cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Whether you are transferring a single drive, a team or an entire organization, Movebot's cloud migration tool has been built to make your Dropbox migration simple - learn all about it here.

Dropbox installs & integrations

Connect your tools and content together with help from the Dropbox Community. Join a discussion or post a question of your own to get started.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

I was infected by a Trojan it's synced in Dropbox, too. What should I do?

I was infected by a Trojan it's synced in Dropbox, too. What should I do?

bertonstott
Explorer | Level 4

When I try to open or install DropBox on my Windows laptop, I get an "Infection Blocked" error from Iolo System Mechaninc (My anti-virus program). 

The infected object is reported to be C:\PROGRAM FILES (X86)\DROPBOX\CLIENT_45.4.92\PSUTIL_PSUTIL_WINDOWS.PYD. 

The infection name is W32/s-462f1630!Eldorado. 

The infection type is Trojan.  

The Antivirus blocked and quarantined this object, preventing DropBox from opening.\ 

Am I safe to add an exception for this?  Is it a false alarm? 

I should add that when I try to reinstall DropBox I get that error, followed shortly by a popup box reporting Error 2. It doesn't install.

1 Accepted Solution

Accepted Solutions

Re: Trojan reported

Karina
Dropboxer

Hi again eveyone, and welcome @Kaimalino & @Sparky15756 - hope y'all are good! 😊
 

After looking into this a little bit, I’ve found some info that might explain syncing issues and infected files. 
 
  • The Dropbox desktop client uses the ".dropbox.cache" folder as a staging area to download your files in small chunks. Sometimes antivirus programs will pick up these partial files as false positives and continuously quarantine them. 
 
  • The problem is that Dropbox keeps downloading the file in an attempt to sync the file down to your device. So, I’d recommend adding the Dropbox cache folder to an ignore list so that Dropbox can correctly sync that file and/or temporarily disabling your antivirus. 
 
  • Once synced, you should no longer see these warnings or quarantine messages.
 
Now, for those of you experiencing issues with the install or start up of the application, see if you’re also able to add the cache folder to an ignore list - If you’re still experiencing issues after this, I definitely think it would be best for our specialists to take a closer look, so please log an official request at: www.dropbox.com/support 
 
From there, feel free to write back with your ticket ID’s and I’ll be happy to search for the cases on our back-end and forward them along. 

Thanks so much and happy Friday! 
 
balloon 



Karina
Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so please mark it for some Kudos below. 
:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
:arrows_counterclockwise: Still stuck? Ask me a question! (
Questions asked in the community will likely receive an answer within 4 hours!)

View solution in original post

18 Replies 18

Re: Trojan reported

bertonstott
Explorer | Level 4

I should add that when I try to reinstall DropBox I get that error, followed shortly by a popup box reporting Error 2. It doesn't install.

Re: Trojan reported

User999
Explorer | Level 3
I got the same infection blocked for that file in the dropbox folder. It occurred after I installed an update to my WD Backup software while trying to resolve an issue that occurs between WD Backup and Dropbox.

Re: Trojan reported

Karina
Dropboxer
Hey guys @User999 @bertonstott, thanks so much for sharing this with us and checking in here on the Forum! :smile_cat:
 
Where did you initially install Dropbox from? Was it directly from our link online?
I’d suggest completely removing the software from your hard drive as a first step:
 
(You can uninstall the app by following these instructions: How to uninstall Dropbox)
 
Also, regarding the Error 2 message - Please note that this is a Windows matter related to issues with the PATH environment, or an incomplete file withing the folder path location. 
 
If upon reinstalling the Dropbox app ( download here ) you still come across the error, I’d recommend reading through this Forum thread, where one of my colleagues has included steps on how to resolve this issue: Error 2 - Installation Error
 
Let me know once you've got any updates or have made any progress on getting this issue resolved. I look forward to hearing from you both & hope you have a great rest of your day! 



Karina
Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so please mark it for some Kudos below. 
:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
:arrows_counterclockwise: Still stuck? Ask me a question! (
Questions asked in the community will likely receive an answer within 4 hours!)

Re: Trojan reported

Sparky15756
New member | Level 2

Hey there! I too have the same problem with this trojan and have followed the steps to uninstall/install over the current installation I've got, but both methods have come up with problems:

-Uninstalling fails with no known reason, probably due to the trojan being stubborn

-Installing over the current installation had failed with no known cause or error

 

I've also tried to delete the /Dropbox folder from my hard-drive to no avail, making it nearly impossible to get rid of the problem, even with Malware removers too.

 

Any help with this would be much appreciated.

Re: Trojan reported

Kaimalino
Explorer | Level 4

I believe this may have something to do with Dropbox per se, as it doesn't appear to just be limited to users of Iolo System Mechanic.
This is my experience regarding this issue, in case it helps someone, which I have just discovered has resolved itself.

Timeline:

Tuesday, 03/20/2018 afternoon - Iolo System Mechanic System Shield Pop-up window appears stating it found a file infected with the Eldorado virus, said file at this initial report was:

[ALL CAPS] - c:\program files (x86)\dropbox\client_46.3.60\psutil_psutil_windows.pyd
is infected with w32/s-462f1630!Eldorado, and System Mechanic quarantined the file.

