Removing Backdoor.ip.protect.a ?

Mufika

Hi,

Ran a deep scan that detected an infected file, but the desinfection failed and the move failed. What should I do to clean my system ???

Tried to upload the log file but wasn't allowed, so here is a copy of the report:

//-----------------------------------------------------------------

//

// Product BitDefender Internet Security v10

// Product 10.2

//

// Created on: 09/09/2007 09:01:18

//

//-----------------------------------------------------------------

Virus Statistics

Scan path : C:\

\

F:\

H:\

K:\

Folders : 27222

Files : 1038529

Memory processes scanned : 39

Archives : 23090

Runtime packers : 25186

Identified viruses : 1

Infected files : 1

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 0

I/O errors : 38

Scan time : 04:50:55

Scan speed (files/sec) : 59

Spyware Statistics

Registry keys scanned : 1817

Registry keys infected : 0

Cookies scanned : 82

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

Virus definitions : 32969

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 7

Mail plugins : 6

System plugins : 5

Virus scan options

Detection

[X] Scan boot sectors

[X] Memory Processes

[X] Scan archives

[X] Scan runtime packers

[X] Scan email

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

Action

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1189321278.log

Spyware scan options

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

Summary:

\aditemp\icg promo cd\programming, web-page design\web-page design\icq.exe=>wise0023 Infected: Backdoor.Ip.Protect.A

\aditemp\icg promo cd\programming, web-page design\web-page design\icq.exe=>wise0023 Disinfection failed

\aditemp\icg promo cd\programming, web-page design\web-page design\icq.exe=>wise0023 Move failed

Niels

Hello Mufika

BitDefender or any other antivirus can't just delete the infection inside an executable or installer and rebuild it afterwards. In this case it could be a false positiv. So I recommend that you archive icq(.exe) in a password protected archive with this password infected and attach it to your next post. To upload it go to the attachments section when you make a new post press on browse now navigate to the archive you have made press on open and on upload. But there is a 2 mb upload limit.

You can move it manually to quarantaine open BitDefender first go to antivirus,quarantaine by selecting the file by holding your left mouse button and drop (by releasing your left mouse button) in the quarantaine field.

Best regards

Niels

Mufika

Hi Niels,

The infected icq file is 5mb. So trying to upload it in a post is not feasible. I also put it in quarantine and tried to send it for analysis but received an error message about the size limit. So what do I do to determine if is infected or not => false positive?.

Regards,

Ndimi

Hello Mufika

BitDefender or any other antivirus can't just delete the infection inside an executable or installer and rebuild it afterwards. In this case it could be a false positiv. So I recommend that you archive icq(.exe) in a password protected archive with this password infected and attach it to your next post. To upload it go to the attachments section when you make a new post press on browse now navigate to the archive you have made press on open and on upload. But there is a 2 mb upload limit.

You can move it manually to quarantaine open BitDefender first go to antivirus,quarantaine by selecting the file by holding your left mouse button and drop (by releasing your left mouse button) in the quarantaine field.

Best regards

Niels

Niels

Hello Mufika

You can still upload the icq file by uploading it to an online file host: http://rapidshare.com , http://www.verzend.be , .... And just attach the download link in a text file. But be aware that there is a limit when your file is being deleted from their servers.

Best regards

Niels