Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Avira detects trojan - np_gp.dll

  • Please log in to reply
4 replies to this topic

#1 gubar


  • Members
  • 12 posts
  • Local time:03:58 AM

Posted 04 April 2009 - 07:17 PM


avira has started to give me this warning:

Virus or unwanted program 'TR/Dropper.Gen [trojan]'
detected in file 'C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll.

I am normally pretty safe and am wondering if this is a false positive - everything appears to be working normally, and googling the name of the dll has been inconclusive.

Any help appreciated.



BC AdBot (Login to Remove)


#2 trollocks


  • Members
  • 370 posts
  • Gender:Male
  • Location:England
  • Local time:04:58 AM

Posted 04 April 2009 - 07:29 PM

why not download malwarebytes anti malware(free edition) and get a second opinion if it shows anything then post the log here

#3 gubar

  • Topic Starter

  • Members
  • 12 posts
  • Local time:03:58 AM

Posted 05 April 2009 - 08:25 AM


thanks for the response.

I have scanned with spybot s+d which found nothing, and on your advice with anti malware free edition. It never found this file to be a virus but did find something else:

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

I wonder now if this is also a false positive or if I should be concerend?



#4 Sem


  • Members
  • 2 posts
  • Local time:04:58 AM

Posted 12 April 2009 - 01:09 PM

Hey there me too.

I use Eset Smart Security it didn't pick this up. I use additionally Kapersky online scanner that also didn't, and also A-Squared Free Malware Scanner that Identified this... PrevX CSI 3 also missed though they it seems they are now reviewing this file:

and here too:

Others are concerned also:


Have you any news?

Thanks Sem

#5 boopme


    To Insanity and Beyond

  • Global Moderator
  • 73,492 posts
  • Gender:Male
  • Location:NJ USA
  • Local time:11:58 PM

Posted 12 April 2009 - 02:34 PM

The HKLM\...\NoActiveDesktopChanges registry key above determines
whether or not the users of the machine have the ability to change
their active desktop configuration. There are a large number of
trojans and malware that change that registry entry to "1" in order to
prevent users from removing the displayed content within the active
desktop. You can also set this to 1 to prevent users from changing
their wallpaper, for instance. It is not necessarily an indication
that you are compromised, but by default user are allowed to change
their active desktop settings. The Malwarebytes program flagged the
registry entry because it is more often than not an indication that
malware may be present. If you are comfortable with the appearance
and functioning of your Windows desktop, and don't plan on allowing
other users to change the desktop settings, then leave the registry
entry set to 1, otherwise set it to zero or allow Malwarebytes to do
it for you.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users