[reopened] Trojan.generic.cj.abrz

Capt. Mike

Hi,

BitDefender antivirus warned me today with regard to trojan.generic.cj.abrz

It said its location was hxliqib.exe

I have not been able to find info about this critter and on how to remove this trojan.

Can you direct me please?

Kind regards, Capt. Mike

alexcrist

Hello Capt. Mike,

Please make a Deep Scan with BitDefender and post here the log when it finishes.

Cris.

Capt. Mike

Hi Cris,

Thank you for the kind reply. Like an idiot I asked the question before I did a deep scan. I apologize. After the deep scan BT AV found it and reorted it deleted. I dont have the log file.

Should that be the end of it then?

Kind regards, Capt. Mike

alexcrist

You can find the log by opening BitDefender Security Center (Advanced mode), clicking on History (bottom-right corner of the window) and selecting the Antivirus section. There, double click the last OnDemand task entry, then click the View log button. Save the file that opens and attach it here.

Cris.

Capt. Mike

Hi Cris,

Thank you. I have attched the log file.

Kind regards, Capt. Mike

/applications/core/interface/file/attachment.php?id=5618" data-fileid="5618" rel="">btav_log_1255048445_1_02.xml

alexcrist

The log looks OK. All detected files have been successfully removed.

Should you experience future problems regarding this matter, please don't hesitate to post.

Cris.

Capt. Mike

Thank you Cris and have a GREAT weekend!

Happy trails, Capt. Mike

alexcrist

You are very welcome, Capt. Mike. Have a great weekend you too.

Since this issue is solved, I will close this topic. If you need it reopened, let me know by PM.

Cris.

== CLOSED ==

== Issue solved ==

alexcrist

Per PM request, the topic has been reopened.

Hi Cris,

The trojans are back although they seem to be different ones. I have them quarantined and I have the log files.

Can you please take a look again?

Can you advise me as to how these might be getting into my pc? I always have BTAV 2009 enabled.

Also is it possible with BTAV 2009 to enable it to scan for root kits. I can't find the setting and it seems to me my previous version of BTAV had a setting to scan for rootkits.

Thank you for your time, attention and consideration.

Capt. Mike Foate

Please post the scan logs.

Also, read this article: http://kb.bitdefender.com/KB490

Use the 2 tools presented there, upload the logs on www.sendspace.com (or any other file sharing server) and post the download links here. You will receive further info after the logs have been analyzed.

EDIT: Any OnDemand scan task can be configured to scan for rootkits, by right clicking it, selecting Properties and clicking Custom. There you will find a Scan for rootkits option (this option is enabled by default in Deep scan).

Realtime protection cannot be configured to scan for rootkits, as the process is slow and needs special methods of scanning, which cannot be used in realtime scans.

Cris.

Capt. Mike

Hi Cris,

Here are the log files from the most recent scans. I have the critters noted in the logs in quarantine. Should I send them or just delete them?

/applications/core/interface/file/attachment.php?id=5650" data-fileid="5650" rel="">btav_1255698501_1_01.xml/applications/core/interface/file/attachment.php?id=5651" data-fileid="5651" rel="">btav_log_1255654427_1_01.xml/applications/core/interface/file/attachment.php?id=5652" data-fileid="5652" rel="">btav_log_1255657980_1_01.xml

Thank you sir.

Kind regards, Mike Foate

alexcrist

As last time, all detected infections have been removed (moved to quarantine).

However, since you say that they are constantly reappearing, it might mean that there's some undetected component on your system. Please read the article I gave you in my previous post and let me have their logs. It will give us a better view of your system's situation.

Cris.

Capt. Mike

As last time, all detected infections have been removed (moved to quarantine).

However, since you say that they are constantly reappearing, it might mean that there's some undetected component on your system. Please read the article I gave you in my previous post and let me have their logs. It will give us a better view of your system's situation.

Cris.

Hi Cris,

Yes after waiting a couple of days, it is pretty clear that they critters in question keep coming back no matter how many times they are removed by BTAV 2009. Later today I will do my best to follow your directions, run those diagnostic programs and get the results to you via sendspace. I have opened an account with them today.

Kind regards, Capt. Mike

Capt. Mike

Hi Cris,

Its been 48 hours since I last had BTAV remove and quarantine the bugs. So far so good. I have run a deep scan every day for the last 2 days and no bugs found.

I have not run the diagnostics yet I was waiting to see if maybe this time all the bugs got removed for good. I'll give it a couple more days and if they come back there must be something in the registry calling them back and I'll run your diagnostic tests and get them to you.

I have a question BTAV reports as an over compressed file located here

C:\System Volume Information\_restore{26A69FCE-98C5-468D-8A4D-593F4703C615}\RP795\A0083968.msi=](Embedded CAB)=]_89F14A0E474C47E3AC80F5367217D44A=]!daEAA.tmp

I was going to find it and delete it because it seemed be related to where one of the bugs was found

C:\System Volume Information\_restore{26A69FCE-98C5-468D-8A4D-593F4703C615}\RP795\A0084008.sys

which is in quarantine. The A0084008.sys was reported by BTAV to be a Trojan.Heur.TDSS.euW...

I can not find

C:\System Volume Information\_restore{26A69FCE-98C5-468D-8A4D-593F4703C615}\RP795\A0083968.msi=](Embedded CAB)=]_89F14A0E474C47E3AC80F5367217D44A=]!daEAA.tmp

anywhere on my pc. I cant even find C:\System Volume Information\_restore on my machine.

Can you advise?

Kind regards, Capt. Mike

alexcrist

Hello Capt. Mike,

Please read the following article about finding and cleaning files from System Restore points: http://forum.bitdefender.com/index.php?showtopic=3575

On the other hand, Overcompressed doesn't mean that that file is infected with anything. This is not even an alert, it's just a logged action, just like files which cannot be scanned because they are stored within a password protected archive.

For more details about Overcompressed items, read here: http://forum.bitdefender.com/index.php?showtopic=13398 If you have further questions about overcompressed items, please post in the topic from that link.

Cris.

Capt. Mike

Hi Cris,

Thank you for the kind reply. I have read the article you noted below and used method 1. The compressed file that I questioned you about has not showed up after a BTAV Deep Sysytem scan so I have high hopes that this issue...thanks to your kind and thoughtful replies is now resolved for me. I rate you a 10 out of 10! Thank you so much!

Have a GREAT day!

Kind regards, Capt. Mike