Author Topic: Win64:Dropper-Gen[Drp] in explorer.exe  (Read 6461 times)

0 Members and 1 Guest are viewing this topic.

Offline FMB34

  • Newbie
  • *
  • Posts: 3
Win64:Dropper-Gen[Drp] in explorer.exe
« on: March 08, 2014, 02:03:58 AM »
I started up my computer today and avast detected that explorer.exe was infected. I quick scanned with avast and it detected Dropper-Gen[Drp] on explorer.exe and it couldn't delete, fix, or move it to chest because it says that the file is a read only file. I quick scanned with Malwarebytes and it did not detect anything. I can still access explorer via the start menu but on the task bar when I pin Documents and then try opening it from there, avast blocks me stating that " c:/windows/explorer.exe   Operation did not complete successfully because the file contains a virus." 
I hope someone can help me solve this matter.

Offline 1st

  • Newbie
  • *
  • Posts: 1
Re: Win64:Dropper-Gen[Drp] in explorer.exe
« Reply #1 on: March 08, 2014, 02:26:12 AM »
I'm actually experiencing the EXACT same issue, and it all happened just today.

Offline Staticguy

  • Super Poster
  • ***
  • Posts: 1439
Re: Win64:Dropper-Gen[Drp] in explorer.exe
« Reply #2 on: March 08, 2014, 02:40:14 AM »
Post your questions here http://forum.avast.com/index.php?board=4.0

Since you started in this area of this forum. We will continue here. I have PMed one of the moderators to help you out.
DELL Inspiron 15" 7000 Gaming, Windows 10 Home 2004 (OS Build 19041.388), Trend Micro Internet Security 2020 (16.0.1391), Avast SecureLine VPN (5.6.4982), Windows Firewall, Unchecky 1.2

Offline schmidthouse

  • VIRUS FREE A Long Time
  • Avast Evangelist
  • Starting Graphoman
  • ***
  • Posts: 6907
  • When you think you know, Think Again
Re: Win64:Dropper-Gen[Drp] in explorer.exe
« Reply #3 on: March 08, 2014, 03:09:30 AM »
Post your questions here http://forum.avast.com/index.php?board=4.0

Since you started in this area of this forum. We will continue here. I have PMed one of the moderators to help you out.

Yes, it might have been better in the "Virus and Woms" Forum.
In any case, please keep in mind many of our malware experts will probably be in Bed at this time in AM, where they live.
Please be patient :)
***HP ENVY 15K LT W10 Pro 21H1 64Bit/750GB HD/16GB Ram/Avast Premium 21.5.2470b/Secureline VPN v.5.12.5576b/ADU v.21.1b/ASB v.91.0b/ACP 21.1b/SANDBOXIE-plus/MailWasherPRO
**HP Compaq 8510p LT W10 Pro 20H2 64Bit/1TB HD/8GB Ram/Avast Premium 21.5.2470b/ADU v.21.1b/ACP 21.1b/SANDBOXIE/MailWasherPRO/HotSpot Shield
     
RIP*Dell Inspiron XPsp4 PRO 32Bit/Avast(since 2002)18.8.2356/WP/Comodo FW 3.14/Secureline/Comodo IceDragon v.40
LAYERED SECURITY SOFTWARE

Offline wowmuchdoge

  • Newbie
  • *
  • Posts: 15
Re: Win64:Dropper-Gen[Drp] in explorer.exe
« Reply #4 on: March 08, 2014, 06:19:00 AM »
The problem occured for me because I had a patched version of explorer.exe. See here. If you had knowingly modified explorer.exe (with a program such as W7SBC) and trust that program, then you may do as I did and whitelist explorer.exe in Avast for now.

