[solved] Trojan Found - Scan Log Problem

Nikilet

BitDefender Internet Security 2010

Vista Home Premium 32-bit

BitDefender scan found the following:

Trojan.Downloader.Small.AAQR

Location: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.ebd

ignored (limited access)

An object has not been scanned because you do not have the system administrative rights to disinfect, delete or quarantine it. Please click View Log for details or click here to rescan the file with different user credentials.

When I click on click here I get a Runtime Error! box (attached).

Moving right along, Cris has asked me to put the file in a password-protected archive (with the password infected), upload it on www.sendspace.com and send him the download link. I don't have a clue how to do this.

Further he has asked me to send him a Deep Scan log. Logs are found on my system under C/Users/Name/AppData/Local/Virtual Store/Program Data/BitDefender/Desktop/Profiles/Logs. That is where all my logs from BDIS 2009 are, but there are no logs from the past 4 days since I installed BDIS 2010.

Can anyone help me with any of this please?

alexcrist

Hello Nikilet,

Please open BitDefender Security Center (Expert Mode) and click on View logs (lower right corner of the window). There select the Antivirus section and double click the last entry from the OnDemand tasks having a red exclamation mark. There you will find a button called View log which will open the scan log.

Save that log to your system and attach it to your next post.

Cris.

Nikilet

Hello Nikilet,

Please open BitDefender Security Center (Expert Mode) and click on View logs (lower right corner of the window). There select the Antivirus section and double click the last entry from the OnDemand tasks having a red exclamation mark. There you will find a button called View log which will open the scan log.

Save that log to your system and attach it to your next post.

Cris.

Cris: I have just performed a Deep Scan and have attached 2 screen shots to verify this.

I went to the location as you instructed. There is nothing there but 2 contextual scans. I have attached another screen shot of this.

I went through this situation when I first purchased BDIS 2008. An item was found, I was asked to send the scan log and told where to find it and there were no logs there. I couldn't view logs by clicking on that option anywhere within the program. BD advised me of a couple of other places to look and finally gave up, I guess. I kept searching and someone, somewhere told me to go to Virtual Store. That's where my scan logs have gone since that time. Now that I've installed 2010 I'm back to square one. The logs aren't appearing in Virtual Store as they did with 2008 and 2009 and I don't have a clue where to look. I've already looked in many places for them.

alexcrist

I removed your screenshots because they contained a visible BitDefender registration key.

As for your problem: have you tried clicking "Close" (to completely end the scanning process) and then look for the log in View logs?

Cris.

alexcrist

Follow-up: Please download this tool, save it into an empty folder and run it. When it finishes, in the same folder you'll find a file called BitDefender.log

Please archive that file, upload it on www.sendspace.com and send me the download link through PM.

Cris.

Nikilet

I removed your screenshots because they contained a visible BitDefender registration key.

As for your problem: have you tried clicking "Close" (to completely end the scanning process) and then look for the log in View logs?

Cris.

I just tried this: Opened BD, selected to run Deep Scan, let it run a short time and then clicked to stop, clicked on close, clicked on View Logs and there's nothing there but the Contextual Scans that were there previously.

Nikilet

Follow-up: Please download this tool, save it into an empty folder and run it. When it finishes, in the same folder you'll find a file called BitDefender.log

Please archive that file, upload it on www.sendspace.com and send me the download link through PM.

Cris.

Cris: I have downloaded this tool and will run it, but as I mentioned before, I don't know how to archive a file. Have no idea what you are talking about.

In looking for these logs, I have found BitDefender 2008 items on my computer. Could they be interfering/causing problems?

Under C/Program Files/Common Files there is a folder called BitDefender(8) which has in it: BD Firewall, BD Threat Scanner, BD Update ---- and the revision date on all is 11-26-2008. Then there is another folder in the same place with the same files and more for BitDefender 2010.

In Virtual Store I found a folder for BD 2008 with the following files in it: bdmcon, bpfar, bpfpr, bpfrr, pcontrol, rtr, vshield.

When I do a search for BD 2008 it shows me the above files all ending in .ini.

alexcrist

Here are details about archiving a file: http://forum.bitdefender.com/index.php?s=&...post&p=1222 (just leave the password blank)

About the other items on your system, have you used the BitDefender Uninstall Tool to remove previous BitDefender versions?

