Kindly be advised we cannot cancel subscriptions or issue refunds on the forum.
You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/

Thank you for your understanding.

Trojan.heur.25

roy@royhillman.co.uk
roy@royhillman.co.uk
edited February 2009 in Malware talk

Hi


I've just done a deep scan with BitDefender Total Security 2009 on my PC (it's running Windows XP Pro), as have been having system problems - most now seem resolved and system seems to be running ok, but concerned that BitDefender is reporting 14 items as infected with the Gen:Trojan.Heur.25 and saying 'no action is possible'. The two files that seem to have been causing the problems were a version of explorer.exe in the wrong place and a file called mshelp.exe which seem to have got themselves into the system when I was running BitDefender 2008.


Files reported as infected are Explorer.EXE (in Windows not in Windows/System32 so should be the genuine version); rundll32.exe, spoolsv.exe and ctfmon.exe (all located in Windows/System32 which I think is correct); ATnotes.exe which I've been running for quite a long time and is located in Program Files/ATnotes, where I'd expect it, two BitDefender 2009 files - vsserv.exe and bdagent.exe, plus six reports of svchost.exe plus a Hewlett Packard file statusclient.exe (again in the part of the Hewlett-Packard folder I'd expect to find it in). In each case 'memory dump' appears in brackets after the reporting line - can't find a reference to 'memory dump' in BitDefender Help.


Additionally I have one extra file reported as having Trojan.AgentMB.VB.RWGL113316 which is called ReadMe.exe and is sitting in C:\RECYCLER which again is shown as 'no action is possible'.


Hoping someone can give me some guidance


Roy


Edit: just finished and notice 8 other files also 'no action is possible' - all items quarantined well over a year ago by Norton SystemWorks, which is no longer on my system, although I still run the separate Norton GoBack. I assume they are not likely to be a problem? The 8 quarantined items are 2x Java.Troja.Expoit.Bytverify 4x Java.Trojan.Exploit.Bytverify.C and 2 x Java.Trojan.Exploit.Bytverify3.Gen


Edit2: Sorry to keep adding to this, realised something else I should mention - 26 files not scanned. All are in Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/

All Time Leaders

Categories

Defenders of the month