Author Topic: July 2012 Avast Database generates Win32:Dropper-gen [Drp] Errors  (Read 4627 times)

0 Members and 1 Guest are viewing this topic.

Offline Master VB Guru

  • Newbie
  • *
  • Posts: 11
All:

    This morning my desktop and laptop updated the Avast database from the June 2012 virus definition database (file version 120622-0/compilation date 6/22/2012) to the July 2012 database (file version 120717-0/compilation date 7/17/2012).  As soon as it was installed, legitimate programs on my desktop and laptop machines started reporting they were infected with Win32:Dropper-gen [Drp] "malware".

    I restored an image of my Windows 7 Ultimate (x64) desktop (from an image I created back in June 2012) and all the problems went away -- until Avast updated the database to file version 120717-0.  Then the errors came back.

    I was also able to test this in a Windows XP Professional (SP3) virtual box which had the June 2012 database installed.  I turned automatic updates off to update the virus definition database, and everything worked fine.  When I updated the database to the July 2012 120717-0 database, the malware messages started appearing when I attempted to run my legitimate apps.

    The problem seems to be with the July 2012 file version 120717-0 database update.  June 2012's database works fine.  I have been able to duplicate this problem with Avast 4.8 Home as well as Avast 2012 (build 7.0.1456.418).

    The work-around:  Don't update your system to the July 2012 database.  If it's already updated your system (as is my case), you're outta luck.  Screen shot attached.

Offline bobo1

  • Poster
  • *
  • Posts: 470
Re: July 2012 Avast Database generates Win32:Dropper-gen [Drp] Errors
« Reply #1 on: July 17, 2012, 04:56:32 PM »
No faults with my computer with this database. You are more than likley be infected? you are using old avast 4 which is out of date now in your screenshot. Download the new free version.

Suggest a test on your computer with malware bytes free & update it & do a full scan and remove what ever it finds
« Last Edit: July 17, 2012, 05:02:37 PM by bobo1 »
IBM T41 INTEL CENTRINO 1.6GHZ  3. XP SP3. 1000 MB RAM. 80GB HARD DRIVE. AVAST 9. MALWAREBYTES FREE.
NEW TEST RIG FUJITSU (SCALEO) 2.8GHZ 3000MB RAM DVI HD OUT SVGA PENT 4 AVAST 9. GAMING RIG

Offline Master VB Guru

  • Newbie
  • *
  • Posts: 11
Re: July 2012 Avast Database generates Win32:Dropper-gen [Drp] Errors
« Reply #2 on: July 17, 2012, 04:58:50 PM »
I don't think so.  As soon as I update the database to July 2012, the messages appear. 

I tested this in a Virtual Box (running the June 2012 database).  As long as I don't update to July 2012, everything is fine.  Once I update to July 2012, I cannot run some of my apps.

Offline bobo1

  • Poster
  • *
  • Posts: 470
Re: July 2012 Avast Database generates Win32:Dropper-gen [Drp] Errors
« Reply #3 on: July 17, 2012, 05:09:29 PM »
Still do some malware scans though. No issues with my computer with this update
IBM T41 INTEL CENTRINO 1.6GHZ  3. XP SP3. 1000 MB RAM. 80GB HARD DRIVE. AVAST 9. MALWAREBYTES FREE.
NEW TEST RIG FUJITSU (SCALEO) 2.8GHZ 3000MB RAM DVI HD OUT SVGA PENT 4 AVAST 9. GAMING RIG

Offline Master VB Guru

  • Newbie
  • *
  • Posts: 11
Re: July 2012 Avast Database generates Win32:Dropper-gen [Drp] Errors
« Reply #4 on: July 17, 2012, 05:15:20 PM »
Yep; did that.  Nothing.  Restoring the system back to June removes the issue.  Will wait for the next virus database update from Avast to see what happens.


Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1697
Re: July 2012 Avast Database generates Win32:Dropper-gen [Drp] Errors
« Reply #5 on: July 17, 2012, 06:18:54 PM »
Please upload C:\Program Files (x86)\Babel\babel.exe to https://www.virustotal.com/ and post the results VirusTotal link here.

Also, click on the "Report as False positive".  Of course, to do this would require that you update anew to the 'problem' VPS 120717-0.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: AIS 2015 10.2.2218, WinPatrol Plus, SpywareBlaster 5, Opera 12.17, Firefox 38.0.1, MBam Free, MCShield, CCleaner

Offline Master VB Guru

  • Newbie
  • *
  • Posts: 11
Re: July 2012 Avast Database generates Win32:Dropper-gen [Drp] Errors
« Reply #6 on: July 17, 2012, 07:32:06 PM »
Hi John:

    I just uploaded it moments ago.  Here's the link of the analysis:


https://www.virustotal.com/file/377598a25e9cdc06559f8db1552dd78d93cb9aeffb43ab7fee8b109d4a8c83e2/analysis/1342546118/

   There was no place for me to click on "Report as false positive" at this analysis link.


