TR/Dropper.Gen Trojan

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by roadcaptain, Oct 9, 2009.

  1. roadcaptain

    roadcaptain Private E-2

    I seem to have picked up the TR/Dropper.Gen Trojan according to Avira Antivir (free edition). This began when I downloaded what appeared to be an
    update to the game "Battlestation Midway" of course Avira denies acces now to BS Midway's .exe file. Also it seems to affect "Call of Duty Untited Offensive" and the associated punkbuster.
    I have completed the "Read & run me first" but the trojan still seems to be a problem.
    I have uninstalled BS Midway and Call of Duty and the comp performs fine but I can't install them now without the Trojan showing up again.

    Any tips?

    Roadcaptain
     
  2. roadcaptain

    roadcaptain Private E-2

    Also just today Avira has been alerting to the TR.Drop.Agent.bffs which seems to be attached to MGTools.exe........access has been denied so I suspect MGTools will not be able to run a second time.
     
  3. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You need to disable Avira and any other AS programs when you run the tools.

    If you have completed the Read and Run First instructions, then you need to attach the requested logs.
     
  4. roadcaptain

    roadcaptain Private E-2

    It used to be so easy to attach files. What happened?

    How in the world do I find out the "Path" to the log files so I can attach them.

    I can go to "Attach files" then "Manage Attachments" but I can't simply drag and drop or copy and paste I must know the "Path" which I don't.

    I have the mbam log and SUPERAntiSpyware logs open on my screen but can't attach.
     
  5. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Save the logs to your desktop....then use the browse for the files tab to find them on your desktop.
     
  6. roadcaptain

    roadcaptain Private E-2

    Thanks Tim!

    You will find the logs attached.
     

    Attached Files:

  7. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You still need to attach the logs for:

    * C:\ComboFix.txt
    * C:\MGlogs.zip

    If the only time you have an alert from Avira is when you install your two games, then either the games are infected or Avira is giving a false positive. Did you purchase the games?
     
  8. roadcaptain

    roadcaptain Private E-2

    I have been unable to find ComboFix.txt or MGlogs.zip. I did purchase the games and they have re-installed with no problems, plus there have been no further alerts since sending TR.Drop.Agent.bffs (which seems to be attached to MGTools.exe) to quarentine.
    No futher alerts or problems for a couple of weeks.
     
  9. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Avira was giving you a false positive...which is why I asked you to disable it before running the scans.

    If you are not having any other malware problems, it is time to do our final steps:
    1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
    2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
      • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
      • "%userprofile%\Desktop\combofix" /u
        • Notes: The space between the combofix" and the /u, it must be there.
        • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
    3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
    4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
    5. Go to add/remove programs and uninstall HijackThis.
    6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
    7. If you are running Vista, Windows XP or Windows ME, do the below:
      • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
      • Then reboot and Enable System Restore ato create a new clean Restore Point.
    8. After doing the above, you should work thru the below link:
     
  10. roadcaptain

    roadcaptain Private E-2

    Avira was disabled before running scans then enabled afterwards.

    ComboFix did not go to desktop it went to C:\Users\Gary\Downloads. Can it simply be deleted or should I alter "%userprofile%\Desktop\combofix" /u in some fashion so that hidden files and folders can be set back to Windows defaults?

    Have removed Hijackthis, enabled UAC with MGtools\enableUAC.reg file and ran MGclean.bat file.

    Disabled and enabled System Restore (with reboot).

    All is well except I still have ComboFix.
     
  11. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    Yes, you can alter the script to read the exact location ( full path ) with the /u switch at the end.
     
  12. roadcaptain

    roadcaptain Private E-2

    I have everything taken care of with ComboFix.

    Thanks for all your help. Major Geeks is the best resource I have found for dealing with Malware.

    You guys are tops! Thanks Tim
     
  13. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    You are quite welcome...safe surfing. :)
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds