AntiVirus reporting TR-DropperGen

[sitting_duck 3]

for what its worth,,,,i got a virus not too long ago, and it was the first time ive ever gotton one that spread...(and damn fast to boot)....

 

first thing it took out was off...(go figure)

[BirdDogICT 3]

No issues with OFF Manager.exe as far as Kapersky Internet Security 2009 is concerned.

[almccoyjr 7]

I've also found no problems: Avast, Malwarebytes.

 

I've been using FireFox since it first came out. The newest build supports No Script and a Java flash check which will stop a lot of "crap" from coming in. There's also an app that emulates the IE browser for those arcane sites that don't allow viewing through FireFox so it's now a win-win situation. Most impressive.

 

plug_nickel (Al)

[HomeBoy 1]

That is an excellent point Olham. I didn't even think about that.

 

Sorry for all the trouble I've apparently caused! What a way to return to the boards huh?

 

Since I posted last night, I've been running several other scanners and though they've found other things, none have complained about this particular one. Avira is complaining now about other files as well however. I see some of my LockOn files have gotten infected as well. Something certainly appears to be going on.

 

I guess I've lived a charmed life. This is the first time I've really seen this. I've gotten the occasional temp file but nothing like this.

 

Pol, I've been out working all day and am just now reading the boards, mail, etc. otherwise I would have changed my title right away. I see someone took care of that. Thank you! Feel free to delete this thread all together if you want, I was just asking for advice; never intended this to be any sort of indictment on OFF. Thanks too for all the links to scanners. That's been helpful. Looks like I've got some work to do here.

 

 

I'd like - for OBD's sake - to bring up one point here again, that we had already discussed

sometime back in the early days of BHaH:

 

Everybody who loves BHaH as a great product with a lot of time and energy put into,

could help, and use words like "bug" or "Virus in an OFF product" rather carefully, and

first of all: Not in the headline

 

Cause that way, too many people may stumble across these words in their searches, and

although there was no "bug" in most cases, something negative may stick in their minds.

 

I have been criticised to ask for censorship with this, back then - but what really I mean to

ask you all for, is rather to be helpful in a positive way.

Something really disturbing or bad could still be posted to OBD's support:

 

support@overflandersfields.com

 

I made the experience myself, that they usually care very quick. Thanks for reading.

Edited October 4, 2009 by HomeBoy

[FlyPat 0]

Hello,

 

As I remember, I have patched to 1.32g friday evening

This morning, starting my PC, Avira Antivir Personal has detected this Trojan TR/Dropper.Gen in OFFManager.exe file (yesterday, when I started my PC, it didn't detect any virus)

So, I have put this file in quarantaine. Next, I have tried to reinstall v1.32g patch and now it detects the probem during installation

As I have updated my Avira Antivir virus definition yesterday evening. Look like since this date, it detects this Trojan

Edited October 4, 2009 by FlyPat

[+Winder 32]

Hello,

 

As I remember, I have patched to 1.32g friday evening

This morning, starting my PC, Avira Antivir Personal has detected this Trojan TR/Dropper.Gen in OFFManager.exe file (yesterday, when I started my PC, it didn't detect any virus)

So, I have put this file in quarantaine. Next, I have tried to reinstall v1.32g patch and now it detects the probem during installation

As I have updated my Avira Antivir virus definition yesterday evening. Look like since this date, it detects this Trojan

 

Yes Avira seems to be bringing up a false positive - read Eriks post on what to do with a false positive (yes it happens).

 

Also try another AV - there are many good free ones available now.

If you look at the list of AVs in Pols post - those are the AVs that we have run on OFF and none detect any issues and many are very good and well reputed AVs - yes they are all up to date.

 

Dropper TR is a circa 2007 virus and not new so why Avira suddenly detects OFF manager as a trojan after you updated it is strange - interesting to read that until you updated Avira it was happy with 1.32g.

Note that Homeboy had OFF manager 1.32e declared by the same AV Avira as a trojan.

I suspect this happened with the same Avira version as what you updated to, and this is more support that Avira's latest version is seemingly now detecting OFF as a false positive with its latest database update.

 

HTH

 

WM

[Cash 0]

I used "Avira" = positiv report.

 

Like you´ve said, i guess its an "Avira fals/positiv thing".

 

Best regards!

Cash

[FlyPat 0]

I suspect this happened with the same Avira version as what you updated to, and this is more support that Avira's latest version is seemingly now detecting OFF as a false positive with its latest database update.

Yes, I think the same. Avira Antivir is too sensible with his last virus definition

Thanks

[+Winder 32]

Yes, I think the same. Avira Antivir is too sensible with his last virus definition

Thanks

 

 

Just a word of caution here - the flip side could be true as well - that Avira has let Dropper through onto your PCs over time and only now has it in the database....

 

Again this is then an end user PC infection and not caused by OFF.

 

I hope it goes well - try another AV.

 

HTH

 

WM

[Blue781 0]

Blue781 which Anti Virus product? it is important that to note that.

 

Some AV programs use the same algorithms or AV signatures.

 

Housecall found nothing either so many many AV products find nada.

 

so sorry for not posting that as well i was using Avira.. it seems that this topic has been analyzed thoroughly.. hope i can get it to work now.. ;)

[Von Paulus 8]

BitDefender Internet Security report no issues.

[HomeBoy 1]

Thank you Erik for the detailed instructions. I have followed your instructions. Results follow.

 

...

report the false positive to AVIRA so they can update their scan engine. You can do that here through their online submit form: AVIRA Sample Submission

...

Done. Sent the report to Avira.

 

...

While I was digging around AVIRA I also noticed a removal tool that's free and independent of any A/V. I would be interested to see what their removal tool detects and reports for you. You can get a copy of it here: AVIRA Removal Tool

Ran this and it did not find ANYTHING. Strange that Avira flags the file yet it's removal tool does not find any problems.

 

...

 

For a further diagnosis of your file system if you are unable to find and remove the TR/DropperGen.Trojan I recommend the following:

 

Download Malwarebytes' Anti-Malware (MBAM)

...

 

Downloaded MBAM and it found no problems. Here is the log:

Malwarebytes' Anti-Malware 1.41
Database version: 2907
Windows 5.1.2600 Service Pack 3

10/5/2009 12:56:01 AM
mbam-log-2009-10-05 (00-56-01).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 420749
Time elapsed: 55 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[OHO 0]

All fine with Avast full scan.

 

 

Royce

[HomeBoy 1]

FYI,

Just got a note from Avira saying they analyzed the 1.32g minipatch download link I sent them and since they were unable to find a virus in the OFFManager.exe they are going to change the way they identify the TR-DropperGen trojan and release an update.

 

Thanks for all the help (especially Erik for that great step-by-step) and Pol for the list of scanners. This has been educational for me at least as, like I said, I've lived a charmed life and have not seen anything like this before.

 

I suspect that if you are using Avira, you will get your OFFManager.exe quarantined at least until they release the new version which I suspect will happen pretty quick.

[+Polovski 460]

Great thanks for the update Homeboy - and thanks for checking the file with the AV company. Some good came of it anyway :)

[themightysrc 5]

Pol,

 

Here's an idea - port OFF to linux and we can forget all this virus nonsense forever ;^)

 

Cheers,

Si

[kaa 0]

Hi, I have this hopefully "false positive" from AVIRA concerning the OFF exe, since today...without having updated anything on OFF...I 'll wait till Avira modify their viri definition or their software sensibility...just have to deactivate it while playing OFF..and not being online meanwhile...

[GRUMPYBEAR 1]

Here is a link to an article I was reading today. Its a comparative on the major AV's.

 

AV comparative

 

Cheers

GB

[+Erik 1,812]

[+Erik 1,812]

Pol,

 

Here's an idea - port OFF to linux and we can forget all this virus nonsense forever ;^)

 

Cheers,

Si

 

Hmmm well if Pol ports over DirectX to Linux (which is what CFS3 and MSFS both use) then I'll buy the man a month's worth of beer.

[HomeBoy 1]

Update....

 

My Avira auto-update downloaded a new update tonight. I suspected it might be the fix and sure enough, checked for virus in OFFManager.exe and Avira is indeed happy with it.

 

So, not bad for free software! Pretty responsive bunch that Avira!

[Von Paulus 8]

 

So, not bad for free software! Pretty responsive bunch that Avira!

 

They have commercial products too.

[DerMo 0]

Weird!Today my Avira informed me that OFFManager.exe is infected with a Trojan,I have to admit i havnt played OFF for two months now and i when i lately worked on my PC a week ago everything was fine.I am running OFF at version 1.32e. I have Downloaded the latest AV update today but still i got the message.Can i ignore this or could this be indeed a Trojan???Help

[+Polovski 460]

Dermo, please read the thread. Don't worry. LOTS of info how to check. I can assure you there is nothing at all wrong with OUR files at all. 1000s of people have it, and we are all fine as per this thread.

 

So if you have a trojan it's either

1) something you got elsewhere

2) a false alarm

 

In the thread ALL the other AV products out there, including all the top ones, find NOTHING. Please go do a scan/check with other AVs tools listed in the thread to assure yourself. Unfortunately this thread keeps rearing it's ugly head and it's all cos of a false alarm with 1 AV product.

 

Avira updated their product to stop the false alarm - if it's back with a new update that's annoying, please contact them again as Homeboy did above and ask if they can check if it is the same issue, or indeed you have collected a trojan from elsewhere ;)

[DerMo 0]

Thanks Pol and sorry for bringing up this topic again.I did read this thread and i hoped a Avira update would fix this but it didnt.Will try another AV software and then i see where it takes me. Edit:Must be a false warning since i had no Internet connection when the message came up and all system was clean before.Greetings Der Mo