WIN32:Dropper-gen [Drp]

badass · October 21, 2013, 6:47pm

I made a mistake in opening an old favorite in Windows IE when trying to clean it up. It was a porn site which I do not go to any anymore and don’t really use IE either. So after doing this I did a AVAST Bootscan and got this little bugger. AVAST would not let me Delete, Move to Chest or Repair, so I choose Ignore and continued the scan.

I looked at the Scan Logs and it showed it and said:
Severity: High
Action: Delete.
Result: Action successful.

I re-scaned and it was still there.
Dam I was doing so well. I don’t have any money because I am very ill so any help will be greatly appreciated. I really depend on my computer to keep me pre-occupied and some entertainment.
HP Laptop Series HST NN-104C, Windows XP, Home Edition OS.

Pondus · October 21, 2013, 6:57pm

run AdwCleaner / Malwarebytes / OTL and attach logs

http://forum.avast.com/index.php?topic=53253.0

badass · October 21, 2013, 8:26pm

What does OTL mean?

Also do I turn off avast while doing scans?

Asyn · October 21, 2013, 8:33pm

OldTimer ListIt
Nope.

badass · October 21, 2013, 8:54pm

O crap, what does OldTimer ListIt mean?

Asyn · October 21, 2013, 8:56pm

Just follow the instructions.

essexboy · October 21, 2013, 8:57pm

OTL will produce a list of running files/drivers/services … Start registry keys and other known malware launch points

badass · October 21, 2013, 8:58pm

Here are some logs:

AdwCleaner v3.010 - Report created 21/10/2013 at 16:08:00

Updated 20/10/2013 by Xplode

Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

Username : Chris - CHRIS-1EC6C6A3C

Running from : C:\Documents and Settings\Chris\My Documents\Downloads\AdwCleaner (1).exe

Option : Scan

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\ Internet Explorer v8.0.6001.18702

-\ Google Chrome v30.0.1599.101

[ File : C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

AdwCleaner[R2].txt - [698 octets] - [21/10/2013 16:08:00]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [757 octets] ##########

mbam log:
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.21.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Chris :: CHRIS-1EC6C6A3C [administrator]

Protection: Disabled

10/21/2013 4:38:39 PM
mbam-log-2013-10-21 (16-38-39).txt

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

essexboy · October 21, 2013, 9:01pm

OK attach the OTL log as it will be big

Pondus · October 21, 2013, 9:04pm

for your info. http://www.geekstogo.com/1888/

badass · October 21, 2013, 9:21pm

Thanks guys, also can I go to my content somehow so I don’t have to search for my thread, I have not figured it out yet.
Also I am going home for a while so I will get back with ya later.

Pondus · October 21, 2013, 9:39pm

when you log in… on top of the page… Profile > summary > show posts …on left side under your avatar

essexboy · October 21, 2013, 9:52pm

What is the file that Avast is reporting ?

badass · October 22, 2013, 1:19am

C:.…>FILE0005.DOFFFB8D_996E_4

And thanks for the info. to find my content, figured it out when I logged in.

Also guys, can’t I just try to use a Restore Point? I forgot to try this as my brain is not working well lol. I am sure that a lot of these viruses can’t be fixed like this but this is a tool a friend of mine uses all the time. Should I try this before we proceed?

Also, Malwarebytes is running on my computer, should I let it run?

Pondus · October 22, 2013, 7:28am

restore points may disable virus that run, but does not remove … the bad guys dont make it that easy

what do you mean by Malwarebytes is running?

essexboy · October 22, 2013, 1:56pm

What is the full path i.e. the bit that is indicated by the dots as that may be a detection in system restore

badass · October 22, 2013, 3:12pm

Well it was running and said tha I had a ten day trial period but now it is not running so no worries.

badass · October 22, 2013, 3:24pm

Okay, I got one thing wrong, or maybe two. The second backslash should have been a straight line. The DO should be a D0 as in zero I am guessing, I did not know it made a difference. This is what I am seeing in the avast scan logs.

C:.…|>FILE0005.D0FFFB8D_996E_

This is the correct file, sorry for the confusion. And I really appreciate this, I have not worked in a long time but if I do get back to work or come into some money I will surely send you some. I have your names written down.

essexboy · October 22, 2013, 3:27pm

Try this and let me know it stops the alert

Run OTL

[*]Under the Custom Scans/Fixes box at the bottom, paste in the following

https://dl.dropbox.com/u/73555776/OTL_Fix.GIF



:Commands
[CLEARALLRESTOREPOINTS] 
[resethosts]
[emptytemp]
[Reboot]

[*]Then click the Run Fix button at the top
[*]Let the program run unhindered, reboot the PC when it is done

badass · October 22, 2013, 4:03pm

Okay I’ll do that, but to be clear it was not an alert it was detected after doing a avast bootscan. Or maybe it was an alert if that’s what an alert means. I don’t know the terminology as you can see.