False Positive
Upon scanning the computer today, I got a file flagged as a Gen:Trojan.Heur.7E49283939, a file from Microsoft Works, lnchtour.exe. I'm sending you the link where I have uploaded it so you can check it. I believe it's a false positive.
Comments
-
Just to add ... same file was flagged with the same Trojan in C:\SwSetup\MSWorks\PFiles\MSWorks. I don't think I should send this one too. Let me know.
0 -
RE: Gen:Trojan.Heur.7E49283939
Upon scanning the computer today, I got a file flagged as a Gen:Trojan.Heur.7E49283939, a file from Microsoft Works, lnchtour.exe. I'm sending you the link where I have uploaded it so you can check it. I believe it's a false positive.
Same file was flagged with the same Trojan in C:\SwSetup\MSWorks\PFiles\MSWorks. I don't think I should send this one too. Let me know.
------------------------------------------------------------------------------------------------------------
I am seeing the same events in the same in both my C: and drives. The drive is the original Restore that came with the computer. Did you get a response?0 -
No response until now, Jon. I'm hoping I will get one soon.
0 -
Upon scanning the computer today, I got a file flagged as a Gen:Trojan.Heur.7E49283939, a file from Microsoft Works, lnchtour.exe. I'm sending you the link where I have uploaded it so you can check it. I believe it's a false positive.
I had the exact thing happen to me - Gen:Trojan.Heur.7E49283939 located in C:\Program Files (x86)\Microsoft Works\Inchtour.exe with "no possible action" from BD. Could not delete or quarantine the threat. Since then I ran multiple scans and all came out clean. Then I started getting these system pop-ups: COM Surrogate has stopped working, Task Scheduler Engine has stopped working, Nero Home stopped working (wasn't even running Nero at the time). Now my Bitdefender Deep Scan/Full Scan/Documents Scan are not working at all, though I can still run BD update. I requested assistance from BD and I'm waiting for a solution, or to find out if this is a legit infection. Will post any response/solutions on here.0 -
Same thing here. In addition to trojan.heur.7e49283939 I also got trojan.heur.dropper.7026d9d9d9.
So far no system failures or pop ups. I was able to quarantine both threats.
Thanks for any info on that!0 -
Lets just wait for a VR.
0 -
At the moment the file is no longer detected.
As for the Trojan.heur.dropper.7026d9d9d9 detection, please also upload that file somewhere.0 -
So was the detection removed in a BD update?
Edit: I can confirm that it was removed. I restored both lnchtour.exe files and they are no longer flagged. Thank you!0 -
Same thing here. In addition to trojan.heur.7e49283939 I also got trojan.heur.dropper.7026d9d9d9.
So far no system failures or pop ups. I was able to quarantine both threats.
Thanks for any info on that!
I have also picked up Trojan.Heur.Dropper.5310EFEFEF in a scan, under the Object Name: C:\RECYCLER\S-1-5-21-2739799363-632758791-2136233793-1006\Dc732.exe
So far, no system failures either, but BD Antivirus 2009 has failed to disinfect. Is there any way to isolate and quarantine? Thanks.0 -
Upon scanning the computer today, I got a file flagged as a Gen:Trojan.Heur.7E49283939, a file from Microsoft Works, lnchtour.exe. I'm sending you the link where I have uploaded it so you can check it. I believe it's a false positive.
I have seen this detected by BD on a shared drive. Neither AVG nor Trend's web-based scan find any problem with the file.0 -
I have seen this detected by BD on a shared drive. Neither AVG nor Trend's web-based scan find any problem with the file.
Reply from AVG support was that the file is clean. Strongly suspect a false positive.
Ken0 -
Please all of you having problems with Trojan.heur detections, find the files, put them in password-protected archives (http://forum.bitdefender.com/index.php?s=&...post&p=1222, use the password infected). Then upload the archives on a filesharing server (see the same topic for a few suggestions) and send me the download link through PM.
Thank you.
Cris.0 -
Please all of you having problems with Trojan.heur detections, find the files, put them in password-protected archives (http://forum.bitdefender.com/index.php?s=&...post&p=1222, use the password infected). Then upload the archives on a filesharing server (see the same topic for a few suggestions) and send me the download link through PM.
Thank you.
Cris.
Sorry, but I don't know how to do what you ask. The infected file is in C:\RECYCLER\..., which I am unable to view.0 -
Sorry, but I don't know how to do what you ask. The infected file is in C:\RECYCLER\..., which I am unable to view.
Hello Hilton,
The Recycler folder can be accessed without any problems. However, it's a System folder so Windows, by default, hides it from view.
Read this article to be able to view the folder: How To Find Hidden Malware
Then find the file and put it in a password-protected archive. BitDefender might prevent you from accessing/archiving that file, so you should temporarily disable the Realtime Protection before. Just be careful not to open the file while BitDefender is disabled, and also to re-enable the protection after you archive the file.
Cris.0 -
Hello Hilton,
The Recycler folder can be accessed without any problems. However, it's a System folder so Windows, by default, hides it from view.
