Bd2008 Removed Some System Files
My operating system is XP SP3 (Traditioncal Chinese). After updating virus pattern a couple of hours ago, BD2008 reported some important files under C:\WINDOWS\system32 and their duplicates under C:\WINDOWS\system32\dllcache are "infected" and "REMOVED"!! They are totally 17*2 files. I am affraid my system cannot boot after reboot although it seems still working well now.
Those files are: bootok.exe bootvrfy.exe chkdsk.exe chntfs.exe comp.exe drwtsn32.exe fc.exe mpnotify.exe ping6.exe reset.exe rsvp.exe syskey.exe tracert6.exe typeperf.exe verifier.exe vssadmin.exe write.exe
WHAT CAN I DO??
Comments
-
Hello Marcus Hsu,
First of all, we need to know the detection name under which those files were detected.
Were the files removed after an OnDemand scan, or they were removed by the Realtime Protection?
If they were removed by an OnDemand scan, please open BitDefender Security Center, go to Antivirus -> Virus Scan, right click on the task that you used to scan the system and select Logs. Open the last log (an IE window will open, showing the log), find the file indicated in the Address Bar and attach the file here. Make sure the log contains the detections you talked about.
If they were removed by the Realtime Protection, open History (you will find it's link on the bottom of BitDefender Security Center), go to Antivirus and check those entries for detection names. Post them here.
At the end, get your Windows XP installation disk, put it in the drive, then go to Start -> Run and type there:sfc /scannow
and press Enter. The system will check all the system files and, if anything is missing and/or corrupted, they will be restored to their original form from the installation disk.
Cris.0 -
Please consider a text-based log file in next release.
bootok.exe Trojan.Generic.102337
bootvrfy.exe Trojan.Generic.61096
chkdsk.exe Trojan.Generic.102746
chntfs.exe Trojan.Generic.104984
comp.exe Trojan.Generic.164455
drwtsn32.exe Trojan.Generic.93270
fc.exe Trojan.Generic.185193
mpnotify.exe Trojan.Generic.61175
ping6.exe Trojan.Generic.61134
reset.exe Trojan.Generic.73980
rsvp.exe Trojan.Generic.103201
syskey.exe Trojan.Starter.DM
tracert6.exe Trojan.Generic.61150
typeperf.exe Trojan.Generic.25488
verifier.exe Trojan.Generic.144642
vssadmin.exe Trojan.Generic.61113
write.exeTrojan.Generic.1029240 -
After "sfc /scannow" completed, these files do not get back.
0 -
The logs are in XML format. You can look at it as text-based (because, basically, XML is a formatted text file). However, XML has the advantage of being able to generate language-independent logs. So, for instance, if you use BitDefender in Chinese and you send me one of your logs, I would see the same log, but in my language (Romanian), not in Chinese. If the log were a plain unformatted text (TXT), then I would have problems translating the log before I can look at it.
I will contact someone from BitDefender Labs about these detections. As soon as I get an answer, I will post back.
Cris.0 -
I don't know where the log file locates. I just clicked each event in the History window, handwrote down the "infected" filenames and detections, and then posted them here.
0 -
My operating system is XP SP3 (Traditioncal Chinese). After updating virus pattern a couple of hours ago, BD2008 reported some important files under C:\WINDOWS\system32 and their duplicates under C:\WINDOWS\system32\dllcache are "infected" and "REMOVED"!! They are totally 17*2 files. I am affraid my system cannot boot after reboot although it seems still working well now.
Those files are: bootok.exe bootvrfy.exe chkdsk.exe chntfs.exe comp.exe drwtsn32.exe fc.exe mpnotify.exe ping6.exe reset.exe rsvp.exe syskey.exe tracert6.exe typeperf.exe verifier.exe vssadmin.exe write.exe
WHAT CAN I DO??
Are you absolutely sure that the Bitdefender has performed the update without errors?0 -
As ceacu suggested, maybe the last update didn't perform correctly. Please try to make a manual update of BitDefender (right click on the tray icon and select Update now).
While you ran sfc, did BitDefender react in any way (were any alerts shown)? After you update BitDefender, try to run sfc again.
Cris.0 -
As ceacu suggested, maybe the last update didn't perform correctly. Please try to make a manual update of BitDefender (right click on the tray icon and select Update now).
While you ran sfc, did BitDefender react in any way (were any alerts shown)? After you update BitDefender, try to run sfc again.
Cris.
I am sure my BD updated successfully from then till now.
BD did not react on sfc executing. But sfc did not install those "infected and removed" files back. I found it's just patched some DLL files.
I dare not to reboot my system from then.0