# win32:dropper-gen [drp] virus. Going to need some help here...



## Tekelectric (Jan 23, 2014)

Ok so this is what happened, I was got home, booted up my computer, and opened up Raidcall which is a voice chat primarily used for gaming. When I opened it, my Avast! found this virus win32:dropper-gen [drp]. When this happened, Avast! recommended me to do a boot-time scan. I did it and it found the virus and gave me a few options for fixing, repairing, or ignoring it. I decided to fix it automatically and it moved it to the virus chest and ran another scan. This made my impatient and I skipped the scan so I can boot up. After my computer derping and hanging on the login screen displaying "preparing windows" I restarted to get my computer to login right. After deleting the virus in the chest I decided to run full scans using Avast! and MalwareBytes. I then restarted my computer to make sure and tried to reinstall Raidcall. This is where I get frustrated. I see the virus AGAIN while downloading the program's exe. I decided to go into safe mode and run MalwareBytes's quick scan which found nothing. I went back and deleted anything relating to raidcall which was another exe file I downloaded a few months ago. I redownloaded raidcall's exe and there was nothing to be found. But at this point I'm kinda skeptical. Can someone help me make sure this thing is TRULY gone?


----------



## micropage7 (Jan 23, 2014)

it looks your antivirus fails to erase some of it so it returns again


----------



## RCoon (Jan 23, 2014)

Tekelectric said:


> Ok so this is what happened, I was got home, booted up my computer, and opened up Raidcall which is a voice chat primarily used for gaming. When I opened it, my Avast! found this virus win32:dropper-gen [drp]. When this happened, Avast! recommended me to do a boot-time scan. I did it and it found the virus and gave me a few options for fixing, repairing, or ignoring it. I decided to fix it automatically and it moved it to the virus chest and ran another scan. This made my impatient and I skipped the scan so I can boot up. After my computer derping and hanging on the login screen displaying "preparing windows" I restarted to get my computer to login right. After deleting the virus in the chest I decided to run full scans using Avast! and MalwareBytes. I then restarted my computer to make sure and tried to reinstall Raidcall. This is where I get frustrated. I see the virus AGAIN while downloading the program's exe. I decided to go into safe mode and run MalwareBytes's quick scan which found nothing. I went back and deleted anything relating to raidcall which was another exe file I downloaded a few months ago. I redownloaded raidcall's exe and there was nothing to be found. But at this point I'm kinda skeptical. Can someone help me make sure this thing is TRULY gone?


 
go into the "Run" command (Win + R) and type in %appdata%
most malware/viruses dump a copy of themselves into your local or roaming app data folders, usually labelled as an .exe with a bunch of numbers and/or letters.

Note: You will need to go into folder options and unhide hidden files and folders


----------



## puma99dk| (Jan 23, 2014)

which Malwarebytes program are you trying to run?

I most of the time run Chameleon that Malwarebytes has made it finds a lot of trojans, and other viruses, and it's small and got it own ff, chrome and ie with it so it can update even your browser may not work properly having a virus/trojan.

DL: https://www.malwarebytes.org/chameleon/


----------



## Tekelectric (Jan 23, 2014)

RCoon said:


> go into the "Run" command (Win + R) and type in %appdata%
> most malware/viruses dump a copy of themselves into your local or roaming app data folders, usually labelled as an .exe with a bunch of numbers and/or letters.
> 
> Note: You will need to go into folder options and unhide hidden files and folders


Do I delete the files then?


----------



## Steevo (Jan 24, 2014)

TDDS killer and RogueKiller


----------



## Tekelectric (Jan 24, 2014)

Steevo said:


> TDDS killer and RogueKiller


Ran both of these just now, and RogueKiller found only registry keys to delete. But what was weird is that my Avast! DeepScreen popped up twice while opening RogueKiller's exe, but meh. TDDS Killer found nothing and it was all good for it. Should I be fine now?

EDIT: Just called Avast! tech support. They said that having Windows Defender and Avast! at the same time is the culprit 0.o they also told me this is an aggressive virus and I may need to pay about a 100 bucks to get it fixed from them...uhhh...I dunno about that. But my computer seems clean at this point. But can you guys evaluate?

EDIT 2: I redownloaded Raidcall and it had my username saved which was pretty convenient  So should I be fine at this point?


----------



## Steevo (Jan 24, 2014)

Run ESET online scanner, and allow Avast to run a boot time scan tonight with high heuristics, and make sure that not file paths are excluded or URL's.


And post a hijackthis log .

Actually run this a save a log.

http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx


----------



## Tekelectric (Jan 24, 2014)

Steevo said:


> Run ESET online scanner, and allow Avast to run a boot time scan tonight with high heuristics, and make sure that not file paths are excluded or URL's.
> 
> 
> And post a hijackthis log .
> ...


Ok but I dunno if I'm being paranoid but when I booted up my user for this computer had a shortcut for it. Which is kinda sketchy, should I worry about this?


----------



## Steevo (Jan 24, 2014)

for hijackthis? Or what?


----------



## Tekelectric (Jan 24, 2014)

Steevo said:


> for hijackthis? Or what?


Nah I just booted up my computer right now and I saw an icon for my user for windows and it led to my files. It was kinda sketchy.


----------



## Steevo (Jan 24, 2014)

I don't understand that at all. Pictures, or a better description. 


If you are saying there was an icon on your desktop that led to your documents that is just an option for users in windows to see or not. If you are saying on the login screen your username only takes you to your user files it does have an issue, but most likely a minor one.


----------



## Tekelectric (Jan 24, 2014)

Steevo said:


> I don't understand that at all. Pictures, or a better description.
> 
> 
> If you are saying there was an icon on your desktop that led to your documents that is just an option for users in windows to see or not. If you are saying on the login screen your username only takes you to your user files it does have an issue, but most likely a minor one.


There was an icon on my desktop that led to my documents, that's the one.

EDIT: At this point I'm planning on reinstalling Windows 8, I'm going to do this tomorrow, I guess then we'll see how my computer is.


----------

