How do I get rid of TR/Dropper.Gen from \mbab.exe?

June 20, 2014 at 07:12:13
Specs: Windows XP
TR/Dropper.Gen in C:\Program Files was blocked by Avira - will it remove all components when I click 'Remove'? Online search indicates it's a Trojan. Please advise

See More: How do I get rid of TR/Dropper.Gen from \mbab.exe?

Report •


#1
June 20, 2014 at 10:20:08
Several utilities to consider...

Download and burn to a DVD the ISO for Kaspersky anti-virus rescue disk. This is a Linux based disk that will boot the system; go on-line to update its definitions; then will scan (opt for full scan) the system and delete etc. anything "unpleasant" it finds.

The anti-virus it contains will likely find anything that any similar utility running from within windows might not. Some pests hide themselves once windows is up and running; and are difficult to find/delete. Rootkit viruses (virii) are typical. Booting the system from the DVD prevents them from hiding...

It will load itself into RAM only; will not write to the hard drive nor install itself unless you tell it to.

It's free here:

http://support.kaspersky.co.uk/viru...

You boot up with it and let it do its thing; after-which close out and reboot to windows...

After-which suggest you download and run (from windows boot up):

malwarebytes (freebie version):

https://www.malwarebytes.org/antima...

Adwcleaner:

http://www.bleepingcomputer.com/dow...

Junkware removal tool:

http://www.bleepingcomputer.com/dow...

ccleaner (free version):

http://www.piriform.com/ccleaner/do...

Likely JohnW (down near the frozen south off Australasia) will drop across this one too; and he may (more than likely will) suggest a couple of other things to do as well. Wise advice to follow if he does.

All the above are free; safe to use and regular recommended here.

message edited by trvlr


Report •

#2
June 20, 2014 at 16:10:27
Here is another way of tackling this trojan.

Print these instructions.

1: Please download Rkill from any one of these links and save it to your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop. Copy & Paste the contents of the log in your reply.
http://www.bleepingcomputer.com/dow...
Double click on Rkill to run it. If the first one doesn't work try the next one.
This will help remove certain processes and should restore any file associations and your desktop. Note: Your system is still infected as Rkill does not delete files - it merely helps to temporarily disable the infections, allowing us to start the cleansing process.
Do NOT reboot your machine. Each time you reboot, Rkill is disabled and you would have to run it again in order for it to be effective.

2: Run TDSSKiller. Copy & Paste the contents of the log in your next post please.
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://usa.kaspersky.com/downloads/...
http://support.kaspersky.com/faq/?q...
http://support.kaspersky.com/viruse...
Anti-rootkit utility TDSSKiller
http://support.kaspersky.com/faq/?q...
If TDSS doesn't run, use FixTDSS
http://www.symantec.com/content/en/...
Download FixTDSS and save it onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Double click on the FixTDSS.exe icon to run it.
Click the "I Accept" button, then the "Proceed" button to begin
The tool will restart your computer automatically - click OK to allow it to do so
The tool will begin it's scan on reboot > click "run" to begin
It will report if an infected MBR is found > click the "repair" button
If you do not specify a full pathname, TDSSKiller will save the log in the same folder that the executable resides in.

3: Run AdwCleaner
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/BWELEfV.gif
http://i.imgur.com/4luY3rU.gif
http://www.raymond.cc/blog/adwclean...
http://www.bleepingcomputer.com/dow...
Author's site
http://general-changelog-team.fr/en...
Tutorial
http://general-changelog-team.fr/en...
Please download AdwCleaner by Xplode onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Clean.
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please Copy & Paste the contents of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

4: Run Junkware Removal Tool
http://www.softpedia.com/get/Securi...
http://www.softpedia.com/progScreen...
How to download from Softpedia
http://i.imgur.com/qO92huz.gif
http://i.imgur.com/qzTUYkX.gif
http://www.bleepingcomputer.com/dow...
http://thisisudax.blogspot.com.au/2...
Download Junkware Removal Tool onto your Desktop. If your default download location is not the Desktop, drag it out of it's location onto the Desktop.
Warning! Once the scan is complete JRT will shut down your browser with NO warning.
Shut down your protection software now to avoid potential conflicts.
Temporarily disable your antivirus and any antispyware real time protection before performing a scan.
Click this link to see a list of security programs that should be disabled and how to disable them.
http://www.bleepingcomputer.com/for...
http://www.techsupportforum.com/for...
Run the tool by double-clicking it. If you are using Windows Vista or Windows 7/8, right-click JRT and select Run as Administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved onto your Desktop and will automatically open.
Copy and Paste the contents of the JRT.txt log please.

5: Run Malwarebytes' Anti-Malware ( MBAM ) Free Version. Use Quick scan. Copy and Paste the contents of the log, in your reply please.

http://i.imgur.com/U9IqcVj.gif
http://i.imgur.com/zHMG6J9.gif
Or,
http://i.imgur.com/eLcvyZD.gif
Malwarebytes' Anti-Malware
http://www.softpedia.com/get/Antivi...
http://www.softpedia.com/progScreen...
http://www.malwarebytes.org/free/
Make sure you uncheck > Enable free trial < at the END of the install.
http://i.imgur.com/tUFCbYz.gif
If your MBAM log indicates "No action taken". That's usually a result of NOT clicking the Apply Actions button after the scan. In most cases, a restart will be required.
Quick Scan versus Full Scan
http://forums.malwarebytes.org/inde...


Report •

#3
June 20, 2014 at 21:39:33
You mentioned 'mbab.exe'. Is it instead 'mbam.exe'? That's the malwarebytes startup file. If it is mbam.exe this somewhat similar problem may be of interest:

https://forum.avast.com/index.php?t...


Report •

Related Solutions


Ask Question