MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 10-09-09, 17:54
roadcaptain roadcaptain is offline
Private First Class
 
Join Date: Apr 2006
Posts: 51
Thanks: 1
Thanked 0 Times in 0 Posts
Default TR/Dropper.Gen Trojan

I seem to have picked up the TR/Dropper.Gen Trojan according to Avira Antivir (free edition). This began when I downloaded what appeared to be an
update to the game "Battlestation Midway" of course Avira denies acces now to BS Midway's .exe file. Also it seems to affect "Call of Duty Untited Offensive" and the associated punkbuster.
I have completed the "Read & run me first" but the trojan still seems to be a problem.
I have uninstalled BS Midway and Call of Duty and the comp performs fine but I can't install them now without the Trojan showing up again.

Any tips?

Roadcaptain
Reply With Quote
Sponsored links
  #2  
Old 10-10-09, 14:51
roadcaptain roadcaptain is offline
Private First Class
 
Join Date: Apr 2006
Posts: 51
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: TR/Dropper.Gen Trojan

Also just today Avira has been alerting to the TR.Drop.Agent.bffs which seems to be attached to MGTools.exe........access has been denied so I suspect MGTools will not be able to run a second time.
Reply With Quote
  #3  
Old 10-14-09, 14:04
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,460
Thanks: 431
Thanked 4,591 Times in 4,344 Posts
Default Re: TR/Dropper.Gen Trojan

You need to disable Avira and any other AS programs when you run the tools.

If you have completed the Read and Run First instructions, then you need to attach the requested logs.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #4  
Old 10-15-09, 12:09
roadcaptain roadcaptain is offline
Private First Class
 
Join Date: Apr 2006
Posts: 51
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: TR/Dropper.Gen Trojan

It used to be so easy to attach files. What happened?

How in the world do I find out the "Path" to the log files so I can attach them.

I can go to "Attach files" then "Manage Attachments" but I can't simply drag and drop or copy and paste I must know the "Path" which I don't.

I have the mbam log and SUPERAntiSpyware logs open on my screen but can't attach.
Reply With Quote
  #5  
Old 10-15-09, 12:31
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,460
Thanks: 431
Thanked 4,591 Times in 4,344 Posts
Default Re: TR/Dropper.Gen Trojan

Save the logs to your desktop....then use the browse for the files tab to find them on your desktop.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
Sponsored links
  #6  
Old 10-16-09, 01:30
roadcaptain roadcaptain is offline
Private First Class
 
Join Date: Apr 2006
Posts: 51
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: TR/Dropper.Gen Trojan

Thanks Tim!

You will find the logs attached.
Attached Files
File Type: log SUPERAntiSpyware Scan Log - 10-04-2009 - 17-01-45.log (465 Bytes, 3 views)
File Type: txt DxDiag.txt (41.8 KB, 3 views)
File Type: txt mbam-log-2009-10-04 (17-28-43).txt (832 Bytes, 2 views)
Reply With Quote
  #7  
Old 10-18-09, 15:49
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,460
Thanks: 431
Thanked 4,591 Times in 4,344 Posts
Default Re: TR/Dropper.Gen Trojan

You still need to attach the logs for:

* C:\ComboFix.txt
* C:\MGlogs.zip

If the only time you have an alert from Avira is when you install your two games, then either the games are infected or Avira is giving a false positive. Did you purchase the games?
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #8  
Old 10-24-09, 12:09
roadcaptain roadcaptain is offline
Private First Class
 
Join Date: Apr 2006
Posts: 51
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: TR/Dropper.Gen Trojan

I have been unable to find ComboFix.txt or MGlogs.zip. I did purchase the games and they have re-installed with no problems, plus there have been no further alerts since sending TR.Drop.Agent.bffs (which seems to be attached to MGTools.exe) to quarentine.
No futher alerts or problems for a couple of weeks.
Reply With Quote
  #9  
Old 10-24-09, 13:12
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,460
Thanks: 431
Thanked 4,591 Times in 4,344 Posts
Default Re: TR/Dropper.Gen Trojan

Avira was giving you a false positive...which is why I asked you to disable it before running the scans.

