Win32:Dropper-gen[Drp] Detected in File

[habiTATTT]

Hi guys

My sister was doing her projects with her friends in school today. When she inserted her Cruzer Micro (2GB) thumbdrive into her friend's laptop, their anti-virus immediately detected some virus in the thumbdrive. Worried that her laptop, a HP EliteBook 9470m running on Windows 8, might get a virus, she told me to help her scan her laptop.

Initially, her laptop was only protected by Windows Defender. As I needed to scan her laptop, I decided to install avast! Free to do so.

After about 25min of scanning, avast! concluded that there was a threat found. I looked at the details and realised that, besides some files with 'Error: The system cannot find the path specified (3)', this is what I saw.

File Name: C:\MSI\TrustedInstaller.exe
Severity: High
Status: Threat: Win32:Dropper-gen [Drp]

I have checked online for information and solutions but they always told me to install other softwares to get rid of it. Also, they also warned us not to delete the file away; if the infected file was an essential Windows file, I will never be able to boot up again.

Can anyone help me? I'm not a professional when it comes to removing viruses from computers so I'll really appreciate if anyone can help me. Also, will the virus infect other thumbdrives or removable media?

Thanks in advance!



P.S. I have since formatted the thumbdrive.

[Pondus]

Have you taken any action on the detected file?......like moved to chest
 If not you can upload and test the file at www.virustotal.com first......post link to scan result here

 Recomended program to install on all computers
MCShield usb protector     www.mcshield.net

This does not replace antivirus, so you need that also

[Pondus]

HP computers usully come with a preinstalled 90 day norton AV
This should be removed before installing avast
Also run removal tool for uninstalled AV to clear any leftover conflicting files
REmoval tools http://singularlabs.com/uninstallers/security-software/

[habiTATTT]

Hi there

Thanks for assisting me. I have not moved the file to the virus chest as of yet, since I have no idea whether it'll affect the operation of the computer. Can I move it there first to prevent the virus from spreading?

Her laptop didn't come with Norton, which is pretty surprising.

I'll do a virus scan for the infected file in the next few days (I'm busy tomorrow and on Friday so I have no time to touch my sister's laptop).

Many thanks

[Pondus]

C:\MSI\TrustedInstaller.exe

the point is to upload and confirm that it is infected before you move it to chest....as it is a bit more tricky to do it after
uploading and testing a file at virustotal take less then 5 minutes

Her laptop didn't come with Norton, which is pretty surprising.

may be bc it is a HP Elitebook.... these are usually sold to firms that have/install there own AV protection

[essexboy]

That is not the correct location for trusted installer on windows 8 and is highly likely to be malware

First clean the SD card



Download McShield to your desktop and install
It will initially run a scan and show the result as a toaster by the system clock
Then in the control centre select scanner and tick unhide items on flash drives

Plug in the drive and McShield will start a scan

Then get the log which will be here :

Start > all programs > MCShield > logs > all scans

And post that

THEN

Download OTL  to your Desktop
Secondary link

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

• Select All Users
  
• Under the Custom Scan box paste this in

netsvcs
BASESERVICES
%SYSTEMDRIVE%\*.exe
/md5start
services.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
dir "%systemdrive%\*" /S /A:L /C
CREATERESTOREPOINT

• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Post  both logs

[habiTATTT]

Hi there

I have finally done the scan in my sister's laptop. However, I could not do the McShield scan for my sister's thumbdrive as she has brought it out.

Attached are the logs from OTL.

Do I move the infected file into the Avast Virus chest now, or should I just leave it as it is?

Many thanks.

[essexboy]

Move it to the virus chest and leave it there for at least a week to ensure that there are no averse affects.  The logs look clean

[habiTATTT]

I've moved the file into the virus chest. IS the computer considered safe now?

Also, what should I do next?

Many thanks for your assistance

[essexboy]

How is the computer behaving ?

[habiTATTT]

I restarted her laptop after moving the item into the chest. I'm in the midst of doing a full system scan with avast! Free.

The laptop still works fine, at least for now.

[habiTATTT]

Scan completed with no threats found

[essexboy]

Ok run OTL and press the cleanup button to remove it and the associated folders

[habiTATTT]

I've completed the cleanup. Does that mean I'm safe from the virus now?

[mchain]

Yes, as long as you keep it in the virus chest (indefinitely if you want)   Do install MCShield to block any infections of this sort in the future.  It does automatically update every couple of days or so via internet when connected, and USB protection is free.  Will also automatically scan an USB external drive if connected.