avast sees dropbox as malware

[pasrus01]

I searched around a bit but was unable to find a topic addressing this.

I recently purchased a new laptop running windows 7 home premium. I then installed both dropbox and the free version of avast. The problem is, every time I start dropbox, a get notifications about every minute that avast has blocked malware coming from dropbox. It's associated with the dropbox.exe *32 process. Avast repeatedly moves a temp file to the virus chest, saying that it is a Win32:Trojan-gen. I'm not sure if this is a false positive or not, but I've never had problems between avast and dropbox before. To get the pop-ups to stop I just start task manager and kill the dropbox.exe *32 process, but it would be nice of course to use the program. Here's the name of the file that avast keeps moving to the virus chest:

C:\Users\<username>\Dropbox\.dropbox.cache\~e84ddb1c.tmp

Any ideas? Thanks in advance!

[Asyn]

Test it at VT (https://www.virustotal.com/) and post the result.

[pasrus01]

Here's the report from virustotal.com:

SHA256:   205f0caedf82989588eda2d4a292557697f07d7eb11bc5cf126c8153a2f8036b
SHA1:   57bb7ef65c549f3c9d547cdbc387591c94774e85
MD5:   cc541892fabf1aba5b7172cf1f50e6cd
File size:   29.0 KB ( 29743 bytes )
File name:   ~e84ddb1c.tmp
File type:   Win32 EXE
Detection ratio:   15 / 36
Analysis date:    2012-11-24 13:21:25 UTC ( 1 minute ago )
00
Less details
Analysis
Comments
Votes
Additional information
Antivirus   Result   Update
Agnitum   -   20121124
AntiVir   -   20121124
Antiy-AVL   -   20121123
Avast   Win32:Trojan-gen   20121124
AVG   -   20121124
BitDefender   -   20121124
ByteHero   -   20121116
CAT-QuickHeal   -   20121124
ClamAV   -   20121124
Commtouch   W32/Backdoor2.HMDI   20121124
Comodo   UnclassifiedMalware   20121124
Emsisoft   -   20121124
ESET-NOD32   -   20121124
F-Prot   W32/Backdoor2.HMDI   20121124
F-Secure   -   20121124
Fortinet   W32/Barys.A6AA!tr   20121124
GData   Win32:Trojan-gen   20121124
Ikarus   Trojan-Dropper.Win32.KGen   20121124
Jiangmin   Trojan/Generic.aayzx   20121124
K7AntiVirus   Backdoor   20121123
Kingsoft   -   20121119
Microsoft   -   20121124
MicroWorld-eScan   -   20121124
nProtect   -   20121124
Panda   Trj/CI.A   20121124
PCTools   Trojan.Gen   20121124
Rising   -   20121123
Sophos   -   20121124
SUPERAntiSpyware   -   20121124
Symantec   Trojan.Gen   20121124
TheHacker   Posible_Worm32   20121124
TotalDefense   -   20121123
TrendMicro   TROJ_GEN.RCBZ1JR   20121124
TrendMicro-HouseCall   TROJ_GEN.RCBZ1JR   20121124
VIPRE   -   20121124
ViRobot   -   20121124

[Pondus]

much easier to just post the scan link 
https://www.virustotal.com/file/205f0caedf82989588eda2d4a292557697f07d7eb11bc5cf126c8153a2f8036b/analysis/


seems like it is correct

First seen by VirusTotal
 2012-03-10 14:35:19 UTC ( 8 måneder, 2 uker ago )

[pasrus01]

Whoops, sorry about that. I'm new to this stuff. 

Okay, so it's a real virus. Next question then, how do I get it to stop popping up every minute? The file is never permanently removed but just gets created over and over again. Any ideas on that?

[essexboy]

I have dropbox on my system and Avast is quite happy with it plus there is not a folder/file with that name in my folder

So I would suspect that there is an infection in there somewhere

[pasrus01]

Ok, I guess I'm not sure what to do about it. I scanned the entire dropbox folder, and no threats were found. Then I thought the program itself was the problem, so I uninstalled it, deleted all my synced info, and re-downloaded and re-installed the program. Same result, except this time the temp file has a different name. Also checked that one on virustotal.com, and interestingly enough, it stated it was the same file as the one I had tried earlier today.

So what to do? The problem isn't with the files I have on dropbox, and it's not with the program itself. I don't disagree that there's an infection, but I don't know how to find and permanently remove it.

[essexboy]

Download OTL  to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%username%/dropbox /s
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
winsock.*
/md5stop
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post  both logs

[pasrus01]

Ok, here are the logs. Thanks for the guidance on this!

[essexboy]

OK numpty used the wrong switch

Run OTL again and paste the following line in the custom scans box and press run scan.  There will be just one log this time

C:\Users\ben\Dropbox\*.* /s

[pasrus01]

Hmmm... tried attaching the log but was rejected because the file size is too big (680 kb) for attachments. Is there a way around that limitation?

[Pondus]

Hmmm... tried attaching the log but was rejected because the file size is too big (680 kb) for attachments. Is there a way around that limitation?

split the log on two....and use two posts   

[pasrus01]

I ended up uploading it mediafire. Here's the link:

http://www.mediafire.com/view/?634np53sjc9wunh

[pasrus01]

I tried my own link, but didn't get the file, so here it is split in two as you suggested.

[pasrus01]

Part 2