Several Infections In Computer, Including Sytem32 Folder

I am really concerned. I am trying the free trial of Bitdefender Total security, and in the last days is is detecting lots of infected archives in my computer, and indicating that the program cannot remove them. I thought they could be false positives, but even lowering the detection level to "Normal" from "Aggressive" does not stop the alerts from appearing.

By reading the forums, I read about a program named ComboFix, and I ran it on my computer. The program did not detect as dangerous the files Bitdefender claims to be infected, but erased a file in System32 and some temp files instead. I have the log file to post if you require it.

What is rare is that those files are only detected by the resident shield, but not by any manual scans, even in safe mode. And, some files belonging to BitDefender, which led me to thought at first they could be false positives. In the logs of complete scans, it specifies that those files could not be found ion the computer. All the files would normally be unharmful as well.

Here's a list of the supposedly infected files. I appreciate your time, and thank you in advance.

C:\Users\Leonardo\AppData\Roaming\Skype\shared_httpfe\queue.lock

C:\Users\Leonardo\AppData\Roaming\Skype\shared_dynco\dc.lock

C:\Users\Leonardo\AppData\Roaming\Skype\midstofthetremor\msn.lock

C:\Users\Leonardo\AppData\Roaming\Skype\midstofthetremor\main.lock

C:\Users\Leonardo\AppData\Roaming\Skype\midstofthetremor\keyval.lock

C:\Users\Leonardo\AppData\Roaming\Skype\midstofthetremor\bistats.lock

C:\Users\Leonardo\AppData\Roaming\Mozilla\Firefox\Profiles\v8al70dl.default\parent.lock

C:\Users\Leonardo\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2

C:\Users\Leonardo\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1

C:\Users\Leonardo\AppData\Local\Microsoft\Windows\UsrClass.dat

C:\Windows\SysWOW64\log.txt

C:\Windows\System32\config\SYSTEM.LOG2

C:\Windows\System32\config\SYSTEM.LOG1

C:\Windows\System32\config\system

C:\Windows\System32\config\SOFTWARE.LOG2

C:\Windows\System32\config\SOFTWARE.LOG1

C:\Windows\System32\config\software

C:\Windows\System32\config\SECURITY.LOG2

C:\Windows\System32\config\SECURITY.LOG1

C:\Windows\System32\config\security

C:\Windows\System32\config\SAM.LOG2

C:\Windows\System32\config\SAM.LOG1

C:\Windows\System32\config\sam

C:\Windows\System32\config\RegBack\SYSTEM

C:\Windows\System32\config\RegBack\SOFTWARE

C:\Windows\System32\config\RegBack\SECURITY

C:\Windows\System32\config\RegBack\SAM

C:\Windows\System32\config\RegBack\DEFAULT

C:\Windows\System32\config\DEFAULT.LOG2

C:\Windows\System32\config\DEFAULT.LOG1

C:\Windows\System32\config\default

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-00C04FC295EE}\catdb

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-00C04FC295EE}\catdb

C:\Windows\System32\catroot2\edb.log

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG2

C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT.LOG1

C:\Windows\ServiceProfiles\NetworkService\ntuser.dat

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG2

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT.LOG1

C:\Windows\ServiceProfiles\LocalService\ntuser.dat

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\smartdb-ntfs.db

C:\Program Files\BitDefender\BitDefender 2013\onaccess.dat

Find more posts tagged with

Comments

Cavalier

I'll add some new files that just appeared, just in case if it would be possible for the infection to be spreading:

C:\Users\Leonardo\ntuser.dat.LOG1

C:\Users\Leonardo\ntuser.dat.LOG2

C:\Users\Leonardo\ntuser.dat

rootkit

Hello

In order to be able to further investigate the reported situation we need a bit more information from your computer as follows:

. A BDSYS log;

[how to GENERATE A BDSYS LOG]

. Save and extract the BDSYS tool to a location of your choice:

http://www.bitdefender.com/files/Knowledge.../BDSysLog_i.exe

. Make sure you close all active applications and then run "BDSysLog_i.exe"; If you receive a firewall

alert,select to Allow the application to connect;

. Click the "Create log" button to start generating the

log; A progress bar is indicating that the tool is creating the report;

. When the small window appears with the message "Log

saved" then the report is complete and a new file named "bdsyslog.zip" has appeared on your Desktop;

. Send me via PM the generated log file.

