Question: does the dropbox process need to be running for these fixes to work? I always kill the process after I reboot to stop the popups. Just want to make sure I’m not doing something wrong there.
No that is OK as OTL will remove it even if it is running
A question … Are you synching with another dropbox account ?
-
Close any open browsers.
-
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-
Open notepad and copy/paste the text in the quotebox below into it:
Folder:: C:\Users\ben\Dropbox\.dropbox.cache
Save this as CFScript.txt, in the same location as ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it will produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Here’s the latest log. I think it worked this time! Rebooted, and so far no popups after re-enabling avast. Any last steps?
Thanks so much for helping me out!!!
Subject to no further problems 
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean 
A good workman always cleans up after himself so…The following will implement some cleanup procedures as well as reset System Restore points:
Remove ComboFix
[*]Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
[*]In the Run box, type in ComboFix /Uninstall
(Notice the space between the “x” and “/”)
then click OK
http://i1224.photobucket.com/albums/ee362/Essexboy3/Misc%20screen%20shots/CF_Uninstall-1.jpg
[]Follow the prompts on the screen
[]A message should appear confirming that ComboFix was uninstalled
Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
[*]Click Start.
[*]Open My Computer.
[*]Select the Tools menu and click Folder Options.
[*]Select the View Tab.
[*]Under the Hidden files and folders heading select Do not show hidden files and folders.
[]Click Yes to confirm.
[]Click OK.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
http://img233.imageshack.us/img233/7729/mbamicontw5.gif
Malwarebytes.
Update and run weekly to keep your system clean
Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link
If you use on-line banking then as an added layer of protection install Trusteer Rapport
It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit
[*]Microsoft Windows Update
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?Keep safe 
Hello.
I am having the same issue. Avast pop up is not going away.
One point I didn\t understand from the above discussion is:
is the instruction about Combofix a followup of that of the OTL, or you are taking Combofix as an alternative since the first (OTL) failed to solve the problem?
I am assuming the latter, that the OTL and the Combofix are independent fixes and tried combofix as instructed above. But, my problem is still persisting. I have attached my logs of the Combofix. Can you help me please?
They are different fixes… And are only suitable for that system. Luckily I had not unsubscribed from this thread
Could you run an OTL scan please so that I can see what you have
Thank you for the fast reply. Here, I have attached the log file generated in OTL generated with the customization text ( as you stated above):
netsvcs
BASESERVICES
%SYSTEMDRIVE%*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
CREATERESTOREPOINT
thanks
Looks like whitesmoke may be the culprit
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:Files
C:\Users\Desalegn\Dropbox\WhiteSmoke 2012 With Trial Reset v6.zip
C:\Users\Desalegn\Dropbox\.dropbox.cache
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
The problem doesn’t go yet, apparently. Avast is keeping popping up still.
Here is the log after the reboot (quick scan).
Thanks
OK lets try one more time… They appear to have updated this malware
Warning This fix is only relevant for this system and no other, using on another computer may cause problems
Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot
Run OTL
[*]Under the Custom Scans/Fixes box at the bottom, paste in the following
https://dl.dropbox.com/u/73555776/OTL_Fix.GIF
:OTL
[2013.01.01 23:26:05 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat
@Alternate Data Stream - 80 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates
:Files
C:\Users\Desalegn\Dropbox\.dropbox.cache
:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done
[*]Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Oh, this is not fixing the problem. I scanned my system with Malwarebytes Antimalware. It finds no virus. I couldn’t manually delete the virus file (~3609c714 file in the dropbox catch folder). It also disappears when I close the Avast Popup. Then, the popup comes back and the temp file also reappears. Do you think removing Avast and Dropbox would help?
Save all the files that you want to keep from dropbox to your desktop
Then fully uninstall Dropbox and ensure no folders remain
Then let me know if Avast alerts again…
There should not be a cache folder in dropbox
- I removed one of the suspect folders in the dropbox that contain some windows softwares
- I logged into the safe mood, and cleared all the stuff in the cache folder
Now, I am in the normal mood; and Avast is not popping up so far.
Thank you for the help ;D
OK if it is still good tomorrow let me know and I will tidy up
No problem so far. I will follow the guides you provide above and clear my pc.
regards,
Are you happy to follow that or would you like your own copy ;D
It is fine. thanks
Hi guys…
I’ve encountered the same problem:
Everytime I sync my dropbox, Avast shows malware popups.
It keeps on detecting the process:
C:\Users\user\AppData\Roaming\Dropbox\bin\Dropbox.exe
Newbie here so please be gentle
Any help? TIA!