I Have A Virus :-(

[khaan]

TR/Dropper.Gen5 When I inserted my USB into my computer today after getting some documents scanned

a message immediately popped up on my computer saying the " auto run had been halted " and soon after my AVIRA anti-virus gave me a virus alert that I had TR/Dropper.Gen5 which i quarantined immediately.

But what I don't understand is that I carried out a full system scan directly after that and the scan result was negative for any more viruses and yet later during the afternoon I received two subsequent pop up warnings from Avira thatThe TR/Dropper.Gen5 was still present?

The first warning that simply popped up about one hour after I finished the scan alerted me to another TR/Dropper.Gen5 the second warning was just regarding TR/Dropper.Gen so without the 5 after the “ Gen “. I assume these are two different viruses?

Could someone be able to help me remove these permanently and are they very serious threats?

Thanks very much.

[Slaps]

Malwarebyt works for me, most times

[redroo]

i had a simular problem like this .

i downloaded a virus remover called " TDSSKILLER " . Google it .

and it got rid of the virus.

maybe this could help you with yours.

good luck.

[khaan]

thanks for the responses.

I actually used a scan called PC Safe Doctor which actually found the virius but i had to sign up for a years subscription to get the serial number before i was able to remove it which i did !! Oh well i dont care because it was listed as being very maliicious. And the AVIRA anti virus didn't pick it up.

But what is still troubling me is that when i type into Google names like McAfee, Norton, Avira etc , the search

results come up ok but I am unable to enter any of these websites. I am being blocked

Does this mean the virus is still lurking in my computer even after paying for an online scan facility ?

Edited December 9, 2011 by khaan

[Gers1873]

TR/Dropper.Gen5 is a low level trojan that first popped up around 2007 IIRC.

Most decent AV programs should have be able to fix this issue. Is your AV database up to date?

[transam]

Try an additional online scan called SuperantiSpyware.

[khaan]

TR/Dropper.Gen5 is a low level trojan that first popped up around 2007 IIRC.

Most decent AV programs should have be able to fix this issue. Is your AV database up to date?

oh yes i receive an update every day . But after running a full scan just this morning with AV

it failed to detect the virus was still there wheras PC Safe Doctor found it.

[ETatBKK]

TR/Dropper.Gen5 is a low level trojan that first popped up around 2007 IIRC.

Most decent AV programs should have be able to fix this issue. Is your AV database up to date?

oh yes i receive an update every day . But after running a full scan just this morning with AV

it failed to detect the virus was still there wheras PC Safe Doctor found it.

if possible, make a boot CD/DVD with the anti-virus application.

boot from the CD/DVD and then scan the harddisk. may help to scan the harddisk thoroughly.

good luck !

[worgeordie]

Hi Kaan, Download Hitman Pro,(google it), its free and scans

with 5 different engines,and will remove your virus

You should also download a program that does not let the UBS

run,until you have scanned it first, USB s are most likely the

greatest way to get infected with viruses Ect.

regards Worgeordie

the USB program I was thinking of is called ,NoAutorun, its only a few Kbs ,but works

Edited December 9, 2011 by worgeordie

[khaan]

THANK YOU EVERYONE :jap:

but this is being a very stubborn trojan indeed !!

Whoever said it was a " low level trojan " i have to disagree !

Can you believe after I subscribed to that PCSafe Doctor online scan this morrning and after carrying out a full scan using that

and removing it again about 10 minutes ago I got another pop alert from AVIRA !!

This is unbeliveable I guess that answered my question as to why i am still being blocked

from some antivirus websites ,,,,,it was still there

I will try some of the other rescources provided above and thanks...

[worgeordie]

Hi Khaan, are you sure PCSafe doctor is a legit program as I

checked on all the well know websites for downloads and they

dont list it,

best to go with well know scanners, like MalwareBytes,Hitman Pro,SuperantiSpyware,

as there are fake antispyware scanners out there that will infect your computer.

take care regards Worgeordie

PS if you google PC safe doctor, lot of people asking if its safe too,and no download site lists it ,and I believe its not easy to uninstall.

Edited December 9, 2011 by worgeordie

[RedCardinal]

thanks for the responses.

I actually used a scan called PC Safe Doctor which actually found the virius but i had to sign up for a years subscription to get the serial number before i was able to remove it which i did !! Oh well i dont care because it was listed as being very maliicious. And the AVIRA anti virus didn't pick it up.

But what is still troubling me is that when i type into Google names like McAfee, Norton, Avira etc , the search

results come up ok but I am unable to enter any of these websites. I am being blocked

Does this mean the virus is still lurking in my computer even after paying for an online scan facility ?

