Trojan.html.phishbank.tzx

Kit Hansen

BD detected trojan.html.phishbank.TZX but could not disinfect.

Attack affects MS Outlook's PST. Mail file no longer functional.

(MS Office 2007)

Product: BitDefender Total Security 2009

All updates current

OS: Windows XP, Home Edition, Version 2002, Service Pack 3

QUESTIONS:

Is threat limited to mail file or should I be concerned about potential to capture login info in other programs/online?
Can you provide a means of disinfection?
If not, if I opt to "delete the selected object" - that is, I assume, delete my mail file, is the trojan kaput?

Find more posts tagged with

Comments

rootkit

Hello

Welcome to the forums!

In order to answer to those questions, please post here the scan log.

[how to GENERATE A DEEP SYSTEM SCAN LOG]

- Before running the scan please make sure that you have the latest virus definitions downloaded via the Update module: open Bitdefender, click the "Switch to Basic View" button (if it is not already in Basic View) and choose the "Update Now" task on the right;

- After the update process completes successfully you can proceed to running the scan task: select the "Deep Scan" task;

- When the scan ends, click the "Show Log File" button at the bottom right of the scan window; A browser window will open displaying the scan report; Save this file on a location of your choice and then attach it here.

Take care.

Kit Hansen

My BitDefender is set to automatically update several times a day.

Interestingly, today's deep system scan did NOT detect the trojan, whereas yesterday's full scan did. I have attached both logs.

Because the deep scan was clean, I relaunched Outlook this morning (in safe mode first, and when the mail file reappeared, I relaunched in regular mode). Outlook appears to be working fine again - I see the mail file and can send receive.

Please confirm my current understanding that the trojan is gone, and if true, I'd like to know how, in the absence of any additional action on my (or BD's) part, this cleared up. If not true, is there some other risk that will emerge, as is there the possibility that this trojan is now able capture logins anywhere on the computer?

Thanks for your help.

Hello

Welcome to the forums!

In order to answer to those questions, please post here the scan log.

[how to GENERATE A DEEP SYSTEM SCAN LOG]

- Before running the scan please make sure that you have the latest virus definitions downloaded via the Update module: open Bitdefender, click the "Switch to Basic View" button (if it is not already in Basic View) and choose the "Update Now" task on the right;

- After the update process completes successfully you can proceed to running the scan task: select the "Deep Scan" task;

- When the scan ends, click the "Show Log File" button at the bottom right of the scan window; A browser window will open displaying the scan report; Save this file on a location of your choice and then attach it here.

Take care.

/applications/core/interface/file/attachment.php?id=10209" data-fileid="10209" rel="">BitDefender_Deep_System_Scan_Log_File_8_30_12.pdf

/applications/core/interface/file/attachment.php?id=10210" data-fileid="10210" rel="">BitDefender_Full_System_Scan_Log_File_SHOWING_VIRUS_08_29_12.pdf

BitDefender_Deep_System_Scan_Log_File_8_30_12.pdf

BitDefender_Full_System_Scan_Log_File_SHOWING_VIRUS_08_29_12.pdf

rootkit

Hello

Since the last scan log is clean, the email was deleted.

Also, please note that you can upgrade for free to Bitdefender 2013. You have all the details over here:

http://forum.bitdefender.com/index.php?act...f=196&id=42

Thank you!

Kit Hansen

I have done all suggested exactly as suggested, i.e., uninstalled, installed the upgrade. After initial successful launch and ability to access the dashboard, this is my current situation:

BitDefender failed on an Update (of virus definitions), giving an "Update not responding error"
Reboot failed, as in I CAN NO LONGER REBOOT AT ALL EXCEPT IN SAFE MODE!!!
After a regular reboot, I have no access to ANY controls - can't even access Startup to shut down

I suspect this is related to 2013, not to the virus (which, recall, the DEEP system scan did not detect and you said means it is gone).

Needless to say, this current situation puts me in a desperate situation and I need a speedy solution and my computer back.

Thanks.

My BitDefender is set to automatically update several times a day.

Interestingly, today's deep system scan did NOT detect the trojan, whereas yesterday's full scan did. I have attached both logs.

Because the deep scan was clean, I relaunched Outlook this morning (in safe mode first, and when the mail file reappeared, I relaunched in regular mode). Outlook appears to be working fine again - I see the mail file and can send receive.