Cris.

Nikilet

Here are details about archiving a file: http://forum.bitdefender.com/index.php?s=&...post&p=1222 (just leave the password blank)

About the other items on your system, have you used the BitDefender Uninstall Tool to remove previous BitDefender versions?

Cris.

Sorry I didn't answer this earlier but I didn't receive any notification that I had a response. I just decided to check.

You asked me to run this tool. Can't I just right click on the resulting file and send it to a zipped folder? I read the link you gave and it was like so much Greek to me. I don't have any of those programs, but I can send it to a zip file in Vista. Then do you want me to upload it here or go to that site you gave me before?

I have been searching for hours today to try and find out where these logs might now be stored. Someone suggested I go to C/Program Files/Common Files/BitDefender/BDReg, but there is no BDReg. Someone suggested I go to services and see if BitDefender Logging services are running. There is no item named BitDefender Logging services.

Now here's another strange thing. I am sure I found that file where this Trojan.Downloader.Small.AAQR is supposed to be. I right clicked on it to scan it with BitDefender and it showed no infections. Right now I'm more worried about where my logs are than about this file.

alexcrist

OK, just forget archiving the file. Upload it as it is on Sendspace and post the link.

If it's smaller than 2MB, you can upload it here (instead of Sendspace).

BDReg and BitDefender Logging Services are not part of BitDefender workstation products, so of course you won't find them anywhere.

Cris.

Nikilet

Follow-up: Please download this tool, save it into an empty folder and run it. When it finishes, in the same folder you'll find a file called BitDefender.log

Please archive that file, upload it on www.sendspace.com and send me the download link through PM.

Cris.

The file is small but I wasn't allowed to upload it here so I am sending a PM with the link.

You never commented on whether all these old BDIS 2008 items could be interfering with anything or causing problems.

alexcrist

Please look for the scan logs here:

C:\Users\Cindy\AppData\Local\VirtualStore\ProgramData\BitDefender\Desktop\Profiles\Logs\

The last logs there are from October 5, 2009. Are those from BitDefender 2009, or 2010?

You never answered if you used the BitDefender Uninstall Tool.

On the other hand, old BitDefender files can't interfere with the current installation by preventing it from saving logs. Old files might cause stability issues, but since you never mentioned such things, I believe there are no problems.

We will deal with old BitDefender files after we deal with this detection (the original topic question), ok?

Cris.

Nikilet

Please look for the scan logs here:

C:\Users\Cindy\AppData\Local\VirtualStore\ProgramData\BitDefender\Desktop\Profiles\Logs\

The last logs there are from October 5, 2009. Are those from BitDefender 2009, or 2010?

You never answered if you used the BitDefender Uninstall Tool.

On the other hand, old BitDefender files can't interfere with the current installation by preventing it from saving logs. Old files might cause stability issues, but since you never mentioned such things, I believe there are no problems.

We will deal with old BitDefender files after we deal with this detection (the original topic question), ok?

Cris.

The logs from 10-5 were done by BDIS 2009.

Yes, I did use the uninstall tool. Sorry, I thought I had written you about this. After I uninstalled 2008 using the tool, there were still folders in C/Program Files. I was told to just delete them so I did. I wasn't aware of these others that I have found today.

The path you gave me is where my logs have been stored, but none of the scans done with 2010 are there.

alexcrist

OK, for the moment I have all the information I need. I will try to contact someone to see if we can determine what is the problem on your system.

When I have other details, I will post back here.

Cris.

Nikilet

OK, for the moment I have all the information I need. I will try to contact someone to see if we can determine what is the problem on your system.

When I have other details, I will post back here.

Cris.

Cris: I'm thinking I'm about ready to uninstall BDIS 2010 and go back to 2009. Problems have been going on now for 6 days and I'm just sick of it. Last evening something new -- I kept getting the window I have attached and then there would be a little red triangle on top of my BD icon in the task bar. The first time I waited and waited and it didn't go away so I rebooted. Then I immediately selected to update BD and it downloaded an update. Yet this window is telling me that services are disabled for an update. But apparently it didn't update.