Most likely PC Safe Doctor is part of the scam - this is a typical AV scam that tells you about infection, but forces you to pay to remove it. Commonly referred to as "Scareware".

Try Malwarebytes as it can usually remove this type of thing. You may need to scan in Safe Mode to get rid of it.

As to access to those sites - yes, this is another symptom of the virus you have. It blocks access to common AV sites in order to get you to pay up. BTW - the application you paid for likely has even more crap in it. You may also have to cancel your Credit Card if used with one of these scams. They have been known to abuse the CC data they collect.

[BB1950]

thanks for the responses.

I actually used a scan called PC Safe Doctor which actually found the virius but i had to sign up for a years subscription to get the serial number before i was able to remove it which i did !! Oh well i dont care because it was listed as being very maliicious. And the AVIRA anti virus didn't pick it up.

But what is still troubling me is that when i type into Google names like McAfee, Norton, Avira etc , the search

results come up ok but I am unable to enter any of these websites. I am being blocked

Does this mean the virus is still lurking in my computer even after paying for an online scan facility ?

Most likely PC Safe Doctor is part of the scam - this is a typical AV scam that tells you about infection, but forces you to pay to remove it. Commonly referred to as "Scareware".

Try Malwarebytes as it can usually remove this type of thing. You may need to scan in Safe Mode to get rid of it.

As to access to those sites - yes, this is another symptom of the virus you have. It blocks access to common AV sites in order to get you to pay up. BTW - the application you paid for likely has even more crap in it. You may also have to cancel your Credit Card if used with one of these scams. They have been known to abuse the CC data they collect.

It looks like the OP has been scammed.

You might want to read this from the WOT Forum:

http://www.mywot.com...30-pcsafedoctor

Again, follow RedCardinal's recommendations.

Edited December 9, 2011 by BB1950

[BB1950]

I assume you are using a copy of Avira that you got from Avira or some trusted site. Note: there are fake Aviras out there that are trojans!

It's quite possible that your Avira was also attacked. You may need to do a repair of your Avira installation to insure it is functioning properly.

[fasteddie]

Try an additional online scan called SuperantiSpyware.

Totally agree, superantispyware

[khaan]

Try an additional online scan called SuperantiSpyware.

I have been away and in fact all those problems happened the day I was leaving.

Thanks so much for putting me onto superantispyware but sadly the problem is still unresolved.

I removed Avira and now I rely only on superantispyware. And while it is very good at detecting the unwanted files and removing them , it is obviously not able to remove the root of my problem. Today I have carried out 3 full scans and each time it has detected between 3-4 trojans and 10 -12 less harmful adware cookies and removed them.

But later when I ran the scan again there was something else there – not the same but similar.

Actually today the computer is noticeably slow on the internet so it is pretty clear my computer is still infected with something that not even superantispyware can remove.

Do you think I need to take it to a computer specialist to have them look at it.

[khaan]

thanks for the responses.

I actually used a scan called PC Safe Doctor which actually found the virius but i had to sign up for a years subscription to get the serial number before i was able to remove it which i did !! Oh well i dont care because it was listed as being very maliicious. And the AVIRA anti virus didn't pick it up.

But what is still troubling me is that when i type into Google names like McAfee, Norton, Avira etc , the search

results come up ok but I am unable to enter any of these websites. I am being blocked

Does this mean the virus is still lurking in my computer even after paying for an online scan facility ?

Most likely PC Safe Doctor is part of the scam - this is a typical AV scam that tells you about infection, but forces you to pay to remove it. Commonly referred to as "Scareware".

Try Malwarebytes as it can usually remove this type of thing. You may need to scan in Safe Mode to get rid of it.

As to access to those sites - yes, this is another symptom of the virus you have. It blocks access to common AV sites in order to get you to pay up. BTW - the application you paid for likely has even more crap in it. You may also have to cancel your Credit Card if used with one of these scams. They have been known to abuse the CC data they collect.

It looks like the OP has been scammed.

You might want to read this from the WOT Forum:

http://www.mywot.com...30-pcsafedoctor

Again, follow RedCardinal's recommendations.

Yes thanks and the very same day I cancelled the payment and they have replaced my credit card

with a new number.

Edited December 22, 2011 by khaan

[worgeordie]

Khaan, you need to install a full anti virus program,

AVG free is very good, as is Avast free, but

SuperAntispyware by its self is not enough.

and only download from reliable sites, such as download.cnet.com

softpedia.com,filehippo.com . snapfiles .com

and also scan files BEFORE you install on your computer,

Hitman Pro is a good scanner has 5 engines.

think before you click regards Worgeordie

Edited December 22, 2011 by worgeordie

[samuijimmy]

Just a thought, but if running a second AV program, don't you need to turn off the one you already have? .... so not to conflict.....?