Of course, there is still the chance that explorer.exe is malware. So do it at your own risk.

linking all the threads together:

http://forum.avast.com/index.php?topic=147308
http://forum.avast.com/index.php?topic=147328
http://forum.avast.com/index.php?topic=147333 (this thread)
http://forum.avast.com/index.php?topic=147339

I have also alerted Avast of the file (although the last time I did this they took >3 months to reply...)
« Last Edit: March 08, 2014, 09:04:52 AM by wowmuchdoge »

Offline FMB34

  • Newbie
  • *
  • Posts: 3
Re: Win64:Dropper-Gen[Drp] in explorer.exe
« Reply #5 on: March 08, 2014, 08:54:06 AM »
The problem occured for me because I had a patched version of explorer.exe. See here. If you had knowingly modified explorer.exe (with a program such as W7SBC) and trust that program, then you may do as I did and whitelist explorer.exe in Avast for now.

I did in fact modify explorer.exe using W7SBC about a year or two ago, if that really is the problem then I will whitelist explorer.exe in Avast for now.

Offline wowmuchdoge

  • Newbie
  • *
  • Posts: 15
Re: Win64:Dropper-Gen[Drp] in explorer.exe
« Reply #6 on: March 08, 2014, 09:11:25 AM »
The problem occured for me because I had a patched version of explorer.exe. See here. If you had knowingly modified explorer.exe (with a program such as W7SBC) and trust that program, then you may do as I did and whitelist explorer.exe in Avast for now.

I did in fact modify explorer.exe using W7SBC about a year or two ago, if that really is the problem then I will whitelist explorer.exe in Avast for now.

if you use W7SBC to unpatch explorer.exe, it will be detected as "virus free" by Avast. If you then patch it again with W7SBC, I wager it would be detected as a "virus" again.

Offline airwalk

  • Newbie
  • *
  • Posts: 1
Re: Win64:Dropper-Gen[Drp] in explorer.exe
« Reply #7 on: March 08, 2014, 10:07:19 AM »
I just registered so I could reply to all of this nonsense. The new interface is horrible, the ads are annoying, and every year it gets a little worse. I've used Avast for close to 10 years now, but tonight was the final straw. Out of nowhere, Avast decides to go commando and create a big ordeal over a modified start orb in Win 7.
I had a couple of options.
1 - White list explorer.exe in Avast (have fun getting that done with the haphazard interface Avast provides)
2 - Undo my mods, or brutally run SFC and replace any modified system file (no thanks)
3 - Uninstall Avast (this was far easier, didn't cost me my mods, and frankly was long overdue)

I'm not into rants on forums, but seriously this was the deal breaker. Avast needs to go back to its roots, there's a reason Avast was popular and made its way to #1. It certainly isn't the stylish and innovative nonsense that I just removed from my pc.

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9365
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: Win64:Dropper-Gen[Drp] in explorer.exe
« Reply #8 on: March 08, 2014, 12:34:42 PM »
So now it's avast!'s fault if it tries to notify you about a MODIFIED system file. And you're greatly exaggerating the interface design qualities (or the lack of them). The interface is far from horrible. In fact i think avast! 4.8 till 8.0 was rather bad, with avast! 2014 they finally made it as it should be from day 1.
Visit my webpage Angry Sheep Blog

Offline wowmuchdoge

  • Newbie
  • *
  • Posts: 15
Re: Win64:Dropper-Gen[Drp] in explorer.exe
« Reply #9 on: March 08, 2014, 12:43:20 PM »
well to be fair, I do find the UI particularly confusing with too many nested items (vs Avast v7). His rant is silly though.

Offline FMB34

  • Newbie
  • *
  • Posts: 3
Re: Win64:Dropper-Gen[Drp] in explorer.exe
« Reply #10 on: March 08, 2014, 11:36:17 PM »
I scanned with Avast today and it didn't detect a virus this time. In addition, I was able to access explorer properly again after taking it out from the whitelist. So I can assume Avast fixed the issue?

Offline magna86

  • Anti Malware Fighter
  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 4237
    • Ambulanta MyCity Forum - ASAP Member
Re: Win64:Dropper-Gen[Drp] in explorer.exe
« Reply #11 on: March 10, 2014, 04:21:04 PM »
Hi,

Yes, this was the avast FP detection.   ;)