Announcements
Known issues updated. Learn more

default

yes

Highlighted

I was infected by a Trojan it's synced in Dropbox, too. What should I do?

Level 4

When I try to open or install DropBox on my Windows laptop, I get an "Infection Blocked" error from Iolo System Mechaninc (My anti-virus program). 

The infected object is reported to be C:\PROGRAM FILES (X86)\DROPBOX\CLIENT_45.4.92\PSUTIL_PSUTIL_WINDOWS.PYD. 

The infection name is W32/s-462f1630!Eldorado. 

The infection type is Trojan.  

The Antivirus blocked and quarantined this object, preventing DropBox from opening.\ 

Am I safe to add an exception for this?  Is it a false alarm? 

I should add that when I try to reinstall DropBox I get that error, followed shortly by a popup box reporting Error 2. It doesn't install.

18 Replies

Re: Trojan reported

Level 4

I should add that when I try to reinstall DropBox I get that error, followed shortly by a popup box reporting Error 2. It doesn't install.

Reply
Loading...

Re: Trojan reported

Level 3
I got the same infection blocked for that file in the dropbox folder. It occurred after I installed an update to my WD Backup software while trying to resolve an issue that occurs between WD Backup and Dropbox.
Reply
Loading...

Re: Trojan reported

Dropboxer
Hey guys @User999 @bertonstott, thanks so much for sharing this with us and checking in here on the Forum! Smiling Cat
 
Where did you initially install Dropbox from? Was it directly from our link online?
I’d suggest completely removing the software from your hard drive as a first step:
 
(You can uninstall the app by following these instructions: How to uninstall Dropbox)
 
Also, regarding the Error 2 message - Please note that this is a Windows matter related to issues with the PATH environment, or an incomplete file withing the folder path location. 
 
If upon reinstalling the Dropbox app ( download here ) you still come across the error, I’d recommend reading through this Forum thread, where one of my colleagues has included steps on how to resolve this issue: Error 2 - Installation Error
 
Let me know once you've got any updates or have made any progress on getting this issue resolved. I look forward to hearing from you both & hope you have a great rest of your day! 



Karina
Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so please mark it for some Kudos below. 
White check mark Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
Arrows Counter Clock Still stuck? Ask me a question! (
Questions asked in the community will likely receive an answer within 4 hours!)

Reply
Loading...

Re: Trojan reported

Level 2

Hey there! I too have the same problem with this trojan and have followed the steps to uninstall/install over the current installation I've got, but both methods have come up with problems:

-Uninstalling fails with no known reason, probably due to the trojan being stubborn

-Installing over the current installation had failed with no known cause or error

 

I've also tried to delete the /Dropbox folder from my hard-drive to no avail, making it nearly impossible to get rid of the problem, even with Malware removers too.

 

Any help with this would be much appreciated.

Reply
Loading...

Re: Trojan reported

Level 4

I believe this may have something to do with Dropbox per se, as it doesn't appear to just be limited to users of Iolo System Mechanic.
This is my experience regarding this issue, in case it helps someone, which I have just discovered has resolved itself.

Timeline:

Tuesday, 03/20/2018 afternoon - Iolo System Mechanic System Shield Pop-up window appears stating it found a file infected with the Eldorado virus, said file at this initial report was:

[ALL CAPS] - c:\program files (x86)\dropbox\client_46.3.60\psutil_psutil_windows.pyd
is infected with w32/s-462f1630!Eldorado, and System Mechanic quarantined the file.

I know that there should not be, other than during upgrade installation, other 'client' folders in the dropbox folder.
Next I went to the dropbox folder and visually verified that there actually was both a 'client' folder, and a 'client_46.3.60' folder created on this same day. There are indeed both.
At this point I assumed an automatic background upgrade installation had been in progress (I've had DropBox on this laptop for 7+ years).
I then ran a full system malware scan, and, in addition to that file, it found and quarantined a total of three more files, all infected with the same version of Eldorado, as follows [paths ALL CAPS]:
c:\program files (x86)\dropbox\update\download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\46.3.59\DROPBOXCLIENT_46.3.59.EXE
c:\program files (x86)\dropbox\install\{229A986C-0B31-4104-AB08-95B1F788D7B0}\DROPBOXCLIENT_46.3.60.EXE
c:\program files (x86)\dropbox\update\download\{CC46080E-4C33-4981-859A-BBA2F780F31E}\46.3.59\DROPBOXCLIENT_46.3.60.EXE

Regarding this issue: I did nothing more, other than no longer use Dropbox, for the remainder of this day.

Wednesday, 03/21/2018 morning - I noticed when downloading a Google document I had completed, to a dropbox sub-folder on my laptop for backup and syncing with cloud storage, that syncing was not happening. I checked and discovered that Dropbox had not loaded.

Regarding this issue: I did nothing more, other than no longer use Dropbox, for the remainder of this day.