Please confirm my current understanding that the trojan is gone, and if true, I'd like to know how, in the absence of any additional action on my (or BD's) part, this cleared up. If not true, is there some other risk that will emerge, as is there the possibility that this trojan is now able capture logins anywhere on the computer?

Thanks for your help.

Kit Hansen

:wacko:

UPDATE ON SITUATION - but still questions. I ran chkdsk with repair (was not around to see what it found), and when I returned to my computer, Windows had launched successfully but the attached error message was displayed. Of course, I sent in the report.

Then I zipped up the two Outlook pst files that BitDefender identified as infected, moved the zip off the computer entirely and deleted them and emptied the recycle bin.

HERE IS WHAT IS PECULIAR AND WORRIES ME. Those two files were not even in use, that is, they were NOT my current Outlook .pst file. So now I am left wondering whether

BD finally detected it because of virus definition updates OR
This trojan was/is still a sleeping ogre and I'll get slammed again. (When active, it did interfere with Outlook's perfomance, even though the infected file was not in use) OR
The answer BD would no doubt prefer (but I am skeptical of) that there was some other unrelated Windows problem going on and this was all just coincidence

BD seems to be functioning fine now.

Could you please comment on my concerns? Do you think there are any other steps that need to be taken? I already faithfully install all op system, software and BD updates, run scans a minimum of weekly, keep my drive tuned, and back up criticals, and never open suspicious email/links, etc. - so the fact that this happened really spooked me.

Thanks again for your help.

" />

I have done all suggested exactly as suggested, i.e., uninstalled, installed the upgrade. After initial successful launch and ability to access the dashboard, this is my current situation:

BitDefender failed on an Update (of virus definitions), giving an "Update not responding error"

Reboot failed, as in I CAN NO LONGER REBOOT AT ALL EXCEPT IN SAFE MODE!!!

After a regular reboot, I have no access to ANY controls - can't even access Startup to shut down

I suspect this is related to 2013, not to the virus (which, recall, the DEEP system scan did not detect and you said means it is gone).

Needless to say, this current situation puts me in a desperate situation and I need a speedy solution and my computer back.

Thanks.

rootkit

Hello,

I believe the reported situation was resolved because the malware was caught by a new definition released recently.

In order to be able to further investigate the reported situation we need a bit more information from your computer as follows:

. A BDSYS log;

[how to GENERATE A BDSYS LOG]

. Save and extract the BDSYS tool to a location of your choice:

http://www.bitdefender.com/files/Knowledge.../BDSysLog_i.exe

. Make sure you close all active applications and then run "BDSysLog_i.exe"; If you receive a firewall

alert,select to Allow the application to connect;

. Click the "Create log" button to start generating the

log; A progress bar is indicating that the tool is creating the report;

. When the small window appears with the message "Log

saved" then the report is complete and a new file named "bdsyslog.zip" has appeared on your Desktop;

. Upload that file on

http://www.sendspace.com

http://www.mediafire.com

and send me a PM with the download link.

If you were already asked to generate the log file, disregard the message above and just post the ticket ID.

IMPORTANT:

.During this process the Real Time Protection in Bitdefender must be temporarily disabled;

.If you receive a Bitdefender Firewall alert to inform you that BDSysLog_i.exe tries to connect to the internet,then you need to select Allow;

[how to DISABLE THE ANTIVIRUS PROTECTION in Bitdefender 2013]

In order to disable the antivirus protection, please open Bitdefender and click the "Settings" button in the upper side part of the interface"; In the new window go to "Antivirus" > "Shield" tab and click on "ON" under On-access scanning. Select the time interval that suites your troubleshooting needs and click "OK". The On-access scanning should be enabled back after finishing the troubleshooting procedure.

We will get back to you as soon as the analysis is complete.

Have a nice day.

Kit Hansen

I completed bdsys and sent link as requested.

Here is a bit more info about current status.

I have all my non-program files backed up to an external drive and I ran a BD 2012 virus scan on that drive - it is clean. I guess I should also grab my current pst mail file (not the one identified as infected and which I have since deleted) and scan it, too. (I won't upgrade our other 2 computers to 2013 until 2013 can successfully complete a scan on my primary computer.)