. If the file is to big for send it over PM, upload the results to one of the online file hosting servers mentioned below or use one of your own and send via PM the download link.

http://www.sendspace.com

http://www.mediafire.com

IMPORTANT:

.During this process the Real Time Protection in Bitdefender must be temporarily disabled;

.If you receive a Bitdefender Firewall alert to inform you that BDSysLog_i.exe tries to connect to the internet,then you need to select Allow;

[how to DISABLE THE ANTIVIRUS PROTECTION in Bitdefender 2013]

In order to disable the antivirus protection, please open Bitdefender and click the "Settings" button in the upper side part of the interface"; In the new window go to "Antivirus" > "Shield" tab and click on "ON" under On-access scanning. Select the time interval that suites your troubleshooting needs and click "OK". The On-access scanning should be enabled back after finishing the troubleshooting procedure.

[How to create a screen shot]

On Windows, press the Print Screen or Prnt Scrn key on your keyboard, found at the upper right of the keyboard. This key will capture the entire screen. Open up your paint program -click on "Start-> All Programs-> Accessories->

Paint". In the paint program, select File/New, then Edit/Paste. Then save the file and attach it in your PM message.

If the file is to big for send it over PM, upload the results to one of the online file hosting servers mentioned below or use one of your own and send via PM the download link.

We will get back to you as soon as the analysis is complete.

Have a nice day.

deetheis

I am experiencing the exact same issue as in this post: http://forum.bitdefender.com/index.php?showtopic=40960

It appears that every line item listed in the post "Several Infections In Computer, Including Sytem32 Folder, Several infected files that cannot be erased" is identical to those that I am receiving.

So I have followed the instructions posted as follows:

In order to be able to further investigate the reported situation we need a bit more information from your computer as follows:

. A BDSYS log;

[how to GENERATE A BDSYS LOG]

. Save and extract the BDSYS tool to a location of your choice:

http://www.bitdefender.com/files/Knowledge.../BDSysLog_i.exe

. Make sure you close all active applications and then run "BDSysLog_i.exe"; If you receive a firewall

alert,select to Allow the application to connect;

. Click the "Create log" button to start generating the

log; A progress bar is indicating that the tool is creating the report;

. When the small window appears with the message "Log

saved" then the report is complete and a new file named "bdsyslog.zip" has appeared on your Desktop;

. Send me via PM the generated log file.

I tried to PM this message and upload the bdsyslog.zip file but I could not PM due to:

"This message cannot be sent because the recipient has their personal messenger disabled or they are in a member group not allowed to use the personal messenger."

I have bitdefender on all our home devices and it’s only my Lenovo IdeaPad that has consistently given me problems exactly as in this post. Fact, just last week I used your remove tool and followed the instructions via another post which suggested that I needed to reinstall due to what appeared to be a corrupt version/install of Bitdefender Total Security 2013. This was all based on the fact that I could NOT turn on Active Virus Control. It simply would not allow me to. I obviously thought that was suspicious seeing as when I first installed Bitdefender in Dec. it allowed me to do so.

I have generated the log bdsyslog.zip. but since i could not PM and upload it then here is a link to download the file.

http://takeflightdesigns.com/files/bdsyslog.zip If you need for me to only send the file via PM... Ill be happy to do so.

I’ve depend on this computer for my business. I cannot afford for something to happen to it or even loosing time fixing it if something were to go bad. I work from home as a web designer and I am a single mom. So you get my point I’m sure. I need to know that I do not have any serious vulnerabilities.