Then I got this window several more times during the evening. I just got up and noticed my computer was running a scan. I wanted to double check on what time I had the scan scheduled for but I can't because when I try to open the program all I get is this box. Only this time there is no warning triangle over the icon and when I hold my mouse over it I'm told there are no issues affecting the security of this computer. If services are turned off there are definitely security issues so I don't know what's going on. Apparently the program just isn't working properly.

Do you have any fixes available for this, and for finding my logs? If not I'd like to roll back. When it comes to my security program I just don't have the patience for this unending day-after-day stuff. Do I need a special uninstaller for 2010 or can I use the same one I used to uninstall 2009? And then how do I get the 2009 install package again?

Thank you

Nikilet

Cris: I'm afraid it's me again. I have just spent over an hour in this forum reading posts. Now I'm scared to uninstall as I read one post on that which is already giving me nightmares. If you don't have any solutions for the problems I'm having, could you please give me detailed instructions and what to do to remove 2010 and go back to 2009 so that I don't end up in a bigger mess than I am in now?

Thank you

Nikilet

I'm sure you are as sick of me as I am of this program, but there is just one more piece of info I want to give you in hopes that all these bits and pieces would perhaps allow you to provide a fix.

When I used the uninstall tool to remove BDIS 2009, it did not remove an item called "BitDefender Definitions Update." I was working with Chat at the time I did this uninstall so I went back there and told the gal about this and she said that was fine, that it didn't need to be removed.

alexcrist

Nikilet,

At the moment I can't give you a specific answer about the problems you described, because I have to contact someone from tech support so I can forward this information to the testing team. And I can't do this until tomorrow. So you could wait one more day to see if I get a reply.

However, there is one thing I can tell you: as far as I can remember, Vista's UAC always made problems with BitDefender installations (I'm not sure exactly, as I never actually tested it, but my guess is that UAC somehow prevented BD from installing and running properly).

So if you want to test a little, you could try and disabling UAC and reinstall BitDefender 2010 to see if the problem persists.

But, in the end, if you want to revert back to 2009, it's your choice.

Either way, please follow these steps:

- disable Vista UAC

- download BitDefender Uninstall Tool and run it

- after it ends, restart your system, then search for all the files related to BitDefender and remove them (the ones you found out these last days)

- restart your system again, just to be sure.

- after this, you could try installing BitDefender 2010 again to see if the problems persist (maybe it was some installation problem the first time). Otherwise, download the BitDefender Insternet Security 2009 kit and install it.

- restart the system after the installation is finished, then update BitDefender, and check if everything is working OK

- if everything is fine, try re-enabling UAC and see if any problems appear.

Please post back how it works.

Also, I understand that you are frustrated because you have problems with a software that you paid for, so you are perfectly entitled to ask for technical support. Whatever problems you have, let us know.

Cris.

Nikilet

Cris: You have been very good to get back to me which is (sad to say) a situation I have not experienced with BD before. As I stated in my last PM, I don't think BDIS 2010 is even saving a log file because no record appears even in the program face. And now I'm restarting all the time to get rid of that screen that tells me BD services have been turned off for an update. There's no way BD is updating that much.

In any event, I'm going to wait 2 or 3 more days for you to contact a technician and get back to me. I don't know about uninstalling 2010 and then reinstalling it. I'm actually afraid of doing this. After I first installed 2010 nothing worked. I finally got past all that and I sure don't want to go through it again. I didn't just decide to upgrade. I was urged to do so. I asked the person I was chatting with if there were any issues with 2010 that I should be aware of before installing it and was told "no issues." My goodness what a whopper that was! Had I been smart enough to look in this forum I would NEVER have installed this program at this time because there are just too many problems and bugs that haven't been worked out. However, now that it's installed my greatest desire is to just get it to working. If you can help me with that I would be very happy. So I will wait, but I think if we can't resolve the issues then I will just go back to 2009.

Nikilet

I recieved your message about not sending PMs unless asked to. You said you were going to quote my email in this topic and reply to it here but I don't see it. Did you post it somewhere else? I'd like to know your answer on this so please advise where I should look.