So here's how I fixed my machine in the meantime:

--Made a copy of 400.vps (the July 7, 2012 version of the database) from my VirtualBox.
--Uninstalled Avast 4.8 Home from my desktop
--Rebooted the machine
--Installed Avast 4.8 Home on my desktop
--Before rebooting, I changed the program settings, changing BOTH the "Update" options (program/virus database) to MANUAL and copying the 400.vps database to the DATA folder.
--Rebooted machine
--Entered the license key.
--Clicked on the ABOUT menu option to confirm I am running the July 7, 2012 virus definition (file version 120705-0)
--Right-clicked on the program that was generating a "Malware" error (i.e. Babel.exe); no error message.  Application now runs flawlessly.


Offline Gopher John

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1697
Re: July 2012 Avast Database generates Win32:Dropper-gen [Drp] Errors
« Reply #7 on: July 17, 2012, 08:00:16 PM »
The "Report as false positive" link was in the picture of your Avast alert you posted.  Since you are no longer alerting on babel.exe, the link is gone.

Avast and GData use essentially the same signatures, so they count as one detection.

There is a link for submitting a false positive to Avast thru a browser, but I can't find it now.
AMD A6-5350M APU with Radeon HD Graphics, 8.0GB RAM, Win7 Pro SP1 64bit, IE11
i7-3610QM 2.3GHZ, 8.0GB Ram,  Nvidia GeForce GT 630M 2GB, Win7 Pro SP1 64bit, IE 11
Common to both: AIS 2015 10.2.2218, WinPatrol Plus, SpywareBlaster 5, Opera 12.17, Firefox 38.0.1, MBam Free, MCShield, CCleaner

Offline Master VB Guru

  • Newbie
  • *
  • Posts: 11
Re: July 2012 Avast Database generates Win32:Dropper-gen [Drp] Errors
« Reply #8 on: July 17, 2012, 08:20:13 PM »
Hi John:

I submitted this to Avast early this afternoon when I clicked on the UPDATE within Avast.  I saw it upload the file.  Is there anything else I need to do?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 71860
  • No support PMs thanks
Re: July 2012 Avast Database generates Win32:Dropper-gen [Drp] Errors
« Reply #9 on: July 17, 2012, 09:05:32 PM »
Will you stop creating multiple topics and posts relating to the same issue, it just duplicates/triplicates the effort for those trying to help. Please stick with this one.
« Last Edit: July 17, 2012, 09:07:52 PM by DavidR »
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 2015 10.2.2218 R2-SP2/ Outpost Firewall Pro9.1/ Firefox 38.0.1, NoScript, RequestPolicy/ MailWasher Pro/ DropMyRights/ MalwareBytes AntiMalware Premium 2.1.6/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline Master VB Guru

  • Newbie
  • *
  • Posts: 11
Re: July 2012 Avast Database generates Win32:Dropper-gen [Drp] Errors
« Reply #10 on: July 18, 2012, 01:37:34 AM »
Will do.  My sincere apologies for any confusion or trouble this may have caused.

Offline DZSP21

  • Newbie
  • *
  • Posts: 2
Re: July 2012 Avast Database generates Win32:Dropper-gen [Drp] Errors
« Reply #11 on: November 07, 2012, 12:19:46 AM »
Hi Avast,

Our company has the Avast Endpoint Protection Suite Plus and we're also having the same issue up to now. It started a couple of months ago (around July timeframe too) wherein almost all of our workstations seems to be infected with Win32:Dropper-gen [Drp] Trojan based on the Avast logs and reports. In our case, it's adobe.exe, acrobat.exe, A00xxxxx and winsever.exe that gets infected. Our workstations are mostly WinXP Pro x86.

Please advise if this is false-positive because we are going crazy on how to mitigate this outbreak. We have over a hundred computers in our network and almost 80% were reported infected.

Any assistance is greatly appreciated.
Thank you Avast.

DZSP21


Offline Pondus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 26888
Re: July 2012 Avast Database generates Win32:Dropper-gen [Drp] Errors
« Reply #12 on: November 07, 2012, 12:23:10 AM »
@DZSP21......you are posting in a old topic...
and the forum section for endpoint is here.   http://forum.avast.com/index.php?board=33.0
Chief Wiggum: Uh, no, you got the wrong number. This is 9-1…2.