Bd2008 Removed Some System Files

marcus_hsu
marcus_hsu
in Bitdefender 2008 products

My operating system is XP SP3 (Traditioncal Chinese). After updating virus pattern a couple of hours ago, BD2008 reported some important files under C:\WINDOWS\system32 and their duplicates under C:\WINDOWS\system32\dllcache are "infected" and "REMOVED"!! They are totally 17*2 files. I am affraid my system cannot boot after reboot although it seems still working well now.


Those files are: bootok.exe bootvrfy.exe chkdsk.exe chntfs.exe comp.exe drwtsn32.exe fc.exe mpnotify.exe ping6.exe reset.exe rsvp.exe syskey.exe tracert6.exe typeperf.exe verifier.exe vssadmin.exe write.exe


WHAT CAN I DO??

Comments

  • alexcrist
    alexcrist

    Hello Marcus Hsu,


    First of all, we need to know the detection name under which those files were detected.


    Were the files removed after an OnDemand scan, or they were removed by the Realtime Protection?


    If they were removed by an OnDemand scan, please open BitDefender Security Center, go to Antivirus -> Virus Scan, right click on the task that you used to scan the system and select Logs. Open the last log (an IE window will open, showing the log), find the file indicated in the Address Bar and attach the file here. Make sure the log contains the detections you talked about.


    If they were removed by the Realtime Protection, open History (you will find it's link on the bottom of BitDefender Security Center), go to Antivirus and check those entries for detection names. Post them here.


    At the end, get your Windows XP installation disk, put it in the drive, then go to Start -> Run and type there:


    sfc /scannow

    and press Enter. The system will check all the system files and, if anything is missing and/or corrupted, they will be restored to their original form from the installation disk.


    Cris.

  • marcus_hsu
    marcus_hsu

    Please consider a text-based log file in next release.


    bootok.exe Trojan.Generic.102337


    bootvrfy.exe Trojan.Generic.61096


    chkdsk.exe Trojan.Generic.102746


    chntfs.exe Trojan.Generic.104984


    comp.exe Trojan.Generic.164455


    drwtsn32.exe Trojan.Generic.93270


    fc.exe Trojan.Generic.185193


    mpnotify.exe Trojan.Generic.61175


    ping6.exe Trojan.Generic.61134


    reset.exe Trojan.Generic.73980


    rsvp.exe Trojan.Generic.103201


    syskey.exe Trojan.Starter.DM


    tracert6.exe Trojan.Generic.61150


    typeperf.exe Trojan.Generic.25488


    verifier.exe Trojan.Generic.144642


    vssadmin.exe Trojan.Generic.61113


    write.exeTrojan.Generic.102924

  • marcus_hsu
    marcus_hsu

    After "sfc /scannow" completed, these files do not get back.

  • alexcrist
    alexcrist

    The logs are in XML format. You can look at it as text-based (because, basically, XML is a formatted text file). However, XML has the advantage of being able to generate language-independent logs. So, for instance, if you use BitDefender in Chinese and you send me one of your logs, I would see the same log, but in my language (Romanian), not in Chinese. If the log were a plain unformatted text (TXT), then I would have problems translating the log before I can look at it.


    I will contact someone from BitDefender Labs about these detections. As soon as I get an answer, I will post back.


    Cris.

  • marcus_hsu
    marcus_hsu

    I don't know where the log file locates. I just clicked each event in the History window, handwrote down the "infected" filenames and detections, and then posted them here.

  • ceacu
    ceacu
    My operating system is XP SP3 (Traditioncal Chinese). After updating virus pattern a couple of hours ago, BD2008 reported some important files under C:\WINDOWS\system32 and their duplicates under C:\WINDOWS\system32\dllcache are "infected" and "REMOVED"!! They are totally 17*2 files. I am affraid my system cannot boot after reboot although it seems still working well now.


    Those files are: bootok.exe bootvrfy.exe chkdsk.exe chntfs.exe comp.exe drwtsn32.exe fc.exe mpnotify.exe ping6.exe reset.exe rsvp.exe syskey.exe tracert6.exe typeperf.exe verifier.exe vssadmin.exe write.exe


    WHAT CAN I DO??


    Are you absolutely sure that the Bitdefender has performed the update without errors?

  • alexcrist
    alexcrist

    As ceacu suggested, maybe the last update didn't perform correctly. Please try to make a manual update of BitDefender (right click on the tray icon and select Update now).


    While you ran sfc, did BitDefender react in any way (were any alerts shown)? After you update BitDefender, try to run sfc again.


    Cris.

  • marcus_hsu
    marcus_hsu
    edited September 2009
    As ceacu suggested, maybe the last update didn't perform correctly. Please try to make a manual update of BitDefender (right click on the tray icon and select Update now).


    While you ran sfc, did BitDefender react in any way (were any alerts shown)? After you update BitDefender, try to run sfc again.


    Cris.


    I am sure my BD updated successfully from then till now.


    BD did not react on sfc executing. But sfc did not install those "infected and removed" files back. I found it's just patched some DLL files.


    I dare not to reboot my system from then.

All Time Leaders

Categories

Defenders of the month