By the way, if the BD scanner is working properly, it's no longer finding that Trojan that started this very long post. Now if I could just find my logs and keep the service from constantly turning off ...

alexcrist

Cris: In going through the forum I clicked a link that took me to these instructions for getting a clean uninstall and reinstall of 2010. This is what I planned on doing if I have to uninstall, but I want to know from you if this is the way.

Boot into Safe mode

Click Start/Run and type regedit, enter

Go to HKEY_LOCAL_MACHINE\SOFTWARE, right click and delete BitDefender registgry entry

Delete C\Program Files\Common Files\BitDefender folder

Delete C\Program Files\BitDefender folder

Reboot and go back into Safe mode

Use BitDefender uninstall tool at http:\\www.bitdefender.com\uninstall

Reboot when it finishes and asks you to and go into normal mode of windows

Download installer from http:\\bitdefender.com and run in normal mode.

Where exactly did you find these steps? I don't really think this procedure is very safe to try.

First of all, the BitDefender Uninstall Tool takes the installation path from the registry. So if you start by deleting the registry BEFORE running the uninstall tool, you might as well not run it at all, cos it won't do much of a good job anyway. In the end, you might end up with different files/services left installed on your system which, again, will lead to future problems.

My advice is to let the tool do it's job in normal mode (with UAC disabled). As I sad, after restarting your system you can manually delete any files left (if any), but not before, as you might fool the Uninstall Tool into "believing" that the product is already uninstalled.

Now, if I were going to try and reinstall BD 2010 I would disable UAC as you advised and I would also do the install on a CLEAN boot, but I don't know that I want to do that. I'm still thinking if I have to uninstall I'm going back to 2009 until you get the bugs worked out of 2010.

I am not a computer tech and working with you is the first time in 3 years with this product that I've really had any constant response or attention in working with BD tech support. At least this time I'm not just left hanging out in left field on my own. But I have no desire to "test" anyone's software. I'll use it after it's been tested and fixed.

I didn't yet contact anyone about your problems (I will try today). I though I should first reply to this PM.

I asked the person I was chatting with if there were any issues with 2010 that I should be aware of before installing it and was told "no issues."

Normally, there aren't any problems. Something must be interfering with BitDefender's normal installation/functioning on your system. The product was tested on Windows Vista by the Testing Team and it worked, so whatever problems the users report must be analyzed based on what the user is running (software/hardware), to spot any incompatibilities.

Had I been smart enough to look in this forum I would NEVER have installed this program at this time because there are just too many problems and bugs that haven't been worked out.

You say that BD2008 and 2009 worked just fine for you. But if you take a look at the 2008 and 2009 sections of this forum, you will find hundreds of posts with problems, just like for 2010. This forum was created for the users to get support for their problems, and it's completely normal that it contains mostly problems. Nobody even searches for this forum if their product is working fine. So just because the forum is filled with problem reports, it doesn't mean that the product is flawed... it just means that the forum reached it's purpose.

I will post back after I contact someone.

Until then, as I said in my last PM to you, please post all info here (not on PM), because it's easier and faster if all info is in one place.

Cris.

Nikilet

Where I found these instructions: I was reading a post on the forum -- someone had tried to uninstall 2010 and it wouldn't completely uninstall and created a real mess. There was a link by someone who answered, I guess, and that's where I found these instructions. But if I uninstall I will follow your advice. Should UAC also be turned off when uninstalling? And should the uninstall be done in Safe mode?

alexcrist

UAC should be turned off, and the uninstaller should work in normal mode. If you want to be sure and "follow" both advices, you could run the uninstaller twice: first in normal mode, second in safe mode. It won't hurt in any way.

NOTE: When replying to a message, please click Add reply (or click Reply and delete the quoted text). Unless you really need the quoted text (like I needed in my previous post), there is no need to quote my entire post in yours. It just makes the topic larger and harder to read (as you have to scroll a lot between 2 consecutive posts). Thank you.

Cris.

Nikilet

Sorry, I didn't know I could or should delete the quotes. I'm still going to be waiting to hear from you so I won't be uninstalling right away.

Thanks!

