Someone Take A Quick Look At My Log?

connexion2005

Hey I'm a Systems Administrator for a local company in my city. I have been doing side work for a while and pushing Bitdefender 2009 to a lot of clients after reading about it and it's rank among other a/v programs. Here are the infections it found a computer I recently cleaned using my own Symantec A/V. Bitdefender went a bit deeper to discover these objections. Any suggestions for removal?

Remaining issues:

Object Name Threat Name Final Status

C:\oldc\WINDOWS\Start Menu\Programs\Disabled Startup Items\PowerReg Scheduler.exe Application.Powerreg.Scheduler.B Disinfect Failed

C:\oldc\HP\bin\KillWind.exe Application.Prockill.T Disinfect Failed

C:\oldc\HP Internet\Surfboard\KillWind.exe Application.Prockill.T Disinfect Failed

C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\file[1].exe Gen:Trojan.Heur.Hype.5000FFFFFF Disinfect Failed

Thanks in advance,

Josh

alexcrist

Hello Josh,

For these files:

C:\oldc\WINDOWS\Start Menu\Programs\Disabled Startup Items\PowerReg Scheduler.exe Application.Powerreg.Scheduler.B Disinfect Failed
C:\oldc\HP\bin\KillWind.exe Application.Prockill.T Disinfect Failed
C:\oldc\HP Internet\Surfboard\KillWind.exe Application.Prockill.T Disinfect Failed

they might be legit. As the signature name says, they are marked as Application., which means that those applications are riskware, not malware.

Basically, the applications themselves are clean, but they can cause serious problems in certain conditions, if they are used by malware. For instance, ProcKill is used to kill certain processes.

If you know those processes, and they are part of a product that you know, trust and use, then simply ignore those alerts (you can even add those files to the Exception list, in BitDefender).

If you don't know those files, or you don't use them, then simply delete the files from your system.

As for the last file:

C:\Documents and Settings\Leslie\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\file[1].exe Gen:Trojan.Heur.Hype.5000FFFFFF Disinfect Failed

Please find this file, put it in a password protected archive (with the password infected), upload the file on a file sharing server and send me a download link by PM. I will forward the file for analysis and give you an exact answer about its status.

For the services.exe issue, I will try to find more details about this detection. I'll post back here if I find out anything. (posts moved to a new topic)

Cris.