You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/
Thank you for your understanding.
SpyDefense bèta false positiv
Hi
BitDefender keeps detecting sdd.sys which is located in c:\windows\system32\drivers\sdd.sys as being infected with Backdoor.HacDef.DO .
You can download it here : http://www.everestlabs.com/antispyware-download/
Regards
Niels
Comments
-
Hi Niels,
Are you sure that sdd.sys belongs to this antispyware? I downloaded and installed the application but I cannot find any sdd.sys.
If you have that file, please send it for analysis. You can PM it to me.
Have a nice day,
Lirima0 -
Yes that file belongs to the everstlabs's application and it is currently seen by many other anti-virus products as a virus. I can't send you the file as I don't have this software installed at work, but I'll try.
0 -
Hi Lirima
Yes it's part of SpyDefense. Because BitDefender only reacts when I perform a scan with it.
The strange thing is even when I enable show hidden files and folders. I can't locate the service. I did a search in google and NOD32 detected the same driver as infected. Here you can see it also :
http://www.wilderssecurity.com/archive/ind...p/t-116101.html
Thank you very much for your reply.
Regards
Niels0 -
Check again the driver, I think BitDefender doesn't detect it anymore. I've tried 2 hours ago and didn't receive any alert.
0 -
Hi Florin Stiuca
I will try to perform a scan. I tested it only yesterday.
Regards
Niels0 -
I still get the same warning. The warning popup's at the end. But another security program detected a trojan. Now also an system restore point is infected. The strange thing is that it's the same driver that NOD32 did detected as an false positiv.
0 -
The application drops the driver sdd.sys at some point during it's execution (probably that's when you get the warning popup) and installs it. The driver hooks a function used to create processes, which is probably why it got signed in the first place (by NOD32 too). It is clean.
The detection will be removed in a few hours.0 -
Hi Vlad
It only appears when the scan is almost completed. In the beginning I don't receive a warning from BitDefender. Thank you very much for your very quick reply.
Regards
Niels0
