Author Topic: A dropper trojan has been detected in explorer.exe - please help!  (Read 5551 times)

0 Members and 1 Guest are viewing this topic.

Abengoshis

  • Guest
When I logged in a few days ago, there was no desktop and the screen was entirely black, with just the cursor visible. I opened task manager and no applications were running, so I tried to run explorer.exe and got the error message:

Quote
C:\Windows\explorer.exe

Operation did not complete successfully because the file contains a virus.

After this I did a boot scan and it informed me that explorer.exe was infected with Win32:dropper-gen [Drp]

I've tried several different antivirus software to try to fix this problem. I've also done a system restore to a point earlier in the week (before I had this problem), but ultimately I've had to come here as my efforts have had no effect.

The odd thing about this message is that it doesn't always appear. When the message appears (and the desktop does not show up), restarting the computer seems to magically fix the symptoms.

Please help!

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: A dropper trojan has been detected in explorer.exe - please help!
« Reply #1 on: March 10, 2014, 07:30:11 PM »
Hi what is the VPS version of Avast ?   It should be 140310-0, also do you use windows7 button software or something similar

Abengoshis

  • Guest
Re: A dropper trojan has been detected in explorer.exe - please help!
« Reply #2 on: March 10, 2014, 07:32:10 PM »
The version is 140310-0 .
What do you mean by button software?

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37527
  • Not a avast user
Re: A dropper trojan has been detected in explorer.exe - please help!
« Reply #3 on: March 10, 2014, 07:34:41 PM »
Quote
I've tried several different antivirus software to try to fix this problem.     
Does this mean you have more then one AV installed?



Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: A dropper trojan has been detected in explorer.exe - please help!
« Reply #4 on: March 10, 2014, 07:35:20 PM »
Theme software that changes the start button on windows.  As there was a false positive on this a few days ago....  Is it still alerting 

Abengoshis

  • Guest
Re: Re: A dropper trojan has been detected in explorer.exe - please help!
« Reply #5 on: March 10, 2014, 07:38:51 PM »
@Pondus: By this I mean I've run mbam, tdsskiller, emsisoft emergency kit etc.

@essexboy: Yes - I changed the start button a very long time ago! Is it safe to assume this is the cause, then?

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: A dropper trojan has been detected in explorer.exe - please help!
« Reply #6 on: March 10, 2014, 07:40:21 PM »
It is possible could you let me know what file Avast has put in the virus chest.  Also right click that file and select scan, does it still report it as infected

Abengoshis

  • Guest
Re: A dropper trojan has been detected in explorer.exe - please help!
« Reply #7 on: March 10, 2014, 07:47:43 PM »
Since I did a system restore to a point before I got the message (and therefore before I did the boot scan), I'm not certain that the virus chest would still contain the item. I'll do another boot scan right now to make sure, so my next reply may take a while.

The items currently in the chest are:
cleanup.bat   (BV:KillAV-EC [Trj])
FileSYstem_Steam.dll   (no virus)
Unconfirmed 962796.crdownload   (Win32:InstalleRex-BH [PUP])
vtex.exe   (no virus)

Abengoshis

  • Guest
Re: A dropper trojan has been detected in explorer.exe - please help!
« Reply #8 on: March 10, 2014, 11:40:42 PM »
Ok, I have finally completed the boot scan. No items were moved to the chest, however the detailed report of the boot scan reports the following items with Win32:Dropper-gen [Drp]:

C:\Windows\explorer.exe
C:\Windows\explorer_backup.exe
C:\Windows\explorer_backup_w7sba.exe
C:\Windows\explorer_edit_w7sba.exe

EDIT: Just now, while on my PC, Avast stopped explorer.exe and claimed that explorer.exe in winlogon.exe was infected with the dropper virus.
« Last Edit: March 11, 2014, 02:08:44 AM by Abengoshis »

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: A dropper trojan has been detected in explorer.exe - please help!
« Reply #9 on: March 11, 2014, 03:22:51 PM »
Hmm I thought that was fixed

Could you right click those files in the virus chest and send them to the virus labs as a false positive

Abengoshis

  • Guest
Re: A dropper trojan has been detected in explorer.exe - please help!
« Reply #10 on: March 11, 2014, 05:19:57 PM »
I don't think any of these are to do with the explorer.exe trojan report. The only one that could be linked to it by date would be cleanup.bat:

cleanup.bat was transferred on 08/03/2014
FileSystem_Steam.dll was transferred on 05/08/2012
Unconfirmed 962796.crdownload was transferred on 14/02/2014
vtex.exe was transferred on 10/01/2014

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: A dropper trojan has been detected in explorer.exe - please help!
« Reply #11 on: March 11, 2014, 05:28:58 PM »
Those files appear to be related to chrome and steam .. Do you use both programmes

Abengoshis

  • Guest
Re: A dropper trojan has been detected in explorer.exe - please help!
« Reply #12 on: March 11, 2014, 05:31:26 PM »
I do.
The files which were to do with steam are apparently clean now.
I have no idea what the chrome download was, but it claims to be infected.
I don't know where cleanup.bat came from.

Offline essexboy

  • Malware removal instructor
  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 40589
  • Dragons by Sasha
    • Malware fixes
Re: A dropper trojan has been detected in explorer.exe - please help!
« Reply #13 on: March 11, 2014, 06:40:17 PM »
Cleanup bat could in reality be used by any programme to tidy up after updating etc... 

Is Avast still alerting on explorer ?


Abengoshis

  • Guest
Re: A dropper trojan has been detected in explorer.exe - please help!
« Reply #14 on: March 11, 2014, 06:41:53 PM »
Just this morning I had the same black screen symptoms with explorer not running because it "contains a virus".