Read this article to be able to view the folder: How To Find Hidden Malware
Then find the file and put it in a password-protected archive. BitDefender might prevent you from accessing/archiving that file, so you should temporarily disable the Realtime Protection before. Just be careful not to open the file while BitDefender is disabled, and also to re-enable the protection after you archive the file.
Cris.
Dear Cris,
Thanks for your kind help. I have viewed the Recycler folders, but the apparently infected file, called Dc732.exe, is not listed in either of them. I have repeated the operation for the other User of the computer, with the same result. While I was doing this, a BD alert for the Trojan.Heur.DropperXXXX popped up. Not sure how to proceed.0 -
Please take a look in the History (BD Security Center, there's a History button at the bottom of the window) and tell me what action has been taken when the alert appeared. If the file was deleted, then there's nothing else you can do.
However, since the file was already in Recycle Bin, then it was a useless file so you shouldn't have any problems if it was deleted.
Cris.0 -
Please take a look in the History (BD Security Center, there's a History button at the bottom of the window) and tell me what action has been taken when the alert appeared. If the file was deleted, then there's nothing else you can do.
However, since the file was already in Recycle Bin, then it was a useless file so you shouldn't have any problems if it was deleted.
Cris.
History says: Infected file detected. Action Taken: Moved.
Not sure where it has been moved to. I have emptied Recycle bin and scanned again. Now the Trojan.Heur.Dropper5310EFEFEF is in System volume information, to which access is denied.0 -
Moved means it was moved to quarantine. You can find it at BitDefender Security Center -> Antivirus -> Quarantine
For the System Volume Information part, read this: I Have A Virus In "system Volume Information"
Cris.0 -
Moved means it was moved to quarantine. You can find it at BitDefender Security Center -> Antivirus -> Quarantine
For the System Volume Information part, read this: I Have A Virus In "system Volume Information"
Cris.
Erasure of System Restore Points has removed the Trojan.Heur.DropperXXXX from the System volume informtion folder and the scan is now clear. Thank you very much for your advice and patience.0 -
You are welcome, Hilton. I'm glad I could help.
Since the issues in this topic have been solved, I will close this topic. If anyone needs this topic reopened for some reason, contact me through PM.
If anyone has other questions about other possible FPs (which are not presented in this topic), please open a new topic.
Cris.
== Topic closed ==0 -
Hi,
BD detected the above file on 3/27/09. Since then I have "slowly" encountered multiple problems.
(Why was the other thread on this topic closed down so fast?)
The Heur file appears to be in Quarentine. It infected the Inchtour.exe file. I can no longer find this file...
I have read the other posts and have some of the same issues, as follows:
1) Gen:Trojan.Heur.7E49283939 still appears to be affecting my computer.
2) I can no longer run any scans. Get the message "scan failed to execute"
3) I am cannot disable the real-time protection. (The box will not let me unselect) I was going to try using the system restore instructions from the other post. Should I try this even if BD will not allow me to disable the real-time protection?
Please help
--Thanks,
PS. I have a ticket into to BD support but so far no solution.
EDIT: I am running Internet Security 20090 -
Hi,
BD detected the above file on 3/27/09. Since then I have "slowly" encountered multiple problems.
(Why was the other thread on this topic closed down so fast?)
The Heur file appears to be in Quarentine. It infected the Inchtour.exe file. I can no longer find this file...
I have read the other posts and have some of the same issues, as follows:
1) Gen:Trojan.Heur.7E49283939 still appears to be affecting my computer.
2) I can no longer run any scans. Get the message "scan failed to execute"
3) I am cannot disable the real-time protection. (The box will not let me unselect) I was going to try using the system restore instructions from the other post. Should I try this even if BD will not allow me to disable the real-time protection?
Please help
--Thanks,
PS. I have a ticket into to BD support but so far no solution.
EDIT: I am running Internet Security 2009
EDIT #2: I have since been able to dis-able the real-time protection and followed the instructions from the "System Volume Info" thread. Method #1 to "disble system restore" did not do anything. I have tried method #2 but I am not able to access the System Volume Info folder and the Documents and Settings Folder on C:....Yes, I followed all the instructions with regard to showing hidden files..
PS: I am running Vista on a new machine.
Please help, Thanks0 -
Hello joperfi,
Please attach a full BitDefender scan log.
As for Method#2, it was tested only on a XP machine. I have no idea if it works as it should on a Vista machine. I will test it sometime in the next few days and update the topic accordingly.
Cris.0 -
Hello joperfi,
Please attach a full BitDefender scan log.
As for Method#2, it was tested only on a XP machine. I have no idea if it works as it should on a Vista machine. I will test it sometime in the next few days and update the topic accordingly.
Cris.
Cris,
Attached are my last three scan logs from 3/27/09.........What is interserting is that they do not open in a web browser any longer. You may need to open with text editor....
Thanks for your help.
--Joe0 -
Joe, please try this:
1) temporarily disable BitDefender realtime protection
2) restore the file from quarantine
3) put the file in a password-protected archive (with the password infected)
4) upload the resulting archive on a file-sharing site and send me the download link through PM
5) enable BitDefender realtime protection
I will take the file and forward it for analysis ASAP.
Cris.0 -
The file received from Joe is not detected anymore.0