Trojan.heur.gz.iuwabglhzlj

ckfwong2
ckfwong2
in Malware area

My PC has been infected with Trojan.Heur.GZ.iuWabGLHZlj


and Bit Defender is unable to remove it.


I have experienced Mozilla Firefox browser suddenly disappear while surfing and many times, the Bit Defender icon is missing from the system tray with the message that it's been disabled.


Pls assist. urgent


BitDefender Log File


Product : BitDefender Internet Security 2009


Version : BitDefender UIScanner v.12


Scanning task : Deep System Scan


Log date : 09:55:41 24/01/2010


Log path : C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1264298141_1_02.xml


Scan Paths:


Path 0000: C:\Program Files\Mozilla Firefox\firefox.exe


Path 0001: C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe


Path 0002: C:\Program Files\Common Files\ParetoLogic\PLAVEngine\ScanningProcess.exe


Path 0003: C:\Program Files\Common Files\ParetoLogic\PLAVEngine\ScanningProcess.exe


Path 0004: C:\Program Files\Skype\Plugin Manager\skypePM.exe


Path 0005: C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe


Path 0006: C:\Program Files\Windows Desktop Search\WindowsSearch.exe


Path 0007: C:\Program Files\Panasonic\Panasonic-DMS\Port Controller\Mfpscdl.exe


Path 0008: C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe


Path 0009: C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe


Path 0010: C:\Program Files\iPod\bin\iPodService.exe


Path 0011: C:\PROGRA~1\MI3AA1~1\rapimgr.exe


Path 0012: C:\Program Files\Windows Media Player\WMPNSCFG.exe


Path 0013: C:\Program Files\Microsoft ActiveSync\wcescomm.exe


Path 0014: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


Path 0015: C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe


Path 0016: C:\Program Files\iTunes\iTunesHelper.exe


Path 0017: C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe


Path 0018: C:\Program Files\Java\jre6\bin\jusched.exe


Path 0019: C:\WINDOWS\system32\ctfmon.exe


Path 0020: C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe


Path 0021: C:\Program Files\HP\QuickPlay\QPService.exe


Path 0022: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe


Path 0023: C:\WINDOWS\system32\wbem\wmiprvse.exe


Path 0024: C:\WINDOWS\system32\igfxpers.exe


Path 0025: C:\WINDOWS\system32\hkcmd.exe


Path 0026: C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe


Path 0027: C:\WINDOWS\Explorer.EXE


Path 0028: C:\Program Files\RegCure\RegCure.exe


Path 0029: C:\WINDOWS\System32\svchost.exe


Path 0030: C:\WINDOWS\System32\alg.exe


Path 0031: C:\Program Files\Windows Media Player\WMPNetwk.exe


Path 0032: C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe


Path 0033: C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe


Path 0034: C:\Program Files\Common Files\ParetoLogic\PLAS\plasservice.exe


Path 0035: C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe


Path 0036: C:\Program Files\Common Files\LightScribe\LSSrvc.exe


Path 0037: C:\Program Files\Java\jre6\bin\jqs.exe


Path 0038: C:\WINDOWS\System32\svchost.exe


Path 0039: C:\Program Files\Bonjour\mDNSResponder.exe


Path 0040: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe


Path 0041: C:\WINDOWS\system32\svchost.exe


Path 0042: C:\WINDOWS\system32\spoolsv.exe


Path 0043: C:\WINDOWS\system32\svchost.exe


Path 0044: C:\WINDOWS\system32\svchost.exe


Path 0045: C:\WINDOWS\System32\svchost.exe


Path 0046: C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe


Path 0047: C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


Path 0048: C:\WINDOWS\system32\svchost.exe


Path 0049: C:\WINDOWS\system32\svchost.exe


Path 0050: C:\WINDOWS\system32\lsass.exe


Path 0051: C:\WINDOWS\system32\services.exe


Path 0052: C:\WINDOWS\system32\winlogon.exe


Path 0053: C:\WINDOWS\system32\csrss.exe


Path 0054: \SystemRoot\System32\smss.exe


Path 0055: C:\


Path 0056: D:\


Scan Options:


Scan for viruses : Yes


Scan for adware : Yes


Scan for spyware : Yes


Scan for applications : Yes


Scan for dialers : Yes


Scan for rootkits : Yes


Target Selection Options:


Scan registry keys : Yes


Scan cookies : Yes


Scan boot sectors : Yes


Scan memory processes : Yes


Scan archives : Yes


Scan runtime packers : Yes


Scan emails : No


Scan all files : Yes


Heuristic Scan : Yes


Scanned extensions :


Excluded extensions :


Target Processing:


Default action for infected objects : Disinfect


Default action for suspicious objects : None


Default action for hidden objects : None


Default action for encrypted infected objects : None


Default action for encrypted suspicious objects : None


Default action for password-protected objects : None


Scan engines summary


Number of virus signatures : 4896046


Archive plugins : 44


Email plugins : 6


Scan plugins : 13


System plugins : 5


Unpack plugins : 8


Overall scan summary


Scanned items : 386895


Infected items : 1


Suspicious items : 0


Resolved items : 0


Unresolved items : 1


Password-protected items : 0


Individual viruses found : 1


Scanned directories : 11106


Scanned boot sectors : 3


Scanned archives : 6851


Input-output errors : 1


Scan time : 10:48:09


Files per second : 9


Scanned processes summary


Scanned : 48


Infected : 0


Scanned registry keys summary


Scanned : 1222


Infected : 0


Scanned cookies summary


Scanned : 1222


Infected : 0


Remaining issues:


Object Name Threat Name Final Status


C:\Program Files\Online Services\iPrimus\setup.exe=](ZIP Sfx s)=]tool.exe Gen:Trojan.Heur.GZ.iuWabGLHZlj Infected (no action was possible, file was in an archive)


Gen:Trojan.Heur.GZ.iuWabGLHZlj


C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1264298141_1_02.xml

Comments

  • Cristi Raducu
    Cristi Raducu

    Hello ckfwong2,


    To troubleshoot this issue we need a sample file of C:\Program Files\Online Services\iPrimus\setup.exe for analysis.


    For this you need to upload it on a server such as www.sendspace.com and post the download link.


    Looking forward to your reply.

  • ckfwong2
    ckfwong2

    Hi, I opened the link C:\Program Files\Online Services\iPrimus\setup.exe and it went to I connect dial.


    What am I supposed to do?


    Register a new broadband account and pay for it?


    I dont understand. Can you pls guide? How is this to trouble shoot my Trojan Heur problem?


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


    Hello ckfwong2,


    To troubleshoot this issue we need a sample file of C:\Program Files\Online Services\iPrimus\setup.exe for analysis.


    For this you need to upload it on a server such as www.sendspace.com and post the download link.


    Looking forward to your reply.

  • rootkit
    rootkit ✭✭✭

    Hello,


    We have reported the situation to our Labs.


    Proper actions will be taken automatically for this case.


    In the future, please report any false alarms or submit samples via:


    http://www.bitdefender.com/submit


    Happy Holidays!

This discussion has been closed.

All Time Leaders

Categories

Defenders of the month - May