My installation came up as a virus?

TylerR1 · ‎08-16-2018

Good Afternoon

When we updated/installed dropbox from dropbox.com, it came up as virus. can you please verify.

:C:\Users\acottle\AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd

we use bit defender for multiple customers and we just started reciving alerts.

Mark · ‎08-16-2018

Its almost certainly a false positive.

Try updating BitDefender to a newer DAT version and see if that clears it

- - - -

Did this post help you? If so please mark it for some Kudos below.

Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.

Did this post not resolve your issue? If so please give us some more information so we can try and help - please remember we cannot see over your shoulder so be as descriptive as possible!

TylerR1 · ‎08-16-2018

our AV is currently up to date. that was the first thing checked.

Walter · ‎08-16-2018

Hey there Tyler ( @TylerR1) - how are you today?

I wanted to add my two cents here and let you know that our desktop app uses the ".dropbox.cache" folder as a staging area to download your files in small chunks. Furthermore, sometimes antivirus programs will pick up these partial files as false positives and continuously quarantine them. The problem with this is that Dropbox keeps downloading the file in an attempt to sync the file down to your device.

I would recommend adding the Dropbox cache folder to an ignore list so that Dropbox can correctly sync that file and/or temporarily disabling your antivirus. When fully synced, you should no longer see these warnings or quarantine messages.

Since I am not sure this is the case here as you said this came up during an install/update process and as I'm looking into this as we speak, could you also let me know what is the antivirus you're running?

Thanks!

Walter
Community Moderator @ Dropbox
dropbox.com/support

Did this post help you? If so, give it a Like below to let us know.
Need help with something else? Ask me a question!
Find Tips & Tricks Discover more ways to use Dropbox here!

KateM · ‎08-16-2018

Same thing just happened to one of our employee's laptops.

Also using BitDefender enterprise, and tonight it flagged:

...AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd

as malcious: Gen:Variant.Graftor.116528

And yet it seems that file - and similar-named files - exist in all DropBox installations. The "infected" file size also matches the file size of that file on other machines.

1 of the 65 (ClamAV) scanners on virustotal.com flagged it as malicious.

False positive?

Walter · ‎08-17-2018

Most definitely a false positive Kate ( @KateM)!

What does the app state? Is it "Up to date" yet? As mentioned in my previous post, once fully synced, you should no longer see these warnings.

Keep me posted!

Walter
Community Moderator @ Dropbox
dropbox.com/support

Did this post help you? If so, give it a Like below to let us know.
Need help with something else? Ask me a question!
Find Tips & Tricks Discover more ways to use Dropbox here!

Computerology · ‎08-22-2018

All of the detection's we have been getting of this file are outside of the cache folder but still located within the Dropbox install directories.
%PROGRAMFILES(X86)%\Dropbox\Client\win32job.cp35-win32.pyd
%HOMEPATH%\AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd

Since the cache is located at "%HOMEPATH%\Dropbox\.dropbox.cache" then the problems both by us and other users above aren't related to the cache.

Since we had the detection on 17 devices in separate networks using unrelated Dropbox accounts just on the first night, I doubt it's an infection and is just a false positive.

It's also worth noting that for us at least the detection's have only been when using Bit Defender's scheduled quick scan function and do not present themselves on a Full scan, so perhaps it's something to do with the heuristics engine used in the quick scan that differs from a Full scan.

Walter · ‎08-22-2018

Thanks for the report @Computerology - I'm letting our devs know about this and in the meantime, if there's anything else I can do to help, please let me know.

Thanks again for your diligence and have a lovely day ahead!

Walter
Community Moderator @ Dropbox
dropbox.com/support

Did this post help you? If so, give it a Like below to let us know.
Need help with something else? Ask me a question!
Find Tips & Tricks Discover more ways to use Dropbox here!

Brad_B · ‎08-22-2018

I experienced the same issue starting on August 16th, 2018.
A QuickScan detected "Gen:Variant.Graftor.116528" in "C:\Program Files (x86)\Dropbox\Client\win32job.cp35-win32.pyd". Over a 4 day period, with multiple BitDefender virus signature updates in that timeframe, more than 12+ systems that I administer had the same detection - basically whenever a system upgraded to the newest Dropbox version.

I contacted BitDefender on August 16th and provided a sample of the file. After analysis, BitDefender responded yesterday, August 21st, that their engine no longer detects the file.

I assume that means it was a false positive due to a bad signature.

Just FYI.

Walter · ‎08-23-2018

Hey there @Brad_B - thanks for flagging this!

Glad to hear all's well at your end now and if there's anything I can do to help, please let me know.

Thanks for your diligence and this elaborate report again Brad - have a good one

Walter
Community Moderator @ Dropbox
dropbox.com/support

Did this post help you? If so, give it a Like below to let us know.
Need help with something else? Ask me a question!
Find Tips & Tricks Discover more ways to use Dropbox here!

My installation came up as a virus?

My installation came up as a virus?

Re: install/update virus

Re: install/update virus

Re: install/update virus

Re: install/update virus

Re: install/update virus

Re: install/update virus

Re: install/update virus

Re: install/update virus

Re: install/update virus

Work Smarter with Dropbox

Top contributors to this post