Im sorry if this was brought up millions of times, but I’m horrible when it comes to PC due to unfortunate circumstances, so I need help knowing in whether or not this is a problem or just a false positive. So I have this job online where I write articles, and I tend to have multiple tabs open, usually with each one representing an article im about to do on it. So I’m doing this, and suddenly I get a virus alert from avast - im sorry I didn’t think to take a screenshot since most viruses disappear after I choose delete - but I believe what it mentioned was “win32:Dropper-gen [Drp]”. When I chose to delete the infected file, another popped up for the same file, I chose the same option and continued doing what I was doing. A couple minutes later I get another 2 popups for the same thing - which has made me suspicious and led me to believe that this might be a virus that’s going to require more in terms of knowledge… something I lack greatly of.
So I put the thing in my virus chest (that’s safe right?) and am unsure what to do. I read a previous post on the avast forum stating that virus alerts concerning “win32:Dropper-gen [Drp]” are fine so long as they are from c:\hp\documentation\ops_shortcut.exe but mine hails from C:ProgramData\Microsoft\Windows\Start Menu\Programs\Startup. Additionally, it states the name is “Conhost.exe”. 274944 is the filesize if that helps at all. I also had another one that came from C:\Windows\TEMP. When I scan it, all I get is: “Conhost.exe win32:Dropper-gen [Drp]”. A couple seconds afterwards I got another virus pop up. (I managed to get a screenshot of one, pictured below)
Again I apologize for my insufficiency about this sort of thing. My father used to do all this for me and was pretty genius, I on the other hand never learned anything, something I feel bad about - and yet he is no longer among the living. Any help would be greatly appreciated. Thank you.
EDIT: I’ve added my logs as suggested by the link given to me.
Thank you, normally I search message boards for pinned topics and such, but I considering my paranoia amongst other things I had immediately opted to posting as soon as possible.
EDIT: Finishing up my logs now with aswMBR, 3 of my logs have been attached to the main post, when my aswMBR log is done, ill attach it to this post because of the 4 attachment limit.
You dont have to redo it…
It is much easier to find your logs when you attach them in your reply instead of going back and edit your previous post and attach
And if not able to attach all in one, just make a new reply and attach next
I see. Thank you. My logs so far, as per your advice! It seems malware bytes has the most straightforward result. I sincerely hope that my problem can be solved.
Ive run adwcleaner as well, and it has revealed more infections in my registry… apparently adwcleaner has a “clean” option as well - would that be something I should try to use?
Step #1 Fix with FRST
Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
[li]Open Notepad.exe. Do not use any other text editor software;
- Copy and Paste the contents inside the code-box to your Notepad –
[/li]
[list]
[li]Inside the File Name box type fixlist.txt
- From the Save as type drop down list, choose All Files
[/li]
- Save the file to your Desktop;
- Re-run FRST.exe and click Fix;
[li][b]Note[/b]: If FRST advises there is a new updated version to be downloaded, do so/allow this.
[/li]
- After the completion, a log will be produced;
- Attach the log in your next reply.
[/list][/li]
Step #2 Fix with Junkware Removal Tool
Download Junkware Removal Tool by thisisu to your Desktop from the link below. Download Link 1 Download Link 2
[li]Disable your anti-virus to avoid potential conflicts. For more information please acknowledge yourself [url=http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/]this[/url] article;
- Run the program either by double-clicking(Windows XP) or Right-clicking and choosing [i]Run as administrator[/i](Windows Vista and above);
- Please be patient as the tool cleans your system;
- After completion of the process a log named [b]JRT.txt[/b] will automatically open and is save to your Desktop;
- Attach the log in your next reply.
[/li]
Step #3 ESET Online Scanner
Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
[li]Download [b]esetsmartinstaller_enu.exe[/b] by clicking [url=http://download.eset.com/special/eos/esetsmartinstaller_enu.exe][b]here[/b][/url].
- Right-click on the program and choose [i]Run as administrator[/i].
- Accept their terms and condition and proceed.
- Install [b]Add-On/Active X[/b] if prompted.
- From the [b]Computer Scan Setting[/b] --
[list]
[li]Enable detection of potentially unwanted application
[/li]
- Click on Advanced Setting–
[li]Check the following box --
- [list]
[li][b]Remove Found Threats[/b]
[/li]
[/list]
- Check the following boxes --
- [list]
[li][b]Scan archives[/b];
- [b]Scan for potentially unsafe applications[/b]
- [b]Enable Anti-Stealth Technology[/b]
[/li]
[/list][/li]
- Click on [b]Start[/b] and wait for the [b]virus signature database[/b] to update.
- The online scan will begin [i]automatically[/i] and can take several hours.
[li][b]Note:[/b] Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
[/li]
- After the Scan finishes --
-
[li][b]If no threats were found:[/b]
[list]
[li]Put a checkmark in Uninstall application on close.
- Close the program and report that nothing was found
[/li]
- If threats were found:
[li]Open the file located in [b]C:\Program Files\ESET\ESET Online Scanner\log.txt[/b] (32-bit) or [b]C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt[/b] (64-bit).
- Attach the log file in your next reply.
[/li]
[/list][/li]
[/list][b]Note:[/b] Enable your security programs afterwards.[/li]
Detected nothing with ESET Online Scanner, so just the JRT and Fixlog. Also, I forgot to mention that I did quarantine the infected files in my Avast’s virus chest - should I have taken them out before I had done all that?
well, since I quarantined the files, I haven’t had any popups, which were the only real physical indication that something was wrong. I scanned all the files in my virus chest before I did what you suggested and they would usually make a popup appear after a second it was done scanning. I scanned the files again, and I didn’t seem to get a popup, so maybe they’re okay now? Additionally, ADWCleaner has still found some suspicious things in my registry:
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\CLSID{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID{6DDA37BA-0553-499A-AE0D-BEBA67204548}
I cleaned with the program, log says the files were disposed of. Scanned again afterwards, nothing else came up, so I guess im good to go then. I guess its probably safe to remove those files from my avast’s virus chest too. Thanks for the help!