cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Update: Find information on Dropbox support during COVID-19 here
Close
cancel
Showing results for 
Search instead for 
Did you mean: 

My installation came up as a virus?

TylerR1 New member | Level 2
New member | Level 2

Good Afternoon

 

When we updated/installed dropbox from dropbox.com, it came up as virus. can you please verify. 

 

:C:\Users\acottle\AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd

 

we use bit defender for multiple customers and we just started reciving alerts.

27 Replies 27

Re: install/update virus

Super User II
Super User II
Its almost certainly a false positive.

Try updating BitDefender to a newer DAT version and see if that clears it

 


- - -


Heart Did this post help you? If so please mark it for some Kudos below. 


 Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.


 Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible! 


 

Re: install/update virus

TylerR1 New member | Level 2
New member | Level 2
our AV is currently up to date. that was the first thing checked.

Re: install/update virus

Dropboxer
Dropboxer

Hey there Tyler ( @TylerR1) - how are you today?

 

I wanted to add my two cents here and let you know that our desktop app uses the ".dropbox.cache" folder as a staging area to download your files in small chunks. Furthermore, sometimes antivirus programs will pick up these partial files as false positives and continuously quarantine them. The problem with this is that Dropbox keeps downloading the file in an attempt to sync the file down to your device.

 

I would recommend adding the Dropbox cache folder to an ignore list so that Dropbox can correctly sync that file and/or temporarily disabling your antivirus. When fully synced, you should no longer see these warnings or quarantine messages.

 

Since I am not sure this is the case here as you said this came up during an install/update process and as I'm looking into this as we speak, could you also let me know what is the antivirus you're running? 

 

Thanks!

 


Walter
Community Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so please give it a Like below. 
 Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
 Still stuck? Ask me a question! (
Questions asked in the community will likely receive an answer within 4 hours!)

Re: install/update virus

KateM New member | Level 2
New member | Level 2

Same thing just happened to one of our employee's laptops.

 

Also using BitDefender enterprise, and tonight it flagged:

 

...AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd

 

as malcious: Gen:Variant.Graftor.116528

 

And yet it seems that file - and similar-named files - exist in all DropBox installations. The "infected" file size also matches the file size of that file on other machines.

 

1 of the 65 (ClamAV) scanners on virustotal.com flagged it as malicious.

 

False positive?

Re: install/update virus

Dropboxer
Dropboxer

Most definitely a false positive Kate ( @KateM)!

 

What does the app state? Is it "Up to date" yet?  As mentioned in my previous post, once fully synced, you should no longer see these warnings.

 

Keep me posted!

 


Walter
Community Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so please give it a Like below. 
 Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
 Still stuck? Ask me a question! (
Questions asked in the community will likely receive an answer within 4 hours!)

Re: install/update virus

Computerology
Explorer | Level 4
All of the detection's we have been getting of this file are outside of the cache folder but still located within the Dropbox install directories.
%PROGRAMFILES(X86)%\Dropbox\Client\win32job.cp35-win32.pyd
%HOMEPATH%\AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd

Since the cache is located at "%HOMEPATH%\Dropbox\.dropbox.cache" then the problems both by us and other users above aren't related to the cache.

Since we had the detection on 17 devices in separate networks using unrelated Dropbox accounts just on the first night, I doubt it's an infection and is just a false positive.

It's also worth noting that for us at least the detection's have only been when using Bit Defender's scheduled quick scan function and do not present themselves on a Full scan, so perhaps it's something to do with the heuristics engine used in the quick scan that differs from a Full scan.

Re: install/update virus

Dropboxer
Dropboxer

Thanks for the report @Computerology - I'm letting our devs know about this and in the meantime, if there's anything else I can do to help, please let me know. 

 

Thanks again for your diligence and have a lovely day ahead! 

 


Walter
Community Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so please give it a Like below. 
 Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
 Still stuck? Ask me a question! (
Questions asked in the community will likely receive an answer within 4 hours!)

Re: install/update virus

Brad_B
Helpful | Level 6
I experienced the same issue starting on August 16th, 2018.
A QuickScan detected "Gen:Variant.Graftor.116528" in "C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd". Over a 4 day period, with multiple BitDefender virus signature updates in that timeframe, more than 12+ systems that I administer had the same detection - basically whenever a system upgraded to the newest Dropbox version.

I contacted BitDefender on August 16th and provided a sample of the file. After analysis, BitDefender responded yesterday, August 21st, that their engine no longer detects the file.

I assume that means it was a false positive due to a bad signature.

Just FYI.

Re: install/update virus

Dropboxer
Dropboxer

Hey there @Brad_B - thanks for flagging this!

Glad to hear all's well at your end now and if there's anything I can do to help, please let me know.

 

Thanks for your diligence and this elaborate report again Brad - have a good one 

 


Walter
Community Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so please give it a Like below. 
 Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
 Still stuck? Ask me a question! (
Questions asked in the community will likely receive an answer within 4 hours!)

Work Smarter with Dropbox

The way we work is changing. Share and discover new ways to work smarter with Dropbox in our community.

Sound good? Let's get started.
Who's talking

Top contributors to this post

What do Dropbox user levels mean?
Need more support?