Trojan Being Synced To Dropbox Cache
Hi all,
I'm managing BitDefender Cloud Security for Endpoints in my company. Unfortunately we seem to have a persistent trojan infection that is spreading through Dropbox and is continually creating infected temp files in the .dropbox.cache folder.
Strangely - the infection isn't picked up by full scans (do they simply NOT scan the .dropbox.cache folder?). It is picked up by custom scans specifically targeted to that folder but it always reports that the infection was detected but unresolved. However, if you're logged into the offending computer you can do a contextual scan on the .dropbox.cache folder and then you're given the option to move to quarantine.
So two questions:
1) How do I kill this thing from all infected computers (because it keeps coming back and its super annoying).
2) How can I make sure this is picked up and resolved automatically in future scans?
I've attached the scan logs from a custom scan where it was picked up and a contextual scan where it was resolved.
Comments
-
Dropbox first downloads new/missing files inside its cache folder(with a random, temporary name), before moving them to their final location.
I'm not familar with Dropbox for Business, but the consumer version does not provide a user-accessible log or other way of determining the missing file, so you'll have to figure that out by yourself.
The detection appears to be triggered inside an Install Shield installer, so probably the file is either named data1.cab (or similar) or is an executable.
On the other hand, said detection was added around the 11th of November, so if this issue was not showing up as far back as then, you can narrow the problem down to install packages added recently.
Regardless, detection will be reevaluated and may be removed in the next few hours if it was a false positive.
Hope this helps.0 -
Thanks! It looks like its no longer showing up as a detection.
0