I know that there should not be, other than during upgrade installation, other 'client' folders in the dropbox folder.
Next I went to the dropbox folder and visually verified that there actually was both a 'client' folder, and a 'client_46.3.60' folder created on this same day. There are indeed both.
At this point I assumed an automatic background upgrade installation had been in progress (I've had DropBox on this laptop for 7+ years).
I then ran a full system malware scan, and, in addition to that file, it found and quarantined a total of three more files, all infected with the same version of Eldorado, as follows [paths ALL CAPS]:
c:\program files (x86)\dropbox\update\download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\46.3.59\DROPBOXCLIENT_46.3.59.EXE
c:\program files (x86)\dropbox\install\{229A986C-0B31-4104-AB08-95B1F788D7B0}\DROPBOXCLIENT_46.3.60.EXE
c:\program files (x86)\dropbox\update\download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\46.3.59\DROPBOXCLIENT_46.3.60.EXE

Regarding this issue: I did nothing more, other than no longer use Dropbox, for the remainder of this day.

Wednesday, 03/21/2018 morning - I noticed when downloading a Google document I had completed, to a dropbox sub-folder on my laptop for backup and syncing with cloud storage, that syncing was not happening. I checked and discovered that Dropbox had not loaded.

Regarding this issue: I did nothing more, other than no longer use Dropbox, for the remainder of this day.

Thursday, 03/22/2018 evening, just prior to writing this up - I decided to attempt a re-install.

I go to Settings->Apps & features (Win10), click on Dropbox and notice that it's version is 46.3.60 AND dated today, 03/22/2018. I find this very interesting, so...

 

I performed a 'Google' search on 'Dropbox Eldorado Virus' and found this report I am replying to.
I checked the dropbox folder and discovered the following: The 'client_46.3.60' folder had been removed and the 'client' folder had Date Modified set now to 03/22/2018.
I checked to see if Dropbox was running in the background: It was not.
I found and manually launched Dropbox and the following happened: It succesfully loaded and synced my laptop's Dropbox folder with cloud storage.

Based on this result it appears that by my doing NOTHING since the initial issue began on Tuesday, for me, that this issue was resolved through one of the following:
    Self-correction...
    Dropbox became aware of the issue and fixed it ASAP, ergo the apparent background update installation that happened on my laptop today.
    My leaving the 4 affected files quarantined and doing nothing prompted Dropbox to attempt another background update installation and succeeded.
    Or...

I have now permanently deleted the 4 quarantined files.


Next I will see what happens Friday morning, 03/23/2018, after I fire my laptop back up, and find out if Dropbox starts up as usual or if I have to manually start it, and, if that Eldorado virus returns, which I suspect will not be the case. I'll try to remember to update this report with what I experience at that time.

Re: Trojan reported

Karina
Dropboxer

Hi again eveyone, and welcome @Kaimalino & @Sparky15756 - hope y'all are good! 😊
 

After looking into this a little bit, I’ve found some info that might explain syncing issues and infected files. 
 
  • The Dropbox desktop client uses the ".dropbox.cache" folder as a staging area to download your files in small chunks. Sometimes antivirus programs will pick up these partial files as false positives and continuously quarantine them. 
 
  • The problem is that Dropbox keeps downloading the file in an attempt to sync the file down to your device. So, I’d recommend adding the Dropbox cache folder to an ignore list so that Dropbox can correctly sync that file and/or temporarily disabling your antivirus. 
 
  • Once synced, you should no longer see these warnings or quarantine messages.
 
Now, for those of you experiencing issues with the install or start up of the application, see if you’re also able to add the cache folder to an ignore list - If you’re still experiencing issues after this, I definitely think it would be best for our specialists to take a closer look, so please log an official request at: www.dropbox.com/support 
 
From there, feel free to write back with your ticket ID’s and I’ll be happy to search for the cases on our back-end and forward them along. 

Thanks so much and happy Friday! 
 
balloon 



Karina
Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so please mark it for some Kudos below. 
:white_check_mark: Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
:arrows_counterclockwise: Still stuck? Ask me a question! (
Questions asked in the community will likely receive an answer within 4 hours!)

Re: Trojan reported

Loni H.
New member | Level 2

I have exactly the same issue with my work computer. I cannot add exception on it. What should I do? Should I request IT people to write exception?

Re: Trojan reported

Walter
Dropboxer

Hey there again @Loni H. - I just got to see this post ( I have already replied to you here). 

 

Can you share some more information about your current situation so as to see how we could move forward from this point? When you say you cannot add an exception on your work computer, I guess you're referring to the antivirus/security program running on that computer, right? 

 

If I were in your shoes, I'd give this page a try first. If you still experience issues with this, I would suggest that you reached out to your IT department or your company's network administrator so as not to tamper with something you shouldn't in the first place ( I don't know the specifics of your work environment but you get the drill). 

 

Let me know what you find!


Walter
Community Moderator @ Dropbox
dropbox.com/support


Heart Did this post help you? If so, please give it a Like below.
:arrows_counterclockwise: Still stuck? Ask me a question!
:pushpin: Tips & Tricks Find new ways to stay in flow or share your tips on how you work smarter with Dropbox.

Re: Trojan reported

samarik
Explorer | Level 4

thanks it helps me recovering this issue.

 

I'm having lot of Questions by doing this. trust is worthy not to be lost !!  so I'm not under threat by doing this!!? Should there is proper way to clear things ?
by the way this is how to add the folder from Microsoft Security page
Add and Remove Exclusion.PNG

Who's talking

Top contributors to this post

  • User avatar
    Walter Dropboxer
  • User avatar
    MikeMoyer New member | Level 2
  • User avatar
    samarik Explorer | Level 4
What do Dropbox user levels mean?
Need more support?