I agree about these "scareware" programs, being a big scam

Edited December 22, 2011 by samuijimmy

[Lannig]

Just a thought, but if running a second AV program, don't you need to turn off the one you already have? .... so not to conflict.....?

My usual advice is to avoid at all costs having more than one real-time on-access file scanning anti-virus program like Kaspersky, Trend Micro, McAfee, AVG, Avast, NOD, Avira or (God forbid) Symantec[*] etc. It's much more likely to bring you trouble than any extra security.

Other programs like Spybot S&D, Antimalware etc. are more like cleaner programs and don't do real-time on-access scanning, so they can coexist with an anti-virus.

[*] Yes, I strongly dislike Symantec A/V products. Elaborating on this would be off-topic so I won't.

[pattayadingo]

According to google it can be an awkward trojan to remove. It all depends on how computer literate you are.

There is a specific removal tool for your virus with instructions at

http://www.cleanpcguide.com/remove-trdropper-gen5-removal-guide-how-to-remove-trdropper-gen5/

or if you are savvy enough to do it yourself

http://www.pcfixerrors.net/trdropper-gen5-trdropper-gen5-removal-guide

[pattayadingo]

double post. Sorry

Edited December 22, 2011 by pattayadingo

[justsumhelp]

You could always try a different OS, copy the stuff you need to a an external drive then throw it all back on any *nix distro, all the other advice here is chitter chatter of how thick the condom is, if you continue to use Windows upload the suspect file to http://vscan.novirusthanks.org/

[khaan]

You could always try a different OS, copy the stuff you need to a an external drive then throw it all back on any *nix distro, all the other advice here is chitter chatter of how thick the condom is, if you continue to use Windows upload the suspect file to http://vscan.novirusthanks.org/

Unfortunately what ever is on my computer is blocking me from entering the site you have given me as well as all other major antivirius websites.

Maybe i will have to have Windows reinstalled.

[khaan]

I am pleased to say they got rid of it in the shop.

That was a very nasty Trojan and was indeed in the form a fake anti virus package.

Now i am able to freely open the websites of other major anti - virus providers.

He did it with AVIRA which he reinstalled but he told me there was no need to pay the subscription

and that the free AVIRA package is just as good ?

Does anyone agree with that. I just dont want to go through that again !

Edited December 23, 2011 by khaan

[worgeordie]

Hi Khaan Pleased your problem is solved, in my opinion AVG free and Avast free

are better Anti Virus than Avira, but maybe you should leave things as they are,

As I said before download Hitman Pro,it scans with 5 engines,its Free,

and MalwareBytes also free, update them weekly, and scan weekly they

will catch any Virus ,Malware that gets past Avira.

Only download from reliable sites, and scan downloads BEFORE opening them.

take care regards Worgeordie

[justsumhelp]

Im sure there is some quality thai computer repair services, but if you are capable then you should completely wipe you hard disk and start over with a fresh install of Windows, then put avg free on it.

I am pleased to say they got rid of it in the shop.

That was a very nasty Trojan and was indeed in the form a fake anti virus package.

Now i am able to freely open the websites of other major anti - virus providers.

He did it with AVIRA which he reinstalled but he told me there was no need to pay the subscription

and that the free AVIRA package is just as good ?

Does anyone agree with that. I just dont want to go through that again !

[vagabond48]

Sorry of the slight hijack.

On occasion, I have to use a flashdrive at a print copy shop. I am always concerned that I might pickup a nasty bug. Someone mentioned NoAutorun. As anyone else used it? I found it on an independent download site but not on CNET. CNET does have other software that appear to deal with autorun files as well.

Any helpful advice woul be appreciated.

[worgeordie]

Hi Vagabond, Panda USB Vaccine is a good product to keep your

computer safe from infected flashdrives.

Its free,only 828K and you can vaccinate your computer or USB

drive against autoruns, so you can scan before downloading.

You will find it on most good download sites.

Regards Worgeordie.

PS if you go to Cnet Download .com,can you report back, when

you scroll down the pages there ,are they jerky,or is it just my computer?

[terryq]

If you just want to turn off autorun you can do it using editing Group Policy (assume using windows)

Run GPEDIT or Google "disable autorun"

NoAutorun you mention is available at Sourceforge.net (safe download site imo)

Find cnet downloads a pain now since they use a wrapped installer that sugests you install toolbars etc.

Agree with worgeordie ref Panda USB vaccine.