Author Topic: win32:Dropper-Bdv  (Read 7338 times)

0 Members and 1 Guest are viewing this topic.

crow

  • Guest
win32:Dropper-Bdv
« on: September 05, 2008, 02:01:20 AM »
Please advice if the following is a positive:
Sign of "Win32:Dropper-BDV[trJ] has been found in:C/Program files/Uninstall_flash_player.exe"file

Thank you very much
EP

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89426
  • No support PMs thanks
Re: win32:Dropper-Bdv
« Reply #1 on: September 05, 2008, 02:12:27 AM »
Usual drill confirm the detection at VirusTotal and report, etc.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

crow

  • Guest
Re: win32:Dropper-Bdv
« Reply #2 on: September 05, 2008, 03:01:03 AM »
Usual drill confirm the detection at VirusTotal and report, etc.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner and report the findings here. You can't do this with the file securely in the chest, you need to extract it to a temporary (not original) location first, see below.

Create a folder called Suspect in the C:\ drive, e.g. C:\Suspect. Now exclude that folder in the Standard Shield, Customize, Advanced, Add, type (or copy and paste) C:\Suspect\* That will stop the standard shield scanning any file you put in that folder. You should now be able to export any file in the chest to this folder and upload it to VirusTotal without avast alerting.

If it is indeed a false positive, see http://forum.avast.com/index.php?topic=34950.msg293451#msg293451, how to report it to avast! and what to do to exclude them until the problem is corrected.

Thanks Davidr

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89426
  • No support PMs thanks
Re: win32:Dropper-Bdv
« Reply #3 on: September 05, 2008, 04:02:35 AM »
You're welcome, let us know the results.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.6.6121 (build 24.6.9241.848) UI 1.0.809/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

crow

  • Guest
Re: win32:Dropper-Bdv
« Reply #4 on: September 05, 2008, 09:44:04 AM »
You're welcome, let us know the results.

Thank you for your interest ,I did it the other way around:
1.I deleted the infected flash player program.
2.Deleted the infected file from virus chest.
3.Deleted the suspected virus from system restore(it was there too..)
4.Installed new flash player again.
Now, I only hope I`m done with it and not get some resurrection elsewhere.....
Consideration for doing that: No problem to get rid of the whole program and reinstall  . That way, saving time and efforts .

Thank you again for your assistance. :D
EP


« Last Edit: September 05, 2008, 11:25:02 AM by crow »

YoKenny

  • Guest
Re: win32:Dropper-Bdv
« Reply #5 on: September 05, 2008, 10:08:44 AM »
Please advice if the following is a positive:
Sign of "Win32:Dropper-BDV[trJ] has been found in:C/Program files/Uninstall_flash_player.exe"file

Thank you very much
EP
I saw that on my friend's system and it was the result of one of the prolific antivirus2008 infections.

You may have to FORMAT the hard drive as those infections have become very nasty with rootkit installations.

I would download MBAM then update it then run a Quick scan and let it remove what it detects and a reboot may be required to remove locked files:
http://www.malwarebytes.org/mbam.php


mouse

  • Guest
Re: win32:Dropper-Bdv
« Reply #6 on: September 05, 2008, 10:55:54 AM »
Crow,

following your way may give you the feeling of greater security, but you really do not know if your system has been exposed or not.
I am scanning one of my pc and it came up with the same warning. I know that the file was downloaded from the official site, so I am confident that it is a FP but I will check this out once my scan is finished.

wyrmrider

  • Guest
Re: win32:Dropper-Bdv
« Reply #7 on: September 05, 2008, 06:02:10 PM »
Crow
I recommending doing what the little bird told you
by nuking the only evidence you had there is now no way to tell if this was part of a larger infection
do you have a log that shows the malware name and path?
post up that MBAM log
rt click the avast ball and update programs
then rt click again and schedule a boot time scan with archives etc turned on
reboot
I, of course, hope you are clean

best to leave a copy in the chest but do the restore clean up then investigate
did you google the hit?

mouse

  • Guest
Re: win32:Dropper-Bdv
« Reply #8 on: September 06, 2008, 01:26:16 AM »
Haven't had time yet to do the upload ex chest to Avast but did check via Virustotal (by downloading the same file again from the Adobe site.  Only three AV show this is a virus/trojan: Avast, GData and VB32. I don't know Gdata but VB32 seems to flag everything, so I still think this is more likely to be a FP. Interestingly enough on Jotti Avast does not show anything.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34001
  • malware fighter
Re: win32:Dropper-Bdv
« Reply #9 on: September 06, 2008, 01:39:23 AM »
Hello mouse,

I think you are probably right, upload to avast and they correct it in a next update.
Thanks for diving into it, and reporting,

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

crow

  • Guest
Re: win32:Dropper-Bdv
« Reply #10 on: September 06, 2008, 02:01:48 AM »
Thank you all for being so responsive.
Crow

YoKenny

  • Guest
Re: win32:Dropper-Bdv
« Reply #11 on: September 06, 2008, 04:19:16 AM »
I just scanned my downloaded copy of Uninstall_flash_player.exe and it does not pop up a virus warning.

I'm not able to get back to the infected system for a while to submit the infected file.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 34001
  • malware fighter
Re: win32:Dropper-Bdv
« Reply #12 on: September 06, 2008, 04:38:50 PM »
Hi crow, mouse, YoKenny,

Always before downloading check here: http://online.us.drweb.com/?url=1
So copy and paste the URL in this realtime checker against the servers of DrWeb.
You can also search using scandoo.com.
But use a realtime download link checker, because the site that was malware free last week, may be abused the moment youi start to download. Check and re-check is the word, and you all know the saying; "Curiosity killed the cat",

polonus

P.S. "Crow, click the pic to see it larger".
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

crow

  • Guest
Re: win32:Dropper-Bdv
« Reply #13 on: September 06, 2008, 07:31:03 PM »
Hi crow, mouse, YoKenny,

Always before downloading check here: http://online.us.drweb.com/?url=1
So copy and paste the URL in this realtime checker against the servers of DrWeb.
You can also search using scandoo.com.
But use a realtime download link checker, because the site that was malware free last week, may be abused the moment youi start to download. Check and re-check is the word, and you all know the saying; "Curiosity killed the cat",

polonus

P.S. "Crow, click the pic to see it larger".

Hi polonus
Thank very much for the very useful link...and for the very nice picture!!! :D
Crow