I can't seem to get rid of this, any suggestions?
Hello
Please generate a scan log so I can better understand the issue:
http://forum.bitdefender.com/index.php?showtopic=36507
Take care.
Hello Please generate a scan log so I can better understand the issue: http://forum.bitdefender.com/index.php?showtopic=36507 Take care.
Product : Bitdefender Antivirus Plus 2013
Scanning task : System Scan
Log date : Thursday, October 18, 2012 12:38:41 PM
Log path : C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\dcf483c4-26d0-4e6f-ba28-6a53a00adae1\1350578867_1_02.xml
Scan Paths:
Path : C:\
Path : Q:\
[-]Scan Results
[+]Resolved issues:Object Path Threat Name Final Status
File: C:\Qoobox\Quarantine\C\Program Files (x86)\OApps\bhO.dll.vir Application.Generic.408068 Deleted
File: C:\recovered pics\File15315.JPG=>(Embedded EXE g) Adware.Generic.139453 Moved to Quarantine
File: C:\recovered pics\File11386.JPG=>(Embedded EXE g) Gen:Trojan.Heur.FU.diZ@a0njcini Moved to Quarantine
[-]Objects that were not scanned:Object Path Reason Final Status
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(ZIP Sfx 5r)=>resource.0000.pkg=>trio_dxtest9.dat Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>agntinst.vbs Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>images/icon_info_16x16.gif Password-protected Not scanned (file was password-protected)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(ZIP Sfx 2r)=>resource.0000.pkg=>restrict_64bit.dat Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>lang_agnt.vbs Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File10180.JPG=>(Embedded DocFile 2g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File1281.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} (object was not found)
File: C:\recovered pics\File1481.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File3164.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>mcccom.lpk Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>agentins.ini Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File6324.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>agent_lang_helper.vbs Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File3291.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File0295.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File0736.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File3823.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\System Volume Information\{44a83b83-10e4-11e2-b685-d4bed997ba79}{3808876b-c176-4e48-b7ae-04046e6cc752} (object was not found)
File: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat=>_TUProjDT.dat Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File3158.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recover2\UpdateRLD.dat=>_TUProjDT.dat Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>images/icon_progress_checked_13x13.gif Password-protected Not scanned (file was password-protected)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(NSIS 4r)=>resource.0000.pkg=>require_directx6.dat Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File2647.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>HtmlUtil.vbs Password-protected Not scanned (file was password-protected)
File: C:\System Volume Information\{bee72d34-15c8-11e2-a755-d4bed997ba79}{3808876b-c176-4e48-b7ae-04046e6cc752} (object was not found)
File: Q:\ (object was not found)
File: C:\recovered pics\File3386.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File4619.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File0786.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>setcss.vbs Password-protected Not scanned (file was password-protected)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(NSIS 4r)=>resource.0000.pkg=>require_directx9.dat Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File0778.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>instwiz.css Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File6809.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(ZIP Sfx 2r)=>resource.0000.pkg=>require_directx6.dat Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File3122.JPG=>(Embedded DocFile 2g)=>(Appended executable)=>(Embedded EXE g) Overcompressed Not scanned (file was overcompressed)
File: C:\System Volume Information\{a9682c08-16e6-11e2-95d1-d4bed997ba79}{3808876b-c176-4e48-b7ae-04046e6cc752} (object was not found)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(ZIP Sfx 5r)=>resource.0000.pkg=>dxtest.exe Password-protected Not scanned (file was password-protected)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(ZIP Sfx 2r)=>resource.0000.pkg=>require_directx9.dat Password-protected Not scanned (file was password-protected)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(NSIS 4r)=>resource.0000.pkg=>trio_dxtest6.dat Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>agntcons.vbs Password-protected Not scanned (file was password-protected)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(NSIS 4r)=>resource.0000.pkg=>trio_dxtest9.dat Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File11671.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File1571.JPG=>(Embedded DocFile 2g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\Program Files (x86)\InstallShield Installation Information\{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}\SupportFiles.7z=>VideoStage.ico Password-protected Not scanned (file was password-protected)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(ZIP Sfx 2r)=>resource.0000.pkg=>trio_dxtest6.dat Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File1680.JPG=>(Embedded DocFile 3g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File0808.JPG=>(Embedded DocFile 2g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>default.htm Password-protected Not scanned (file was password-protected)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(ZIP Sfx 5r)=>resource.0000.pkg=>dxtest90.exe Password-protected Not scanned (file was password-protected)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(ZIP Sfx 2r)=>resource.0000.pkg=>require_winxp.dat Password-protected Not scanned (file was password-protected)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(ZIP Sfx 2r)=>resource.0000.pkg=>trio_dxtest9.dat Password-protected Not scanned (file was password-protected)
File: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat=>IRIMG1.JPG Password-protected Not scanned (file was password-protected)
File: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat=>IRIMG2.JPG Password-protected Not scanned (file was password-protected)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(ZIP Sfx 5r)=>resource.0000.pkg=>require_winxp.dat Password-protected Not scanned (file was password-protected)
File: C:\recover2\UpdateRLD.dat=>IRIMG1.JPG Password-protected Not scanned (file was password-protected)
File: C:\recover2\UpdateRLD.dat=>IRZip.lmd Password-protected Not scanned (file was password-protected)
File: C:\recover2\UpdateRLD.dat=>IRIMG2.JPG Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>header.vbs Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File0325.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recover2\UpdateRLD.dat=>IRIMG3.JPG Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File0703.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File2788.JPG=>(Embedded DocFile 2g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File0723.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>agntlang.vbs Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File9791.JPG=>(Embedded DocFile 2g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File2038.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File2434.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(ZIP Sfx 5r)=>resource.0000.pkg=>restrict_64bit.dat Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File0375.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>SubInfoData.vbs Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File4147.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File4381.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File1359.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(NSIS 4r)=>resource.0000.pkg=>dxtest.exe Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File7193.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File0993.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>images/icon_progress_unchecked_13x13.gif Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>images/icon_progress_hot_13x13.gif Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File6286.JPG=>(Embedded DocFile g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>vssver.scc Password-protected Not scanned (file was password-protected)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(ZIP Sfx 2r)=>resource.0000.pkg=>dxtest.exe Password-protected Not scanned (file was password-protected)
File: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat=>_TUProj.dat Password-protected Not scanned (file was password-protected)
File: C:\recover2\UpdateRLD.dat=>_TUProj.dat Password-protected Not scanned (file was password-protected)
File: C:\System Volume Information\{1fba739c-181c-11e2-a1b9-d4bed997ba79}{3808876b-c176-4e48-b7ae-04046e6cc752} (object was not found)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(ZIP Sfx 5r)=>resource.0000.pkg=>require_directx6.dat Password-protected Not scanned (file was password-protected)
File: C:\System Volume Information\{d88a73aa-15cc-11e2-a328-d4bed997ba79}{3808876b-c176-4e48-b7ae-04046e6cc752} (object was not found)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(NSIS 4r)=>resource.0000.pkg=>dxtest90.exe Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>InstUtil.vbs Password-protected Not scanned (file was password-protected)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(ZIP Sfx 5r)=>resource.0000.pkg=>require_directx9.dat Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>images/icon_mcafee_61x61.gif Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File5107.JPG=>(Embedded DocFile 2g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(NSIS 4r)=>resource.0000.pkg=>require_winxp.dat Password-protected Not scanned (file was password-protected)
File: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat=>DataSafe_Green.ico Password-protected Not scanned (file was password-protected)
File: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat=>Wow64.lmd Password-protected Not scanned (file was password-protected)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(ZIP Sfx 2r)=>resource.0000.pkg=>dxtest90.exe Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File3067.JPG=>(Embedded DocFile 2g)=>(Appended executable) Overcompressed Not scanned (file was overcompressed)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>images/bg_left_1x314.gif Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>instxp.css Password-protected Not scanned (file was password-protected)
File: C:\System Volume Information\{c53b8867-12f0-11e2-b76b-d4bed997ba79}{3808876b-c176-4e48-b7ae-04046e6cc752} (object was not found)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(ZIP Sfx 5r)=>resource.0000.pkg=>trio_dxtest6.dat Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>pbar.vbs Password-protected Not scanned (file was password-protected)
File: C:\Users\Lynden\Downloads\FinalMediaPlayer2010Setup.exe=>(NSIS 4r)=>resource.0000.pkg=>restrict_64bit.dat Password-protected Not scanned (file was password-protected)
File: C:\recovered pics\File22727.JPG=>(CAB Sfx g)=>agentins.ui=>agntinst.htm Password-protected Not scanned (file was password-protected)
[-]Detailed Scan Summary
[-]Basic
Scanned items : 1575611
Infected items : 3
Suspicious items : 0 (no suspected items have been detected)
Resolved items : 3
Unresolved items : 0 (no issues remained unresolved)
[+]Advanced
Anything yet?
I don't see anything related to Ib.adnx in the logs.
Also, all the photos from this folder C:\recovered pics seem to have things embedded like vbs or doc files.
Are you sure they are legit?
What you used to recover those files?
Thank you!
Hello I don't see anything related to Ib.adnx in the logs. Also, all the photos from this folder C:\recovered pics seem to have things embedded like vbs or doc files. Are you sure they are legit? What you used to recover those files? Thank you!
The disc was accidentally formatted and recovered.
What I may do is transfer all the pics to another drive.
think that might help?
Right now the system is clean, all the infections were removed.
Should you need any further assistance, please do not hesitate to contact us.
Have a great day!
Hello Right now the system is clean, all the infections were removed. Should you need any further assistance, please do not hesitate to contact us. Have a great day!
Thanks a bunch.
The thing would pop up every time I used Yahoo or did any action within Yahoo.
You are most welcome!
Please let us know if you have any other questions.
Have a great weekend!
Hello You are most welcome! Please let us know if you have any other questions. Have a great weekend!
It's back.
First thing that popped up when I opened an email in Yahoo.
Could you please make a screenshot?
[How to take a screenshot]
1. When the window is on the screen please press the "PrintScreen" key ("PrintScreen" is located at the top of the keyboard, at right. At this step we can not see anything, as the picture is copied into Windows's clipboard)
2. Open a graphic editing application (We recommend using the standard Paint program, that comes with every Windows installation (Start > Program > Accessories > Paint))
3. Paste the picture in a new Paint document;
4. Save the file in JPEG format (BMP format is too big to send by e-mail)
5. Attach the screenshot in your next reply.
We are looking forward to hearing from you.
Hello Could you please make a screenshot? [How to take a screenshot] 1. When the window is on the screen please press the "PrintScreen" key ("PrintScreen" is located at the top of the keyboard, at right. At this step we can not see anything, as the picture is copied into Windows's clipboard) 2. Open a graphic editing application (We recommend using the standard Paint program, that comes with every Windows installation (Start > Program > Accessories > Paint)) 3. Paste the picture in a new Paint document; 4. Save the file in JPEG format (BMP format is too big to send by e-mail) 5. Attach the screenshot in your next reply. We are looking forward to hearing from you.
No problem, will do.
It seems to occur anytime I use a YAHOO page.
I copied this from the header:
ib.adnxs.com/pop?enc=dxIR_kVQ4T93EhH-RVDhPwAAAAAAAPA_dxIR_kVQ4T93EhH RVDhP1V8rD0NqPZhhiR791xaMgfjzZpQAAAAAPRnDQAdAgAAHQIAAAIAAABxISkAlEECAAAAAQBVU0QA
VVNEANACLAEHBAAAyEIAAgQCAQUAAIQAiB8LFgAAAAA.&cnd=%21lybjygin8x0Q8cKkARgAIJSDCTADOIeICEAESJ0EUPTPNVgAYDZoAHAEeOoOgAGmA4gB2ASQAQGYAQ
GgAQqoAQCwAQC5AZ-1N_9FUOE_wQGftTf_RVDhP8kB4Nph0aa38D_ZAQAAAAAAAPA_4AEA&udj=uf%28%27a%27%2C+16620%2C+1352322531%29%3Buf%28%27r%27%2C+2695537%2C+1352322531%29%3B&ccd=%21hAVOMwin8x0Q8cKkARiUgwkgBA..&vpid=45&creative_click=http%3A%2F%2Fwww.arcadecandy.com%2Faj%2F551%2F5551%2FSUBID%2FREQUESTID&referrer=http%3A%2F%2Ffinance.yahoo.com%2Fmb%2Fforumview%2F%3Fbn%3D154312&dlo=1"]http://ib.adnxs.com/pop?enc=dxIR_kVQ4T93Eh...54312&dlo=1[/url]
I sure hope you have a fix for this POS virus.
I am so frustrated I bought a Mac.
I sure hope you have a fix for this POS virus.I am so frustrated I bought a Mac.
I don't blame or hold Bitdefender at fault for not being able to remove and defeat this virus.
The guy who wrote it better hope I never run into him.
Hello,
That is just a pop-up and is legit.
I can see that you use Chrome, so you should install this ad block extension:
https://chrome.google.com/webstore/detail/a...cnamgkkbiglidom
Hello,That is just a pop-up and is legit. I can see that you use Chrome, so you should install this ad block extension: https://chrome.google.com/webstore/detail/a...cnamgkkbiglidom Thank you!
Thanks for the link and it didn't show up today.
I am glad to hear that.
That extension should resolve all the issue with aggressive ads.