I can use my computer, but it is unstable. Getting periodic hangs and weird stuff like the keyboard functionality crashing (no, not a battery issue). On shutdown, I am getting an error message about not being able to reference memory/not being able to write to memory. On startup after a hang, I am getting "serious windows error" messages. I will get my tech guy in to check for possible memory board problems. So it is possible that we have a collusion of problems here - BD scan completion issues and faulty memory issues.

I start teaching tomorrow - sure hope we can clear this up. Thanks for all your help. I am really impressed with BD's responsiveness.

Regards.

Hello,

I believe the reported situation was resolved because the malware was caught by a new definition released recently.

In order to be able to further investigate the reported situation we need a bit more information from your computer as follows:

. A BDSYS log;

[how to GENERATE A BDSYS LOG]

. Save and extract the BDSYS tool to a location of your choice:

http://www.bitdefender.com/files/Knowledge.../BDSysLog_i.exe

. Make sure you close all active applications and then run "BDSysLog_i.exe"; If you receive a firewall

alert,select to Allow the application to connect;

. Click the "Create log" button to start generating the

log; A progress bar is indicating that the tool is creating the report;

. When the small window appears with the message "Log

saved" then the report is complete and a new file named "bdsyslog.zip" has appeared on your Desktop;

. Upload that file on

http://www.sendspace.com

or

http://www.mediafire.com

and send me a PM with the download link.

If you were already asked to generate the log file, disregard the message above and just post the ticket ID.

IMPORTANT:

.During this process the Real Time Protection in Bitdefender must be temporarily disabled;

.If you receive a Bitdefender Firewall alert to inform you that BDSysLog_i.exe tries to connect to the internet,then you need to select Allow;

[how to DISABLE THE ANTIVIRUS PROTECTION in Bitdefender 2013]

In order to disable the antivirus protection, please open Bitdefender and click the "Settings" button in the upper side part of the interface"; In the new window go to "Antivirus" > "Shield" tab and click on "ON" under On-access scanning. Select the time interval that suites your troubleshooting needs and click "OK". The On-access scanning should be enabled back after finishing the troubleshooting procedure.

We will get back to you as soon as the analysis is complete.

Have a nice day.

iouri

BD detected trojan.html.phishbank.TZX but could not disinfect.

Attack affects MS Outlook's PST. Mail file no longer functional.

(MS Office 2007)

Product: BitDefender Total Security 2009

All updates current

OS: Windows XP, Home Edition, Version 2002, Service Pack 3

QUESTIONS:

Is threat limited to mail file or should I be concerned about potential to capture login info in other programs/online?

Can you provide a means of disinfection?

If not, if I opt to "delete the selected object" - that is, I assume, delete my mail file, is the trojan kaput?

Hello

Looks like I got the same trouble

The trojan.html.phishbank.TZX was detected by BitDefender.

My Outlook is not working properly now.

Big problem is I am not so experienced user.

Hope to follow your discussion to find solution

What exactly this "trojan.html.phishbank.TZX" and why Bit Defender was not able to delete it?

rootkit

Hello

The logs were sent to our labs, I will get back to you soon with the results.

Take care.

Kit Hansen

Hello

The logs were sent to our labs, I will get back to you soon with the results.

Take care.

HI CHRISTIAN,

Here is the status. I sent my computer out to my techie.

1. He ran a memory scan (CLEAN, no errors). He ran a virus scan (NOT with BD) - all CLEAN.

2. He rebooted several times. No problems, no error messages.

3. He ran BD TS 2013. System hung, got the usual error messages. Shut down gave the usual writing to memory error. Reboot gave the usual "serious Windows system" error.

4. He uninstalled BD using your uninstall program. Computer running fine now.

5. He install AGV virus protection (the freebie version) for the time-being.

CLEARLY, BD 2013 is buggy. If I had had my head on straight, I would never have installed the first release of a new version!

I still like BD a lot. Over the many years I've used it, it has been reliable and customer service has been very good (but having to wait for lab results when I was dead in the water does NOT please me - thank goodness my techie was able to restore order to my universe). I probably will reinstall BD, but the previous version, not 2013. That is 2010, isn't it?

Please, I want a link to Total Security 2010. Also, I think someone at BD had to do something special for my current software key to be recognized on 2010 since your key format has changed (remember, my key was for 2009 - no idea why I hadn't upgraded when I renewed).

