Trojan "blocked"? Probably Still Infected

Product: BitDefender Internet Security 2010

OS: Windows 7 (64-bit)

Other security: "Spybot: Search & Destroy", "Lavasoft AdAware"

I left a deep scan running overnight and when I came to it in the morning the report said a file was ignored because of insufficient user privelages (report 1). Upon seeing this I immediately (and foolishly) went to the file's location and as soon as the folder's contents loaded BitDefender came up with a bubble telling me that it blocked a virus, a trojan whose name I do not recall hidden inside a program's uninstall exe. The file promptly disappeared from view.

Since then I have tried to find the file - it does not appear in the original folder (even with "show hidden items" enabled) and BitDefender's quarantine is empty. I tried to scrub the entire folder using a secure file shredder, which tells me it cannot proceed because one or more files are "in use", leading me to believe the virus is still active despite being apparently invisible. Anyway, after that I clicked continue (or similar) on the scan results and it scanned the infected file with admin rights and found nothing (report 2). I had to go to work so I shut the computer down and scanned again later - BitDefender found another trojan (report 3) which it put into the quarantine folder. A final scan after restart came up clean (report 4). Therefore:

-"BitDefender has blocked a virus" - what does "blocked" mean here?

-Where is the original infected file now?

-Is the virus still active? If not, why can't I delete the folder?

-Why did my deep scan have "insufficient user privelages" to act on findings? How can I rectify this?

Also, I was entering my new debit card's information on Amazon during the day, is it possible that the trojan relayed keystrokes (or something) to compromise my card details or Amazon account password?

NB I deleted the thing responsible for most of the password-protected file notices after the first scan. Also I was going to rename the reports by the numbers above, but decided to leave the original names in case they mean something. All 4 reports are attached - tried to upload them inside .zip and .7z but I am "not permitted to upload this type of file".

-Z

/applications/core/interface/file/attachment.php?id=6663" data-fileid="6663" rel="">1283214420_1_02.xml

/applications/core/interface/file/attachment.php?id=6664" data-fileid="6664" rel="">1283252792_1_00.xml

/applications/core/interface/file/attachment.php?id=6665" data-fileid="6665" rel="">1283275716_1_01.xml

/applications/core/interface/file/attachment.php?id=6666" data-fileid="6666" rel="">1283282593_1_00.xml

Find more posts tagged with

Comments

Lionet

Product: BitDefender Internet Security 2010

OS: Windows 7 (64-bit)

Other security: "Spybot: Search & Destroy", "Lavasoft AdAware"

We should only have one firewall, one antivirus per system.

You'd better get rid off Spybot and Lavasoft Adware. Multiple antivirus programs will make a mess and cripple the protection.

I left a deep scan running overnight and when I came to it in the morning the report said a file was ignored because of insufficient user privelages (report 1). Upon seeing this I immediately (and foolishly) went to the file's location and as soon as the folder's contents loaded BitDefender came up with a bubble telling me that it blocked a virus, a trojan whose name I do not recall hidden inside a program's uninstall exe. The file promptly disappeared from view.

it put into the quarantine folder. A final scan after restart came up clean (report 4).

What did you do before? What did you downloaded (free or not)?

You could download Bitdefender's scan online to check once again your infection probability.

Do you suspect programs (free or not) you recently downloaded?

BD scan online

Caution is the better antivirus. Avoid downloading any program on the P&P and be sure you download from the official provider.

no antivirus is 100% proof.

Could it be a false positive?

To check a friend's hard disk (or even mine), I usually plug it with a small external link on a well protected machine which antivirus are up to date to be scanned. It can help too to check if there are malwares. (another gimmick when we do not use programs such as hijackthis)

Sorry but I have too little time today to stay online.

Good luck for the analysis, an expert will probably answer your questions.

Zadok13

OK so I haven't downloaded anything suspicious for a long time, and I make a habit of manually scanning EVERY download with the contextual scan before anything happens to it. The program that was first infected I have had for several weeks (and therefore several scheduled scans) before BitDefender found anything. The only thing I had downloaded that day was World of Warcraft interface mods, all from the same, reputable site. So I have no idea how I could've been infected. Also, Spybot and AdAware are anti-spyware, so surely they don't much affect antivirus/firewall activity? Finally, I'm not much concerned with how the virus got in, because I was cautious and I will continue to be so, what I really want to know is what happened to that virus and more importantly, whether I'm still infected. Thanks for your input though.

-Z

Zadok13

<bump>

I've run a few scans since, all came up clean. I think it's good now, but I would still like my original questions answered.

-Z

Cristi Raducu

The detected files are clean and detections have been removed.

BitDefender has blocked a virus" - what does "blocked" mean here?

If the file was not quarantined then it was removed,you need to look at the entire message which says what happened to the file.

-Is the virus still active? If not, why can't I delete the folder?

The remaining files in the folder are probably in use or used by other programs but as I mentioned the files are clean so there's no need to delete the folder.

-Why did my deep scan have "insufficient user privelages" to act on findings? How can I rectify this?

Were you logged in as a guest or a user with limited rights when you ran the scan?

Zadok13

Thanks for the reply, that gives me some peace of mind.

To answer your question, there is only one account on this computer and I obviously gave myself administrator privelages. I assume the problem has something to do with User Account Control?

-Z