Nikilet

Newest development: I selected to run a manual scan today because my computer was turned off when the scan was scheduled. I've now got a warning triangle and it says the problem is that this computer has never been scanned.

Nikilet

Cris: I have some very, very good news. I got antsy so I did go ahead and uninstall & reinstall BDIS 2010. I turned off the UAC, but then I also used msconfig, went to Services, selected to hide all Microsoft services and then clicked on Disable All -- then went to the Startup tab and selected Disable All, and then I restarted. I used this mode both to uninstall and reinstall.

This time I had no trouble with the registration/activation and all of the things that had stopped working the first time around were working after this install.

I did encounter a few little glitches, but they seem to have ironed themselves out. And now hear this!!! I have logs. They appear in the program and I can even click on and open them from there. They are no longer in Virtual Store. They are now located in C/Program Data/BitDefender/Desktop/Profiles/Logs.

My computer boot_s much faster than it did with BDIS 2009. The only thing I have noticed this time around is a real slow down in the scanning. I did a Deep Scan earlier today with the old install and I just happened to notice that it was scanning 108 files per second at the time I looked at the screen. Tonight with the Quick Scan done after re-install, and the System Scan I did later, the highest that ever reached was 68. I do wish that were faster and if you have any solution for it please advise.

Please pass on the advice you gave me to anyone running Vista -- to disable the UAC -- because that must have been the main problem with my first install.

And thank you, thank you, thank you so much for hanging in there with me. I think I am going to sleep well tonight!

alexcrist

I'm very glad to hear that everything turned out fine.

I'm not sure how exactly Vista's UAC affects BD's normal functioning (since both BD's installer and BD itself should be running with full administrative privileges), but along the way I've heard many users who complained about this kind of problems.

Anyway, about the scanning speed: you might also find on this forum some topics about BitDefender skipping some files during OnDemand scans.

The explanation is this (as you also can find it in other topics): BitDefender products have a SmartScan module, which prevents OnDemand and Realtime scans to scan known clean files again on successive scans. This module has a predefined list of files (which is updated along with signature updates), and also a dynamic list (generated on successive scans on your system). So, basically, the more scans you do on your system, the faster the scans should get, as known files will start to be skipped from scan. Don't worry about these files getting infected, as once they are modified in any way, BitDefender will scan them.

So back to your original question: by uninstalling BitDefender, you also removed from your system the known files database. So it's only normal that after a clean install, scans will go slower for a while, but this should get "fixed" in time, after you scan your system a few times.

Cris.

Nikilet

Your answer on the slow down makes sense to me since I did a scan with SUPERAntispyware later and it scanned as fast as ever, meaning this slowdown was only in BitDefender. I have complained plenty about BD's support. Now some praise is warranted. YOU need to be recognised for your efforts. I hope your superiors read this and I hope others in BD's tech support department take a page from your book.

My experience with BD tech support has not been favorable at all. Going through Chat or emailing tech support is almost a waste of time -- mostly waiting, waiting, waiting for an answer that sometimes never comes. Quite honestly, my dealings with BD's tech support had left me with somewhat of a chip on my shoulder, but this last experience has gone a long ways towards knocking it off.

When I had these issues after installing BDIS 2010 there was no way I was even going to bother with Chat or emailing tech support. I made a decision that I'd try the forum and if there wasn't some kind of concerned response within 24 hours I was going to uninstall BD, install Avast, reinstall my paid version of Spyware Doctor, activate my Windows Firewall and that was going to be the end of my dealings with BitDefender products, even though I purchased a 2-year subscription in June. I like BitDefender. From version 2008 through 2010, once you get the bugs out it's a darned good program, at least it has been on my Vista machine. Getting help with the bugs is the main thing and when you can't get help it ruins the reputation of an otherwise good program.

You responded and then you kept responding which gave me hope instead of hopelessness and anger. You showed a sincere concern to help and that is the only reason BitDefender is running on my machine right now -- and I am a happy customer. Thank you, and now go forth and make more happy customers! " />

alexcrist

I'm glad I could help you, Nikilet.

If you have any other questions, please don't hesitate to post.

Since this issue is solved, I will close this topic. If you need it reopened, let me know by PM.

Cris.

== CLOSED ==

== Issue solved ==