Trojan.Starter.GY - False Positive?

garyinri

Another possible false positive.

My recent "Full System Scan" has suddenly started detecting Trojan.Starter.GY on two system files.

The files are:

C:\i386\utilman.exe

c:\windows\system32\utilman.exe

In contrast to my post in the Trojan.Starter.IM thread, in this case the detection is only occurring on my WinXP Home Edition machine. The virus has not been detected in the utilman.exe files on my WinXP Media Center Edition machine.

One issue I have is that when I restore the files from quarantine, it creates new timestamps on the files. They look like they were created today. Is there any way to preserve the date/time of the original file when restoring from quarantine?

Thank you.

Niels

Hi garyinri

You can temporary try this before the signatures are being removed. Open BitDefender go to antivirus,shield,adjusted level don't scan this path on all levels and now add C:\i386\utilman.exe

c:\windows\system32\utilman.exe to the exclusion list. To do that during a on demand scan : rightclick on the type of scan you wanted to execute choose properties,scan path choose for add file and browse now to the location of these files. After you done that uncheck both items. For further assistance you have to wait till someone of BitDefender will answer.

Regards

Niels

alexcrist

You can temporary try this before the signatures are being removed. Open BitDefender go to antivirus,shield,adjusted level don't scan this path on all levels and now add C:\i386\utilman.exe

c:\windows\system32\utilman.exe to the exclusion list.

Hi Niels,

In the Exclude path from scan list you can add only folders, not files. That means you cannot add c:\windows\system32\utilman.exe, you can add only c:\windows\system32\ which would be very unsafe, because you would exclude from scan almost all system files.

The only solution to this problem is that BitDefender Virus Analysts remove the detection for these files.

Cris.

Niels

Hi Cris

You are right but when the person don't visit harmful websites then that person is safe. I also said that it was an temporary solution.

Regards

Niels

alexcrist

You are right but when the person don't visit harmful websites then that person is safe.

That is not always true. Don't forget about the viruses that spread without anyone's help, inside a network. If one of those viruses somehow passes the Firewall protection, then you have a big problem if BitDefender does not scan the System Files. (I know that, in my case, I would get infected in 30 secs without BD's protection. My network is full of viruses " /> )

Then again, there is not much you can do with your PC if BD constantly deletes one of the system files (utilman.exe), so this temporar solution that you suggested has to work until BD removes the detection.

garyinri: keep your fingers crossed so you won't get infected when you use this temporar solution and, most important, remove the path from Excluded paths after BD removes the detection for these files!!

Cris.

Niels

Hi Cris

I know but that was only for preventing till the signatures are being removed that offered that solution.

But you will reduce the chance to be infected if you don't visit harmfull website. I disabled once BD for an installation and I don't get infected. You are also right. My computer isn't in a network.

Regards

Niels

Hi garyinri

To delete it afterwards you just have to select it and press on the delete button. Otherwise that folder will still be ignored.

Regards

Niels

garyinri

That option would work fine for the real-time scanning, but I run into most of my issues with the On-Demand scanning, especially with the Deep and Full System Scans, which I run weekly via the scheduler. With the On-Demand scanning, there is no way to exclude a particular folder. You can only exclude file extensions.

I'm not going to exclude the system32 folder from my real-time scan options. It's not worth the risk. I don't think that the OS hits these files during normal operations just I'll just deal with it, if and when it happens, on a case-by-case basis.

In any event, the viruses signatures may have been updated to ignore these files. My Deep System Scan ran as scheduled last evening and it no longer detected these files as containing viruses.

vlad

Trojan.Starter.GY was a false alarm; it has indeed been fixed.