Gen:variant.adware.graftor.47219 On "c:\windows\temp\tmp00*" Files
I'm using Windows 7 Ultimate SP1 x64 and since I've installed Bitdefender Antivirus Free Edition 2 days ago I'm getting lots of infection reports like the following:
Scan Results
The Virus Shield detected 4 infected items.
Scan Results
File Name Infection Action
C:\Windows\Temp\tmp00006899\tmp00058ca6 Gen:Variant.Adware.Graftor.47219 None
C:\Windows\Temp\tmp00006899\tmp00058c9a Gen:Variant.Adware.Graftor.47219 Deleted
C:\Windows\Temp\tmp00006899\tmp000583fa Gen:Variant.Adware.Graftor.47219 Deleted
C:\Windows\Temp\tmp00006899\tmp000587ba Gen:Variant.Adware.Graftor.47219 Deleted
Those "tmp00*" files all have 319KB and don't last for long. What are creating them? Are they really infected or created by a malware?
Comments
-
Hello,
Thanks for your feedback.
Can you help us with more info?
Maybe gzserv.log can help us, it is located in BD AV Free installation folder.
You can send it via http://www.sendspace.com or http://www.mediafire.com and after send me the link or more simply via PM.
Thanks,
Alex0 -
Hello,
Thanks for your feedback.
Can you help us with more info?
Maybe gzserv.log can help us, it is located in BD AV Free installation folder.
You can send it via http://www.sendspace.com or http://www.mediafire.com and after send me the link or more simply via PM.
Thanks,
Alex
I've just found those files were been used/created by Microsoft Security Essentials:2013/01/20 18:02:41 OnAccessImpl.cpp [COnAccessImpl::ScanTimeoutCallback] TIMEOUT for file \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de5e (process \Device\HarddiskVolume3\Program Files\Microsoft Security Client\MsMpEng.exe pid: 572)
2013/01/20 18:02:41 OnAccessImpl.cpp [COnAccessImpl::ScanTimeoutCallback] TIMEOUT for file \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de61 (process \Device\HarddiskVolume3\Program Files\Microsoft Security Client\MsMpEng.exe pid: 572)
2013/01/20 18:02:41 ScanCore.cpp [CScanCore::ScanFile] INFECTED with Gen:Variant.Adware.Graftor.47219 -> \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de5e (pid: 572)
2013/01/20 18:02:41 Rescan.cpp [CRescan::Scan] Could not rescan . errCode: -1073741807
2013/01/20 18:02:42 OnAccessImpl.cpp [COnAccessImpl::ScanTimeoutCallback] TIMEOUT for file \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de64 (process \Device\HarddiskVolume3\Program Files\Microsoft Security Client\MsMpEng.exe pid: 572)
2013/01/20 18:02:42 ScanCore.cpp [CScanCore::ScanFile] INFECTED with Gen:Variant.Adware.Graftor.47219 -> \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de61 (pid: 572)
2013/01/20 18:02:42 Rescan.cpp [CRescan::Scan] Could not rescan . errCode: -1073741807
2013/01/20 18:02:43 OnAccessImpl.cpp [COnAccessImpl::ScanTimeoutCallback] TIMEOUT for file \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de67 (process \Device\HarddiskVolume3\Program Files\Microsoft Security Client\MsMpEng.exe pid: 572)
Another file ("backup-005548.tar.bz2") has been quarantined. How can I remove it from quarantine and prevent future false threat identifications of that file?0 -
Hello again,
As I can see in your text attached from gzserv.log our service has quite a lot of timeouts, and that's because you are using two security products: Microsoft Security Essentials and Bitdefender Antivirus Free Edition, which are incompatible on the same system.
You must uninstall one of them for the proper functionality of your security product and computer.
Thanks,
Alex0 -
Hello again,
As I can see in your text attached from gzserv.log our service has quite a lot of timeouts, and that's because you are using two security products: Microsoft Security Essentials and Bitdefender Antivirus Free Edition, which are incompatible on the same system.
You must uninstall one of them for the proper functionality of your security product and computer.
Thanks,
Alex
Thank you! I've already uninstalled MSE.
How can I remove a quarantine file and prevent future false threat identifications of that file by Bitdefender Antivirus Free Edition?0 -
Hello,
We are working on this issue, in the next product update this feature(restore from quarantine) will be available.
Thanks for feedback,
Alex0 -
Hello,
We are working on this issue, in the next product update this feature(restore from quarantine) will be available.
Thanks for feedback,
Alex
The original file seems to be renamed to "<original filename>.108910.gzquar". If I just rename this new file will I recover the original?0 -
Hello,
We are working on this issue, in the next product update this feature(restore from quarantine) will be available.
Thanks for feedback,
Alex
I need to recover the quarantined file. How can I do it before the next update?0 -
Hello,
You can reboot your pc and enter in safe mode. After that you can rename and recover quarantined files.
Thanks,
Alex0
