Exploit.swf.gen Constant Alerts...

Hi,

I have BitDefender 2009 installed on my computers at home.

For the past 2 days, when I visit a specific website (gaiaonline) I get an alert from BitDefender about a virus, Exploit.swf.gen, that pops up every now and then.

It says:

BitDefender has blocked a virus affecting your computer!

Virus name: exploit.swf.gen

Location: s.cdn.gaiaonline.com/images/Gaia_Flash/aquarium/HomePageView.swf?gsiUrl=www&userEnvironmentId=3218971&version=092&quality=low&location=homepage

Bitdefender could not disinfect, delete or quarantine the following item. Access has been denied.

I did some searching on google, I rand a deep scan, I downloaded Atf-Cleaner and deleted all temp files on my computer, I installed spyware doctor and ran it, deleted what it found.

When I went back to the website gaiaonline, at one point the alert still popped up. But this time, it said something like it had "prevented the file from being accesses, your computer is protected."

I found on google that this Exploit.swf.gen is also known as Trojan.pws, and can install keyloggers and other nasties on the computer.

BitDefender hasn't found said trojan after the scan, neither did Spyware Doctor.

So, do I have the virus o not, and how do I get rid of this?

I really don't want a keylogger on my computer stealing my password and financial information....

Can anybody enlighten me please?

Find more posts tagged with

Comments

evilkitty

Update:

I have posted on the Gaiaonline forums about this, and aparently a few other antiviruses have started picking this message as well, like Bullguard Security Suite, G Data, and Shield Deluxe.

However, other that use Norton, Mcafee, or Avira, say they are all ok and don't get this message, so they say it is a false positive.

I have a hard time believing that it is a false positive, since for everyone who now has this problem, it started roughly 3-4 days ago. We never had any problems with that website and the flash games on it before.

So, anyone has a thought on this, or could actually verify?

Alex Stanciu

Hello Evilkitty ,

Please open BitDefender go to Advanced View then click on the Update module . Under "Antivirus Signatures Properties " please tell us the Virus Signatures and the Engine Versions that you have .

We will contact you back with further details as soon as we have these information's .

Thank you .

evilkitty

Hello,

Here is the information requested:

Virus signatures: 3814993

Engine version: 7.26704

And to give a better example of the problem, here is one of the gaiaonlin webpage that makes the alert popup everytime it is visited: http://www.gaiaonline.com/profiles/?u=16064828

Thank you.

Alex Stanciu

Hello Evilkitty ,

Please go to the next location :

-for Windows XP : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Events

-for Windows Vista : C:\Users\All Users\BitDefender\Desktop\Events

Here you will find a file called history.xml . Please upload it here or on :http://www.sendspace.com/ and post then the download link . This file will provide us more details about the BitDefender alert messages that you constantly receive .

Thank you .

evilkitty

-for Windows Vista : C:\Users\All Users\BitDefender\Desktop\Events

I am on windows Vista (*shudders*) but when I go to C:\Users I don't have the choice for "All Users". I have the choice between "Peachymon" (what I named this laptop), which then leads me to the list of "My's" folders (My pictures, My documents, My Videos, etc. Or the Public folder, which leads me to a bunch of similar folders, "Public videos, public pictures, public music", etc.

I did a search on the laptop's drive to find the file, it found one in c:\programdata\BitDefender\Desktop\Events I am assuming it is the same file that you wanted, so I uploaded it here.

Thank you again!

/applications/core/interface/file/attachment.php?id=5352" data-fileid="5352" rel="">history.xml

history.xml

Alex Stanciu

Hello Evilkitty ,

My colleagues from the Virus Analysis team , analyzed the log posted by you and it seems that the file is falsely detected as infected . The detection will be removed today .

Thank you .