If you are not having any other malware problems, it is time to do our final steps:
  1. We recommend you keep SUPERAntiSpyware and Malwarebytes Anti-Malware for scanning/removal of malware. Unless you purchase them, they provide no real-time protection. They are useful as backup scanners.They do not use any significant amount of resources ( except a little disk space ) until you run a scan.
  2. If we had you use ComboFix, uninstall ComboFix (This uninstall will only work as written if you installed ComboFix on your Desktop like we requested.)
    • Click START then RUN and enter the below into the run box and then click OK. Note the quotes are required
    • "%userprofile%\Desktop\combofix" /u
      • Notes: The space between the combofix" and the /u, it must be there.
      • This will uninstall ComboFix and also reset hidden files and folders settings back to Windows defaults.
  3. Any other miscellaneous tools we may have had you install or download can be uninstalled and deleted.
  4. If running Vista, it is time to make sure you have reenabled UAC by double clicking on the C:\MGtools\enableUAC.reg file and allowing it to be added to the registry.
  5. Go to add/remove programs and uninstall HijackThis.
  6. Goto the C:\MGtools folder and find the MGclean.bat file. Double click on this file to run this cleanup program that will remove files and folders related to MGtools and some other items from our cleaning procedures.
  7. If you are running Vista, Windows XP or Windows ME, do the below:
    • Refer to the cleaning procedures in step 3 the READ ME for your Window version and see the instructions to Disable System Restore which will flush your Restore Points.
    • Then reboot and Enable System Restore ato create a new clean Restore Point.
  8. After doing the above, you should work thru the below link:
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #10  
Old 10-25-09, 21:28
roadcaptain roadcaptain is offline
Private First Class
 
Join Date: Apr 2006
Posts: 51
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: TR/Dropper.Gen Trojan

Avira was disabled before running scans then enabled afterwards.

ComboFix did not go to desktop it went to C:\Users\Gary\Downloads. Can it simply be deleted or should I alter "%userprofile%\Desktop\combofix" /u in some fashion so that hidden files and folders can be set back to Windows defaults?

Have removed Hijackthis, enabled UAC with MGtools\enableUAC.reg file and ran MGclean.bat file.

Disabled and enabled System Restore (with reboot).

All is well except I still have ComboFix.
Reply With Quote
Sponsored links
  #11  
Old 10-27-09, 17:33
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,460
Thanks: 431
Thanked 4,591 Times in 4,344 Posts
Default Re: TR/Dropper.Gen Trojan

Yes, you can alter the script to read the exact location ( full path ) with the /u switch at the end.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
  #12  
Old 11-03-09, 15:08
roadcaptain roadcaptain is offline
Private First Class
 
Join Date: Apr 2006
Posts: 51
Thanks: 1
Thanked 0 Times in 0 Posts
Default Re: TR/Dropper.Gen Trojan

I have everything taken care of with ComboFix.

Thanks for all your help. Major Geeks is the best resource I have found for dealing with Malware.

You guys are tops! Thanks Tim
Reply With Quote
  #13  
Old 11-07-09, 12:23
TimW's Avatar
TimW TimW is offline
MajorGeeks Administrator - Jedi Malware Expert
 
Join Date: Jan 2005
Location: The recesses of my mind!
Posts: 46,460
Thanks: 431
Thanked 4,591 Times in 4,344 Posts
Default Re: TR/Dropper.Gen Trojan

You are quite welcome...safe surfing.
__________________
Major cake licker.
YCLAHTW, BYCMHD!!

Major Geeks on Facebook

Major Geeks Newsletter
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Trojan Dropper Geek1ndy@n Malware Removal 2 12-24-08 14:19
Trojan.Dropper? JohnnyVan Malware Removal 5 05-10-05 17:54
Dropper Trojan roberts663 Malware Removal 44 10-25-04 08:44
Trojan Dropper? morleybc Malware Removal 3 10-08-04 22:35
win32/trojan downloader.ISTbar.EN trojan; win32/trojan dropper.bridge.A trojan vlatko27 Software 1 05-27-04 08:40


All times are GMT -5. The time now is 22:44.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger