Severity scale:  

Dropbox virus. Scams/trojans/ransomware

removal by Alice Woods - - | Type: Malware

Dropbox virus – a series of different malware forms that occur while using the Dropbox application

Dropbox malware formsDropbox malware is a series of cyber threats that misuse the name of this app in order to hide their malicious activities

Dropbox virus is a collection of various threats and dangerous infections that appear on Dropbox. Such threat series mostly cover different types of malicious threats that are distributed via email spam. Talking about the application itself, Dropbox provides file hosting features and has been founded by Dropbox Inc., in The United States, in 2007. Dropbox.exe is the executable which is responsible for the operating of this app, however, some users have reported that Malwarebytes detected this process as malware.[1] The reason for this might be some struggles in the software or maybe malware has been truly injected into this service. 

Name Dropbox virus
Types Scams, trojans, cryptoviruses
About Dropbox Relates to dropbox.exe, founded in 2007, in the USA by Dropbox Inc.
Malware names UPATRE, Trickbot, and other dangerous threats might be hiding behind the name of Dropbox app
Danger levels Medium or high. Depends on the virus's operating principle
Distribution techniques Email spam mostly
Detection purposes Use Reimage Reimage Cleaner Intego to spot any possible malware traces in your operating system
Prevention Install reputable antimalware for computer check-ups, manage all of your emails
Removal process Get a reliable tool for virus elimination

Due to the increasing popularity of Dropbox, Dropbox virus or Dropbox malware has become a popular term nowadays as more and more bad actors have been discovering ways to misuse the service for their own needs (distributing malicious software). Reports from users about malware detected in this app and questions about possible infections do not look like coming to an end.[2]

Someone wrote directly to that he made a full system check-up and the antivirus software detected malicious components in the Dropbox application. The discovered content was Gen:Variant.Kazy 512414 and ~834b6cda.tmp and was found in the \.dropbox.cache directory.[3]

Dropbox malwareDrobox malware consists of different types of viruses such as scams, trojans, etc.

Due to the high level of infections and distribution of Dropbox virus, the company itself has provided useless information on avoiding malicious components from accessing their services and infiltrating the application. The organization offers to complete such simple steps for ensuring safety:[4]

Running anti-virus software

Exercising due caution when running unknown files from other computers

Furthermore, if you have been attacked by some type of malware related to this popular service, you should take quick actions to remove Dropbox virus from your computer system in order to prevent possible. That should be done by using reputable anti-malware software that is created for such advanced removal activities.

Additionally, before completing the Dropbox virus removal, you should download and install a tool such as Reimage Reimage Cleaner Intego or Malwarebytes and try detecting malicious software. When you find all infected locations and malware-laden objects, you will be able to get rid of them much easier and ensure that the entire system has been cured of the infection.

Different types of cyber threats that relate to Dropbox

Cryptovirus delivered via fake Dropbox email message

It is known that ransomware infections are commonly spread via email spam pretending to come from well-known organizations. This time criminals decided to send Dropbox users and imitation of a voice mail message which includes a hyperlink (“provided by Dropbox Inc.) that truly is the malicious payload. DO NOT click on such content as it might relate in dangerous cryptovirus installation and encryption of your personal files.[5]

Dropbox fake voice mailDrobox fake voice mail - a suspicious email that has a purpose to distribute ransomware

If ransomware catches your Dropbox files

Due to the increasing growth of ransomware-related cybercrimes, it is very important to know how to protect your files and documents on various platforms. Dropbox might also be a target by ransomware viruses and some files from this service might also be touched by the infection. Due to this reason, you should read the Intego helping guide on how to restore an individual Dropbox file.[6]

UPATRE malware spread through false Dropbox messages

Incoming Fax report email from Dropbox tricks users into installing UPATRE. Hackers insert a specific fax note in a link that users are provoked to click on. If you do that, you will start the download process of infectious .ZIP and .EXE files which are detected as the source of UPATRE malware that comes from the ZEUS family. Be aware of these malicious files as you might end up with a notorious virus on your computer system.[7]

Dropbox phishing alert

A phishing scam has also been targetting Dropbox by spreading fake email letters about urgent orders that need to be placed.[8] The scam message looks like this:


We want to place an urgent order this month.

Kindly check the attached file if you can supply this exact product

or let us know if you have similar model.

If you decide to click on the “Download file” button which also is added in the rogue email message, you will supposedly be redirected to a fake but original-looking Dropbox login page. Be careful and do not provide any type of personal information or login details as they might easily be misused by bad actors.

Dropbox scam messageDropbox scam message - fake notes that can lure you into downloading malware on your system secretly or providing sensitive data

Trojans misusing Dropbox for distributing threats

Malware was found pretending to be RealNetworks updater executable in order to infiltrate the computer system. Such component appears to be located in the %AppData%realupdate_ob directory and downloading malware-laden files from the well-known Dropbox service.[9] Researchers have discovered some malicious files that misuse well-known application names:

  • utorrent.exe,
  • Picasa3.exe,
  • Skype.exe, 
  • Qttask.exe.

TrickBot pretends to be Dropbox staff

A dangerous form of malware, known as TrickBot, appears to be distributed via fake Dropbox email messages. This threat is known as a banking Trojan which has been launching malicious campaigns against big finance companies such as PayPal.[10] Bad actors send potential victims email letters which contain a security document that needs to be opened. As expected, it is the malicious payload. 

Malware alert: random people sharing files with you

Another malware spam campaign has been released to the wild. Users who are targeted by this spam receive a message that a file has been shared by a random user name. If you select the “Click here to view” button, you will end up with the Amendment or the file on your system which downloads another malicious component Agreement_09-11-2015.scr.[11]

Dropbox malware alertDropbox malware alert - is a fake message which claims that a random user has shared a file

Distribution sources of malicious software and objects

According to specialists, malware-laden components appear on the system by using stealth techniques and injecting themselves through legitimate-looking content. Crooks pretend to be from reputable organizations and send emails that imitate “very important purposes” for which a link needs to be clicked or a file downloaded.

Our suggestion would be to carefully manage all email letters that you receive. If some messages fall in the spam section, better eliminate them without even taking a look as reputable companies will not drop letters in such directories and will supposedly contact you directly via mobile phone or sending a letter to where you are located.

Furthermore, all attachments should be scanned with the help of an antimalware/antivirus program just for ensuring security. This might prevent malware infections from slipping into your computer system through legitimate-looking executables, Word documents, PDF files, and other similar components attached to email messages.

Dropbox scamDropbox scam - a false that lures people into malicious activities

Removal tips for Dropbox malware forms

If you have been infected with some type of dangerous Dropbox malware form, the removal is necessary and should be performed immediately. We do not recommend trying to get rid of the cyber threat without any automatical software as you might accidentally cause even more damage to your computer system.

Automatical Dropbox virus removal is also a good choice for computer users who lack the required skills on the virus elimination field. Our recommendation would be to scan the entire system first with reputable computer software such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner, or Malwarebytes and find all possibly-infected locations on your machine.

Dropbox virus

Furthermore, you will see two system boot options below this text which will help you disable malicious activities before you remove Dropbox virus. Remember that all malicious components such as infectious executables, registry keys, and other types of files need to be gathered and removed from the system for a successful malware removal process.

do it now!
Reimage Happiness
Intego Happiness
Compatible with Microsoft Windows Supported versions Compatible with OS X Supported versions
What to do if failed?
If you failed to remove virus damage using Reimage Intego, submit a question to our support team and provide as much details as possible.
Reimage Intego has a free limited scanner. Reimage Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Reimage, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

To remove Dropbox virus, follow these steps:

Remove Dropbox using Safe Mode with Networking

Use these steps to reboot your computer system to Safe Mode with Networking. This is a way to prevent malicious activities from spreading further:

  • Step 1: Reboot your computer to Safe Mode with Networking

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Safe Mode with Networking from the list Select 'Safe Mode with Networking'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Networking in Startup Settings window. Select 'Enable Safe Mode with Networking'
  • Step 2: Remove Dropbox

    Log in to your infected account and start the browser. Download Reimage Reimage Cleaner Intego or other legitimate anti-spyware program. Update it before a full system scan and remove malicious files that belong to your ransomware and complete Dropbox removal.

If your ransomware is blocking Safe Mode with Networking, try further method.

Remove Dropbox using System Restore

Activating the System Restore feature on your Windows machine should allow disabling malware-laden components. Follow these guidelines to turn on this mode:

  • Step 1: Reboot your computer to Safe Mode with Command Prompt

    Windows 7 / Vista / XP
    1. Click Start Shutdown Restart OK.
    2. When your computer becomes active, start pressing F8 multiple times until you see the Advanced Boot Options window.
    3. Select Command Prompt from the list Select 'Safe Mode with Command Prompt'

    Windows 10 / Windows 8
    1. Press the Power button at the Windows login screen. Now press and hold Shift, which is on your keyboard, and click Restart..
    2. Now select Troubleshoot Advanced options Startup Settings and finally press Restart.
    3. Once your computer becomes active, select Enable Safe Mode with Command Prompt in Startup Settings window. Select 'Enable Safe Mode with Command Prompt'
  • Step 2: Restore your system files and settings
    1. Once the Command Prompt window shows up, enter cd restore and click Enter. Enter 'cd restore' without quotes and press 'Enter'
    2. Now type rstrui.exe and press Enter again.. Enter 'rstrui.exe' without quotes and press 'Enter'
    3. When a new window shows up, click Next and select your restore point that is prior the infiltration of Dropbox. After doing that, click Next. When 'System Restore' window shows up, select 'Next' Select your restore point and click 'Next'
    4. Now click Yes to start system restore. Click 'Yes' and start system restore
    Once you restore your system to a previous date, download and scan your computer with Reimage Reimage Cleaner Intego and make sure that Dropbox removal is performed successfully.

Finally, you should always think about the protection of crypto-ransomwares. In order to protect your computer from Dropbox and other ransomwares, use a reputable anti-spyware, such as Reimage Reimage Cleaner Intego, SpyHunter 5Combo Cleaner or Malwarebytes

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. It is a hassle when your website is protected from suspicious connections and unauthorized IP addresses.

The best solution for creating a tighter network could be a dedicated/fixed IP address. If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for server or network manager that need to monitor connections and activities. This is how you bypass some of the authentications factors and can remotely use your banking accounts without triggering suspicious with each login. 

VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world. It is better to clock the access to your website from different IP addresses. So you can keep the project safe and secure when you have the dedicated IP address VPN and protected access to the content management system.

Backup files for the later use, in case of the malware attack

Computer users can suffer from data losses due to cyber infections or their own faulty doings. Ransomware can encrypt and hold files hostage, while unforeseen power cuts might cause a loss of important documents. If you have proper up-to-date backups, you can easily recover after such an incident and get back to work. It is also equally important to update backups on a regular basis so that the newest information remains intact – you can set this process to be performed automatically.

When you have the previous version of every important document or project you can avoid frustration and breakdowns. It comes in handy when malware strikes out of nowhere. Use Data Recovery Pro for the data restoration process.

About the author
Alice Woods
Alice Woods - Likes to teach users about virus prevention

If this free removal guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Alice Woods
About the company Esolutions


Your opinion regarding Dropbox virus