods)
Audio Device(s) ATI HDMI
Power Supply 750W PC Power & Cooling modded (thanks to MKmods)
Software A lot.
Benchmark Scores Its fast. Enough.
#12
I don't understand that at all. Pictures, or a better description.


If you are saying there was an icon on your desktop that led to your documents that is just an option for users in windows to see or not. If you are saying on the login screen your username only takes you to your user files it does have an issue, but most likely a minor one.
 
Joined
Dec 5, 2013
Messages
127 (0.09/day)
Likes
10
System Name 4 year old computer
Processor Intel Core i5 3 i5-3350P 3.3 Ghz
Motherboard ASUS CM6730
Memory 16 GBs DDR3 1600
Video Card(s) ASUS STRIX RX 480 8gb
Storage 1 Tb
Display(s) ASUS MG248Q
Case Generic ASUS mini tower
Power Supply Antec HCG-520w
Mouse Logitech G403/G400s
Keyboard Coolermaster Quickfire TK Cherry MX red
#13
I don't understand that at all. Pictures, or a better description.


If you are saying there was an icon on your desktop that led to your documents that is just an option for users in windows to see or not. If you are saying on the login screen your username only takes you to your user files it does have an issue, but most likely a minor one.
There was an icon on my desktop that led to my documents, that's the one.

EDIT: At this point I'm planning on reinstalling Windows 8, I'm going to do this tomorrow, I guess then we'll see how my computer is.
 
Last edited: