Curious About Warning On Windows.exe
Comments
-
What your AVC settings? I think its a AVC false +ve.
0 -
Hello
I think something is injected in that file.
In order to be able to further investigate the reported situation we need a bit more information from your computer as follows:
. A BDSYS log;
[how to GENERATE A BDSYS LOG]
. Save and extract the BDSYS tool to a location of your choice:
http://www.bitdefender.com/files/Knowledge.../BDSysLog_i.exe
. Make sure you close all active applications and then run "BDSysLog_i.exe"; If you receive a firewall
alert,select to Allow the application to connect;
. Click the "Create log" button to start generating the
log; A progress bar is indicating that the tool is creating the report;
. When the small window appears with the message "Log
saved" then the report is complete and a new file named "bdsyslog.zip" has appeared on your Desktop;
. Send me via PM the generated log file.
. If the file is to big for send it over PM, upload the results to one of the online file hosting servers mentioned below or use one of your own and send via PM the download link.
IMPORTANT:
.During this process the Real Time Protection in Bitdefender must be temporarily disabled;
.If you receive a Bitdefender Firewall alert to inform you that BDSysLog_i.exe tries to connect to the internet,then you need to select Allow;
[how to DISABLE THE ANTIVIRUS PROTECTION in Bitdefender 2013]
In order to disable the antivirus protection, please open Bitdefender and click the "Settings" button in the upper side part of the interface"; In the new window go to "Antivirus" > "Shield" tab and click on "ON" under On-access scanning. Select the time interval that suites your troubleshooting needs and click "OK". The On-access scanning should be enabled back after finishing the troubleshooting procedure.
We will get back to you as soon as the analysis is complete.
Have a nice day.0 -
Hello
The file was sent to our Labs and I will get back to you ASAP with the results.
Take care.0 -
Hello
Please run the tool - password "tool" without quotes from this link:
http://www.mediafire.com/file/b93lut4jh8eilct/tool.rar
1 unpack the archive
2 inside the folder tool, run "tool.bat"
3 wait for it to finish ( can take a few minutes )
4 send us all the files it creates ( also with subfolders )
Pack them in an archive with the password infected and upload it on
or
and send me a PM with the download link.
We will analyze the information you sent and then reply with a possible solution in the shortest time.
Have a nice day.0 -
Hello
Please run the tool - password "tool" without quotes from this link:
http://www.mediafire.com/file/b93lut4jh8eilct/tool.rar
1 unpack the archive
2 inside the folder tool, run "tool.bat"
3 wait for it to finish ( can take a few minutes )
4 send us all the files it creates ( also with subfolders )
Have run the bat file numerous times but same result...nothing is created in the 'tool' folder as in the attached jpg. Ran for 10 minutes and still nothing created ?
TiminAz0 -
Have run the bat file numerous times but same result...nothing is created in the 'tool' folder as in the attached jpg. Ran for 10 minutes and still nothing created ?
TiminAz
This PC is Win 7 Pro 64bit.....?...does it matter re the tool.rar file extracted or the files (tool.bat) that is extracted ?0 -
Have run the bat file numerous times but same result...nothing is created in the 'tool' folder as in the attached jpg. Ran for 10 minutes and still nothing created ?
TiminAz
Error opening file when running from Internet:
0 -
Hello
Please save the file first, on your desktop and extract both files in the same location.
Right click on tool.bat and choose Run as administrator. Let it run for several minutes, the tool will dump all explorer.exe injections. It will create several files and folders in the same location. Pack those files in an archive and send me a PM with it.
Thank you!0 -
Hello
Please save the file first, on your desktop and extract both files in the same location.
Right click on tool.bat and choose Run as administrator. Let it run for several minutes.....Thank you!
Right clicked and ran above as Administror
Above ran for 12 minutes...nothing created ?0 -
Update Note...same files when copied and/or extracted to my Windows XP Pro SP3 and Windows 7 32 bit Pro SP1 run successfully and create a dozen or so files. Win 7 64bit Pro SP1 will NOT execute the command in the tool.bat file
TiminAz0 -
Importance of this may have just escalated on this end....got the following warning similar to the one that started this tread...as follows:
Please run the tool - password "tool" without quotes from this link:
http://www.mediafire.com/file/b93lut4jh8eilct/tool.rar
1 unpack the archive
2 inside the folder tool, run "tool.bat"
3 wait for it to finish ( can take a few minutes )
4 send us all the files it creates ( also with subfolders )
My above separate reply to this thread indicates the tool will not work on 64bit systems...?
Oct 7 2012, 02:29 PM & Oct 7 2012, 02:53 PM
Christain...Is there a 64bit version of the system dump tool you requested previously ??
0 -
Hello
I will talk to my colleagues from the Labs and get back to you on this ASAP.
Also I will need one more thing:
Navigate to this key
HKEY_LOCAL_MACHINE\SOFTWARE\AVC3\UserID
and export the value.
How to:
http://www.pc1news.com/videos/export-registry-key-15.html
Send me a PM with it.
Thank you!0 -
Key sent via PM...Thanks
0 -
Hello
I have replied to your PM, I need the exported key, not the text from the file.
Thank you!0 -
Hello
My colleagues launched an update for Active Virus Control. Do you still get those Events related to that process?
Thank you!0 -
Hello
My colleagues launched an update for Active Virus Control. Do you still get those Events related to that process?
Thank you!
Are you talking about the tool.rar files from mediafire ??0 -
Hello
I am talking about Explorer.exe, the initial reported issue.
Thank you!0 -
Hello
I am talking about Explorer.exe, the initial reported issue.
Thank you!
Have only got 2 warnings on explorer.exe...the 1st when this thread was started in September and the second in my post of Oct 17 2012, 09:32 AM
Will let you know if any additional warnings appear...
Thanks...TiminAz0 -
Have only got 2 warnings on explorer.exe...the 1st when this thread was started in September and the second in my post of Oct 17 2012, 09:32 AM
Will let you know if any additional warnings appear...
Thanks...TiminAz
Had to recover this PC to a system image of 9/24 due to a HDD issue...while updating system including BDIS2013...I did get the warnings again on explorer.exe. I think it said something like "watch and monitor" the file (explorer.exe) but I don't know what that means and/or if I can check the status somewhere in the BDIS2013 control panel ?
No additional warnings after all system/BD updates so far
TiminAz0 -
Hi
Please make sure that you have the latest product update installed:
http://forum.bitdefender.com/index.php?sho...st&p=164968
Detection was removed from Active Virus Control, the injected element is legit.
Thank you!0 -
Hi
Please make sure that you have the latest product update installed:
http://forum.bitdefender.com/index.php?sho...st&p=164968
Detection was removed from Active Virus Control, the injected element is legit.
Thank you!
Thanks Christain...but a little clearer please...so there is/was something "injected" in explorer.exe...but whatever it is/was is ok...and now BDIS2013 will not monitor/scan/check my explorer.exe file in further scans ?
Was the previous explorer.exe warning therefore a "false positive" when I selected to "watch & monitor" the file ?0 -
Hello
Yes, it was a False Positive from the Active Virus Control module, my colleagues removed detection from the product. Your system is not infected.
Please let me know if you have other questions.
Thank you!0