If this can't be done, we'll have to part company and I should get a refund for all 3 computers, since I don't want to have to maintain different protection systems on different computers.

Thanks,

Gingi

rootkit

Hello Gingi

In the sent logs we have found a suspicious file:

C:\Documents and Settings\Kit Hansen\Local Settings\Temp\ED3F622D.TMP

Please pack that file in archive with the password infected and send me a PM with it.

If the file is too big to attach it, upload it on

http://www.sendspace.com

http://www.mediafire.com

and send me a PM with the download link.

We will analyze the information you sent and then reply with a possible solution in the shortest time.

Also, we will discuss the change that you want to make.

Have a nice day!

Kit Hansen

Christian,

Here is the mediafire link http://www.mediafire.com/?oduqardyvadzuxk

for the password protected file.

Even though file is small, BD Forum does not allow upload because of being a zip file.

Regards,

Gingi

Hello Gingi

In the sent logs we have found a suspicious file:

Please pack that file in archive with the password infected and send me a PM with it.

If the file is too big to attach it, upload it on

http://www.sendspace.com

or

http://www.mediafire.com

and send me a PM with the download link.

We will analyze the information you sent and then reply with a possible solution in the shortest time.

Also, we will discuss the change that you want to make.

Have a nice day!

rootkit

Hello

Thank you for the file, it was sent to our Labs.

I will get back to you with the results.

Take care.

Kit Hansen

Hello

Thank you for the file, it was sent to our Labs.

I will get back to you with the results.

Take care.

Hi Christian,

Any progress?

At least send me instructions/link on installing BD 2010, please, as discussed in an early exchange. I am not feeling all that secure with AVG.

Thank you.

Kit Hansen

Hey Christian,

Come on already! I am asking for a 3rd time now for a link to allow me to download and install BD TS 2010. Remember, 2013 is futzed up (or futzes up my computer) and I had to remove it. Your lab is supposedly trying to figure out why. In the meantime, I am limping along with AVG freebie, and I want to use BD WHICH, I REMIND YOU, I have already paid for. I would like to be able to use it.

I never had 2010 on my computer, only 2009, and then per your suggestion, an upgrade to 2013. Consequently, I do not have a link to 2010. Moreover, when on my other computers I upgraded this past August to the latest version of 2010, the registration key (which was based on 2009 format), would not work, and BD had to intervene to get 2010 registered.

If you guys aren't going to help me, let me know where I should take my complaint, please.

And how about a status report on the lab work? You were so great early on in trying to solve the problem and I was bragging to friends about how responsive BD is, but now, I feel abandoned.

Sincerely,

Gingi

rootkit

Hello

Sorry for the delayed reply.

The received file is not malicious.

We also introduced new definitions for some special malware these says, so please run a system scan.

Take care.

Kit Hansen

Hi Christian,

Good to know that there is no threat BUT BUT BUT...

Are you paying attention?

I DO NOT HAVE BITDEFENDER INSTALLED AT THE MOMENT
because 2013 TS won't complete a scan.
It constantly quits and causes a write to memory error when I shut down.
I uninstalled and the error went away. I ran a memory scan and my memory is fine.
I HAVE BEEN ASKING AND ASKING AND ASKING you to enable me to install a prior version of BD.
I own 3 licenses. On one computer, I have 2012, on another 2010. I was running 2009 on my computer until I upgraded at your suggestion to 2013. Both are functioning fine. I am running AVG on my main computer in the interim. I want to go back to either 2012 or 2010.

Please note that my license key 7E0019643XXXXXXX2B2FE would not work on 2012 without intervention from BD - evidently this is an old format.

PLEASE - help me get BD back. Otherwise I'll have to ask for my money back for all 3 licenses and move on to AVG or some other competitor.

Hello

Sorry for the delayed reply.

The received file is not malicious.

We also introduced new definitions for some special malware these says, so please run a system scan.

Take care.

rootkit

Hello

First of all, do not post personal information on the forums.

Now, could you please send me a PM with that license key and your email and we will change you the license key.

Now, yesterday we released a product update for Bitdefender 2013 so the scanning process should no longer crash on your system.

http://forum.bitdefender.com/index.php?sho...st&p=158827

I am waiting for your PM.

Take care.

rootkit

Hello

I will send you a new license key in about 20 minutes via PM.

Thank you!