Please Help Unable To Disinfect!

Chesda

I did a full system scan and detected a virus called "Adware.BHO"

BitDefender was unable to disinfect or move it. Please Help!

Report Log:

//-----------------------------------------------------------------

//

// ProductBitDefender Internet Security v10

// Product10.2

//

// Created on: 19/12/2007 07:13:14

//

//-----------------------------------------------------------------

Virus Statistics

Scan path : C:\

\

Folders : 6614

Files : 385161

Memory processes scanned : 46

Archives : 16430

Runtime packers : 33709

Identified viruses : 1

Infected files : 1

Memory processes infected : 0

Suspect files : 0

Warnings : 0

Disinfected files : 0

Deleted files : 0

Moved files : 0

I/O errors : 47

Scan time : 01:03:24

Scan speed (files/sec) : 101

Spyware Statistics

Registry keys scanned : 333

Registry keys infected : 0

Cookies scanned : 1449

Cookies infected : 0

Spyware files infected : 0

Spyware threats detected : 0

Virus definitions : 960468

Scan plugins : 16

Archive plugins : 41

Unpack plugins : 7

Mail plugins : 6

System plugins : 5

Virus scan options

Detection

[X] Scan boot sectors

[X] Memory Processes

[X] Scan archives

[X] Scan runtime packers

[X] Scan email

File mask

[ ] Programs

[X] All files

[ ] User defined extensions:

[ ] Exclude extensions: ;

Action

Infected objects

[ ] Ignore

[X] Disinfect

[ ] Delete

[ ] Move to quarantine

[ ] Prompt user

Second action

[ ] Ignore

[ ] Delete

[X] Move to quarantine

[ ] Prompt user

Virus scan options

[X] Enable warnings

[X] Enable heuristics

[ ] Show all files in log

[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1198001593.log

Spyware scan options

[X] Scan for riskware

[ ] Skip dial and applications from scan

[X] Registry keys

[X] Cookies

Summary:

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GXWV1BWQ\trivial-pursuit-online-party-setup[1].exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>lzma_nsis0007 Detected: Adware.BHO

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GXWV1BWQ\trivial-pursuit-online-party-setup[1].exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>lzma_nsis0007 Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GXWV1BWQ\trivial-pursuit-online-party-setup[1].exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>lzma_nsis0007 Move failed

Chesda

Please help

alexcrist

Hello Chesda,

To delete the infected file, follow these steps:

1. Make the Hidden files visible, like this:
   1. In Explorer, click Tools -> Folder Options... -> View
      
   2. Enable View hidden files and folder
      
   3. Disable Hide protected operating system files
      
   4. Click OK as many times as needed.
2. Disable BitDefender Realtime Protection
3. Go to C:\Documents and Settings\HP_Administrator\Local Settings\Temporary Internet Files\Content.IE5\GXWV1BWQ\ and manually delete the files trivial-pursuit-online-party-setup[1].exe

   
   Warning! Be careful NOT to execute the file, because you are unprotected (BD is disabled). Just select it and press SHIFT+DELETE

   
   

4. Re-enable BitDefender Realtime Protection
5. Optional: undo the first step, so the hidden files and folders will be invisible

Cris.

Chesda

I cannot find Tools -> Folder Options ... -> View

I'm running IE 7 and i think it differs from the instructions you gave me.

alexcrist

I meant Windows Explorer, not Internet Explorer.

Cris.

Chesda

I meant Windows Explorer, not Internet Explorer.

Cris.

What do you mean Windows Explorer? I cannot find it lol

EDIT:

Oh.. Windows Explorer .... My Computer same thing lol.

My bad

Chesda

Thanks Cris i delete it (but it wasn't in the recycle bin),

Do i change my settings back to default and do a system scan incase there are other parts to the virus?

alexcrist

Thanks Cris i delete it (but it wasn't in the recycle bin).

If you pressed SHIFT+Delete, then the file won't arrive in Recycle Bin.

Shift+Delete is the shortcut key for deleting files and folders, bypassing the Recycle Bin.

Do i change my settings back to default and do a system scan incase there are other parts to the virus?

Chenging the settings back to default is your option. It doesn't affect at all the work you do, and also doesn't increase in any way your security. In fact, malware files hide themselves using this method (as you noticed, you couldn't find the files until you made the hidden files visible).

However, leaving the hidden files visible might make you uncomfortable, because you'll see some semi-transparent files and folders on your HDD. Those are the hidden files, and mostly they are system files. On one hand, it is recommended that you leave the hidden files to be invisible (so to return the settings as they were before), so you won't delete any of them by mistake.

Conclusion: every option you choose (leaving them visible or not) has it's advantages and disadvantages. It's your choice what you do.

I can say only this: if you are not a very experienced user, I recommend to revert the settings back the way they were (hide the hidden files). You can always make them visible again, if you need to

About scanning your system: yes, that's a good idea. Scanning a system doesn't do any harm...it can only do good.

Cris.