Thursday, 03/22/2018 evening, just prior to writing this up - I decided to attempt a re-install.

I go to Settings->Apps & features (Win10), click on Dropbox and notice that it's version is 46.3.60 AND dated today, 03/22/2018. I find this very interesting, so...

 

I performed a 'Google' search on 'Dropbox Eldorado Virus' and found this report I am replying to.
I checked the dropbox folder and discovered the following: The 'client_46.3.60' folder had been removed and the 'client' folder had Date Modified set now to 03/22/2018.
I checked to see if Dropbox was running in the background: It was not.
I found and manually launched Dropbox and the following happened: It succesfully loaded and synced my laptop's Dropbox folder with cloud storage.

Based on this result it appears that by my doing NOTHING since the initial issue began on Tuesday, for me, that this issue was resolved through one of the following:
    Self-correction...
    Dropbox became aware of the issue and fixed it ASAP, ergo the apparent background update installation that happened on my laptop today.
    My leaving the 4 affected files quarantined and doing nothing prompted Dropbox to attempt another background update installation and succeeded.
    Or...

I have now permanently deleted the 4 quarantined files.


Next I will see what happens Friday morning, 03/23/2018, after I fire my laptop back up, and find out if Dropbox starts up as usual or if I have to manually start it, and, if that Eldorado virus returns, which I suspect will not be the case. I'll try to remember to update this report with what I experience at that time.

Reply
Loading...

Re: Trojan reported

Dropboxer

Hi again eveyone, and welcome @Kaimalino & @Sparky15756 - hope y'all are good! 😊
 

After looking into this a little bit, I’ve found some info that might explain syncing issues and infected files. 
 
  • The Dropbox desktop client uses the ".dropbox.cache" folder as a staging area to download your files in small chunks. Sometimes antivirus programs will pick up these partial files as false positives and continuously quarantine them. 
 
  • The problem is that Dropbox keeps downloading the file in an attempt to sync the file down to your device. So, I’d recommend adding the Dropbox cache folder to an ignore list so that Dropbox can correctly sync that file and/or temporarily disabling your antivirus. 
 
  • Once synced, you should no longer see these warnings or quarantine messages.
 
Now, for those of you experiencing issues with the install or start up of the application, see if you’re also able to add the cache folder to an ignore list - If you’re still experiencing issues after this, I definitely think it would be best for our specialists to take a closer look, so please log an official request at: www.dropbox.com/support 
 
From there, feel free to write back with your ticket ID’s and I’ll be happy to search for the cases on our back-end and forward them along. 

Thanks so much and happy Friday! 
 
balloon 



Karina
Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so please mark it for some Kudos below. 
White check mark Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
Arrows Counter Clock Still stuck? Ask me a question! (
Questions asked in the community will likely receive an answer within 4 hours!)

Reply
Loading...

Re: Trojan reported

Level 2

I have exactly the same issue with my work computer. I cannot add exception on it. What should I do? Should I request IT people to write exception?

Reply
Loading...

Re: Trojan reported

Dropboxer

Hey there again @Loni H. - I just got to see this post ( I have already replied to you here). 

 

Can you share some more information about your current situation so as to see how we could move forward from this point? When you say you cannot add an exception on your work computer, I guess you're referring to the antivirus/security program running on that computer, right? 

 

If I were in your shoes, I'd give this page a try first. If you still experience issues with this, I would suggest that you reached out to your IT department or your company's network administrator so as not to tamper with something you shouldn't in the first place ( I don't know the specifics of your work environment but you get the drill). 

 

Let me know what you find!

 


Walter
Community Moderator @ Dropbox
https://dropbox.com/support


Heart Did this post help you? If so please give it a Like below. 
White check mark Did this post fix your issue/answer your question? If so please press the 'Accept as Solution' button to help others find it.
Arrows Counter Clock Still stuck? Ask me a question! (
Questions asked in the community will likely receive an answer within 4 hours!)

Reply
Loading...

Re: Trojan reported

Level 4

thanks it helps me recovering this issue.

 

I'm having lot of Questions by doing this. trust is worthy not to be lost !!  so I'm not under threat by doing this!!? Should there is proper way to clear things ?
by the way this is how to add the folder from Microsoft Security page
Add and Remove Exclusion.PNG

Reply
Loading...
Error Messages

Have a question? Our Dropbox Community is here to help!

Post your question or search for an answer below.


Learn more about using the Community by reading our Community Guidelines.


Hi anonymous,

If you need more help you can log a ticket with our Support Team here (expected response time 24 hours), or contact us on Twitter or Facebook.

For more info on available support options, see this article.

If you found the answer to your question, please 'like' the post to say thanks to the user!

I was infected by a Trojan it's synced in Dropbox, too. What should I do?
5,120 Views
18 Replies
7 Likes
Solved! : See solution
Who's talking
Top contributors to this post