Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

TR/Dropper.MSIL.Gen [trojan] found by Avira repeatedly

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

TR/Dropper.MSIL.Gen [trojan] found by Avira repeatedly

Unread postby whatswronghelppls » April 27th, 2016, 9:20 pm

Hello,

since 15.04.2016 my Avira reports a TR/Dropper.MSIL.Gen [trojan] several times per day. The folder (C:\Windows\Installer\) always stays the same but the name changes, e.g. C:\Windows\Installer\MSIF58E.tmp and C:\Windows\Installer\MSI68F4.tmp.

My boyfriend claimed to can fix the problem and installed various security software, Malwarebytes, AdwCleaner etc. It didn't help and I hope it didn't make the problem worse.

I have Windows 10, 64-Bit.

"Your message contains 132259 characters. The maximum number of allowed characters is 100000." Therefore, I attached the FRST files to this message.

Thanks for your help!
You do not have the required permissions to view the files attached to this post.
whatswronghelppls
Active Member
 
Posts: 6
Joined: April 27th, 2016, 9:05 pm
Advertisement
Register to Remove

Re: TR/Dropper.MSIL.Gen [trojan] found by Avira repeatedly

Unread postby Cypher » May 2nd, 2016, 6:24 am

Hi,
My apologies for the delay.
I'm looking over your logs now and will be back soon with further instructions.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: TR/Dropper.MSIL.Gen [trojan] found by Avira repeatedly

Unread postby Cypher » May 2nd, 2016, 6:44 am

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Remember, absence of symptoms does not mean the infection is all gone.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Quick question.
Have you been helped with this problem before at another forum?

Please run the below scan for me then post the results.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Logs/Information to Post in your Next Reply

  • ESET log.
  • Have you been helped with this problem before at another forum?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: TR/Dropper.MSIL.Gen [trojan] found by Avira repeatedly

Unread postby whatswronghelppls » May 2nd, 2016, 10:46 am

Hi,

thank your for helping me.

ESET log:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=96615d15d26fd644974983dc1b82549e
# end=init
# utc_time=2016-05-02 12:36:56
# local_time=2016-05-02 08:36:56 (+0800, Taipeh Normalzeit)
# country="Germany"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 29338
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=96615d15d26fd644974983dc1b82549e
# end=updated
# utc_time=2016-05-02 12:47:04
# local_time=2016-05-02 08:47:04 (+0800, Taipeh Normalzeit)
# country="Germany"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=96615d15d26fd644974983dc1b82549e
# engine=29338
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-05-02 01:45:52
# local_time=2016-05-02 09:45:52 (+0800, Taipeh Normalzeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT
# compatibility_mode_1='Avira Antivirus'
# compatibility_mode=1815 16777213 100 100 0 6040875 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 0 15172095 0 0
# scanned=240748
# found=0
# cleaned=0
# scan_time=3527

No, I have not been helped by another forum. However, as I said my boyfriend knows a few things about malware and tried to remove it. But he could not detect it and Avira still keeps complaining.

Thanks again.
whatswronghelppls
Active Member
 
Posts: 6
Joined: April 27th, 2016, 9:05 pm

Re: TR/Dropper.MSIL.Gen [trojan] found by Avira repeatedly

Unread postby Cypher » May 2nd, 2016, 11:05 am

Hi,
whatswronghelppls wrote:
No, I have not been helped by another forum. However, as I said my boyfriend knows a few things about malware and tried to remove it. But he could not detect it and Avira still keeps complaining.

Your logs show that there is a FRST Fixlog.txt on your desktop.
C:\Users\mlex3\Desktop\Fixlog.txt

Please post the contents of this log.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: TR/Dropper.MSIL.Gen [trojan] found by Avira repeatedly

Unread postby whatswronghelppls » May 2nd, 2016, 11:13 am

Entferungsergebnis von Farbar Recovery Scan Tool (x64) Version:25-04-2016
durchgeführt von mlex3 (2016-04-27 19:32:15) Run:1
Gestartet von C:\Users\mlex3\Desktop
Geladene Profile: mlex3 & (Verfügbare Profile: mlex3)
Start-Modus: Normal
==============================================

fixlist Inhalt:
*****************
emptytemp:
*****************

EmptyTemp: => 500.1 MB temporäre Dateien entfernt.


Das System musste neu gestartet werden.

==== Ende von Fixlog 19:32:27 ====


It contains quite a bit of German, not sure if you can understand anyways. Basically it says emptytemp: has been executed, 500 MB of temporary data have been removed and the system needed to be restarted.
whatswronghelppls
Active Member
 
Posts: 6
Joined: April 27th, 2016, 9:05 pm

Re: TR/Dropper.MSIL.Gen [trojan] found by Avira repeatedly

Unread postby Cypher » May 2nd, 2016, 11:33 am

Hi,
Your logs appear to be clean, this could be "false positive" detection's from Avira.
I would like you to temporally uninstall Avira, then install another AV to see if it detects anything.

First uninstall Avira.

Next.

Download and install Avast Free from Here

Once installed, run a full scan with Avast and let me know if it finds anything.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: TR/Dropper.MSIL.Gen [trojan] found by Avira repeatedly

Unread postby whatswronghelppls » May 2nd, 2016, 8:48 pm

Hey,

no threats have been found. Do you think everything is okay?
whatswronghelppls
Active Member
 
Posts: 6
Joined: April 27th, 2016, 9:05 pm

Re: TR/Dropper.MSIL.Gen [trojan] found by Avira repeatedly

Unread postby Cypher » May 3rd, 2016, 6:15 am

Hi,
whatswronghelppls wrote:no threats have been found. Do you think everything is okay?

As i said your logs appear to be clean, as Avast found no threats it looks like you were getting false positive detection's from Avira.
I would advise you to keep Avast installed, it's an excellent free AV i use it myself. But if you want to uninstall it and reinstall Avira it's up to you.

Lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Remove disinfection tools
  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

Please read the article below which will give you a few suggestions for how to minimise your chances of getting another infection.

If your computer is running slowly after your clean up, please read.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: TR/Dropper.MSIL.Gen [trojan] found by Avira repeatedly

Unread postby whatswronghelppls » May 3rd, 2016, 6:37 am

Thanks a lot! Really awesome forum you have here.
All the best!
whatswronghelppls
Active Member
 
Posts: 6
Joined: April 27th, 2016, 9:05 pm

Re: TR/Dropper.MSIL.Gen [trojan] found by Avira repeatedly

Unread postby Cypher » May 3rd, 2016, 7:44 am

whatswronghelppls wrote:Thanks a lot! Really awesome forum you have here.
All the best!

Your most welcome, glad we could help :)
Good luck and stay safe.

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 76 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware