Author Topic: Win32:Dropper-gen (Drp)  (Read 47430 times)

0 Members and 1 Guest are viewing this topic.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Win32:Dropper-gen (Drp)
« Reply #15 on: January 02, 2013, 04:51:32 PM »
Malwarebytes found this...

I'll do the other scans and see what shows up.

It doesn't seem to have resolved the virus dropper issue though as Avast still tells me it exists. Is it worth using the Malicious Software Removal Tool by Microsoft?

You could try copying/restoring that file and try uploading it to virustotal, the problem being MBAM restores to the original location (I don't like that with suspect stuff), this isn't the same as the MediaIconsOverlays.dll as system restore changes the file name but retains the file type and this isn't a dll file.

I'm not a fan of the Malicious Software Removal Tool as I don't think you have a great deal of control over it.

Do you actually have the Microsoft Media Tools installed ?
I can't ever remember installing this on either of my systems, so I obviously don't need it. I just wonder if you did install it, have you ever used/need it ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Win32:Dropper-gen (Drp)
« Reply #16 on: January 02, 2013, 04:54:12 PM »
No, the mediaiconsoverlays was created a little more than 2 weeks previous to the movies.

I can also only find it in the offending folder, not the one you suggest.

There's definitely something up because I was actually away when those films were downloaded.

I attach the OTL log.

OK, I take it you are using the information and tools mentioned in the 'Logs to assist in cleaning malware' topic, http://forum.avast.com/index.php?topic=53253.0 if so when you have the other logs attached I will get a malware removal specialist to take a look at them.

EDIT: A malware removal specialist has been informed of your topic.
« Last Edit: January 02, 2013, 04:57:05 PM by DavidR »
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Interista

  • Sr. Member
  • ****
  • Posts: 332
Re: Win32:Dropper-gen (Drp)
« Reply #17 on: January 02, 2013, 05:11:04 PM »
I'm exhausting every angle because I'm worried that something is working away in secret (and that it may be slowing up my internet connection). I haven't heard of many of those films nevermind downloaded them.

I restored the file that MBAM found but now I can't find it.

AswMbr log here.

Offline Interista

  • Sr. Member
  • ****
  • Posts: 332
Re: Win32:Dropper-gen (Drp)
« Reply #18 on: January 02, 2013, 05:12:12 PM »
I have never used Microsoft Tools btw.

Offline Interista

  • Sr. Member
  • ****
  • Posts: 332
Re: Win32:Dropper-gen (Drp)
« Reply #19 on: January 02, 2013, 05:16:11 PM »
RogueKiller logs (though I'm not sure I needed to do them).


Offline Interista

  • Sr. Member
  • ****
  • Posts: 332
Re: Win32:Dropper-gen (Drp)
« Reply #20 on: January 02, 2013, 05:17:23 PM »
FSS log

Offline Interista

  • Sr. Member
  • ****
  • Posts: 332
Re: Win32:Dropper-gen (Drp)
« Reply #21 on: January 02, 2013, 05:30:15 PM »
My system just rebooted itself and then on reboot told me that windows had recovered from a serious problem (can't remember the exact terminology).

It gave me the following error report (code).

BCCode : 1000000a     BCP1 : 00000023     BCP2 : 00000002     BCP3 : 00000000
BCP4 : 8050B781     OSVer : 5_1_2600     SP : 2_0     Product : 256_1     

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Dropper-gen (Drp)
« Reply #22 on: January 02, 2013, 05:52:02 PM »
Did you download Abraham Lincoln Vampire Hunter ? If not I will remove it next time round

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Files
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Tools\plugins\mediahash\downloads

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Offline Interista

  • Sr. Member
  • ****
  • Posts: 332
Re: Win32:Dropper-gen (Drp)
« Reply #23 on: January 02, 2013, 06:38:57 PM »
Did you download Abraham Lincoln Vampire Hunter ? If not I will remove it next time round

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following


Code: [Select]
:Files
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Tools\MediaIconsOverlays.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Media Tools\plugins\mediahash\downloads

:Commands
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

I did, why does it look dangerous?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Dropper-gen (Drp)
« Reply #24 on: January 02, 2013, 07:02:57 PM »
No I was just curious as to whether that is part of the problem  ;D

Offline Interista

  • Sr. Member
  • ****
  • Posts: 332
Re: Win32:Dropper-gen (Drp)
« Reply #25 on: January 02, 2013, 07:13:18 PM »
I've run your fix and scanning the system now. Is it likely that this has been the cause of a very erratic internet speed over the last month or so (the fact that the dates of the files coincide with the problems points in that direction)?

I attach the scan log.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Dropper-gen (Drp)
« Reply #26 on: January 02, 2013, 07:16:32 PM »
I see that windows updates are set to disabled .. Did you do that ?

There is probably a correlation in the performance and the files

Offline Interista

  • Sr. Member
  • ****
  • Posts: 332
Re: Win32:Dropper-gen (Drp)
« Reply #27 on: January 02, 2013, 07:21:30 PM »
I see that windows updates are set to disabled .. Did you do that ?

There is probably a correlation in the performance and the files

No, I never did that (as far as I know).

The internet is working faster than it has in weeks... I still have to keep an eye on it as it has been going fast, then slow, then fast, then slow etc, but I feel there is a significant improvement so fingers crossed.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: Win32:Dropper-gen (Drp)
« Reply #28 on: January 02, 2013, 07:27:13 PM »
OK go to Control Panel > Administrative Tools > Services

Locate these two services

wscsvc
wuauserv


Right click them
Select Properties
In the drop down box set them to Auto
And then click Apply > OK

Offline Interista

  • Sr. Member
  • ****
  • Posts: 332
Re: Win32:Dropper-gen (Drp)
« Reply #29 on: January 02, 2013, 07:33:21 PM »
OK go to Control Panel > Administrative Tools > Services

Locate these two services

wscsvc
wuauserv


Right click them
Select Properties
In the drop down box set them to Auto
And then click Apply > OK

I can't find anything of those names.