5 Replies Latest reply on Feb 7, 2010 6:34 AM by x-vuskie

    TR/Dropper.Gen trojan help

      I have the TR/Dropper.gen Trojan.  McAfee does not recognise it or find it.  I am finding it with Avria.  I want to get rid of it.  I have TOTAL protection 2010.  I am not sure what this trojan does nor how I got it or how long I have had it.  Does McAfee have a stinger or other methods of getting rid of this Trojan?

       

      Thanks in advance.

        • 1. Re: TR/Dropper.Gen trojan help

          Hi There,

           

          Which McAfee product are you using, are the DATs up-to-date?

           

          If you are using our latest DATs are we are still not detecting please submit the sample to us for review using the following guidelines -

           

          please send us a sample for analysis, in a password-protected ZIP file (password - infected).  You can find detailed instructions for how to do this at <http://vil.mcafeesecurity.com/vil/submit-sample.aspx>

          If you have a system where you can do a test scan, you may first wish to try our beta DailyDATs to get the latest detection available.   You can find this on our web-site at:
          <http://vil.mcafeesecurity.com/vil/averttools.aspx>

          Please include a description of the symptoms your system is experiencing, and any pertinent information about what AV Products you are using including company, version number (engine/dat numbers for McAfee Products) and results of the scan.

          Note -

          Due to the prevalence of network gateway AV products it is important that all submissions be zipped and the zip file password protected (password - infected). Some products will reject an email that contains a virus that is not sent in this way. In addition, often we receive a file that appears not to have been infected, to find later that the file was infected when it left the sender, and was cleaned somewhere along the line.

          For additional information, our Virus Information Library page can be found at <http://vil.mcafeesecurity.com/vil/default.aspx>

          Please use the following links to reach our technical support group for McAfee products.

          Corporate Customers:
          <https://support.mcafee.com>

          Single User/Retail Customers:
          <http://service.mcafee.com/default.aspx>

          Regards,

          T. Abrahams
          Virus Research Analyst
          McAfee Labs
          A division of McAfee, Inc.
          --------------------------
          McAfee® Avert® Labs Blog <http://www.avertlabs.com/research/blog/>
          AudioParasitics - The Official PodCast of McAfee®  Avert® Labs <http://podcasts.mcafee.com/audioparasitics>
          --------------------------
          Safe online? Avoid dangerous web sites using McAfee SiteAdvisor™ -  a FREE download from http://www.siteadvisor.com?cid=27092. Don't search or surf without it!

          • 2. Re: TR/Dropper.Gen trojan help

            First off let me say as knowing my way around a computer goes I am slightly better than the average person, BUT by no means am I a computer tech.

             

            My product is 3-User McAfee Total Protection. I have had the product for about 1 and half years and down loaded and installed the latest version/software January 26th of 2010 so I do believe I have the latest version.  The program is set up to update its database every day and I can confirm that it updated its DB yesterday afternoon.  It is also configured to do a complete Scan every Friday at 2:00AM which it is it is still working on as we speak (94% complete as I type) so far with no virus(s) found.

             

            Here is the information on the build and Database.

             

            Security Center

            Version 9.15

            Build 9.15.160

             

            Virus scan

            Version 13.15

            Build 13.15.113

            DAT Version 5882.0000

            DAT Creation Date 2/4/2019

            Engine version 5301.4018

             

            I have tried to follow you instruction and take a look at my System Config Utility / Startup, but to be honest I can not tell what should be there and what should not, let along figure out how to "copy” a file that is called out there.  There is though one line item that is almost completely blank.  Under “Startup Item” it is blank, under “Command again blank.  Under “Location” it gives me

             

            HKLM\software\Microsoft\CurrentVer…

             

            I can not get any more info on where/what this is

             

            I looked on the McAfee Labs Tools webpage you provided a link, but could not find “DailyDATs” scanner program, but I could not find any that are called that.  There are close to 20 utilities on the page could you give me a little more info as to which one you want me to use.

             

            I also tried to follow the link you provided me with for support and was told by McAfee Site Advisor that the page/site was an “Untrusted site” and I should not go there.

             

            Avira (free version) finds this though

             

            \GLOBAL??\C2CAD972#4079…\max++00.x86

             

            I take it “max++.x86” is the file, but I can not find it.

             

            This is the file that Keeps popping up as containing the Trojan, but I search my computer and it say’s it can not find a file named this.

             

            The alerts come when ever I start up a new program, and I usually get 1-2.

             

            I am hoping that McAfee can get rid of this after all from what I can tell this Trojan has been around for quite a few years, and after all I did by your TOTAL Protection product.

             

            Thanks

            • 3. Re: TR/Dropper.Gen trojan help

              Hi

               

              Please download the McAfee Stinger from HERE (http://vil.nai.com/vil/stinger/)

              Instructions for how to run Stinger are also on this page.

               

              Once the Stinger has run, do not close the program. Please select "File" (top left) and you should see an option to Save a log file. Please post this here once saved.

               

              Hope this helps

               

               

              All product-related questions and comments can be addressed through technical support and customer service, including:

              * Product installation and update questions
              * Product usage questions
              * Specific operating system/version questions
              * Assistance with detection and cleaning or removal of viruses or trojans

              Use the following link to reach online technical support for McAfee products.

              Corporate Customers:
              <http://www.mcafee.com/us/support/index.html>

              Single User/Retail Customers:
              <http://service.mcafee.com/default.aspx>

              Regards,


              • 4. Re: TR/Dropper.Gen trojan help

                Not much to the stinger report, I beleive it says my system is clean.

                 

                 

                McAfee® Stinger Version 10.0.1.688 built on Nov 24 2009

                 

                Copyright © 2009 McAfee, Inc. All Rights Reserved.

                 

                Virus data file v5000 created on Nov 23 2009.

                 

                Ready to scan for 1370 viruses, trojans and variants.

                 

                 

                 

                Scan initiated on Fri Feb 05 14:31:19 2010

                 

                  Number of clean files: 916715

                 

                 

                 

                McAfee® Stinger Version 10.0.1.688 built on Nov 24 2009

                 

                Copyright © 2009 McAfee, Inc. All Rights Reserved.

                 

                Virus data file v5000 created on Nov 23 2009.

                 

                Ready to scan for 1370 viruses, trojans and variants.

                 

                 

                 

                Scan initiated on Fri Feb 05 14:31:19 2010

                 

                  Number of clean files: 916715

                 

                 

                 

                McAfee® Stinger Version 10.0.1.688 built on Nov 24 2009

                 

                Copyright © 2009 McAfee, Inc. All Rights Reserved.

                 

                Virus data file v5000 created on Nov 23 2009.

                 

                Ready to scan for 1370 viruses, trojans and variants.

                 

                 

                 

                Scan initiated on Fri Feb 05 14:31:19 2010

                 

                  Number of clean files: 916715

                • 5. Re: TR/Dropper.Gen trojan help

                  Hello,

                   

                  Please get the samples submitted to the Virus_Research@avertlabs.com for analysis so that we can provide the proper solution. The file you mentioned in your initial message would be something we would like to further review.

                   

                  You can use this site for how to submit a sample:  http://vil.nai.com/vil/submit-sample.aspx

                   

                  Also, please do tell us what suspicious activities you may have seen with these samples as well.

                   

                  Cheers,
                  Vu.