Gen:variant.adware.graftor.47219 On "c:\windows\temp\tmp00*" Files

I'm using Windows 7 Ultimate SP1 x64 and since I've installed Bitdefender Antivirus Free Edition 2 days ago I'm getting lots of infection reports like the following:

Scan Results
The Virus Shield detected 4 infected items.
Scan Results
File Name    Infection    Action
C:\Windows\Temp\tmp00006899\tmp00058ca6    Gen:Variant.Adware.Graftor.47219    None
C:\Windows\Temp\tmp00006899\tmp00058c9a    Gen:Variant.Adware.Graftor.47219    Deleted
C:\Windows\Temp\tmp00006899\tmp000583fa    Gen:Variant.Adware.Graftor.47219    Deleted
C:\Windows\Temp\tmp00006899\tmp000587ba    Gen:Variant.Adware.Graftor.47219    Deleted

Those "tmp00*" files all have 319KB and don't last for long. What are creating them? Are they really infected or created by a malware?

Find more posts tagged with

Comments

azavoianu

Hello,

Thanks for your feedback.

Can you help us with more info?

Maybe gzserv.log can help us, it is located in BD AV Free installation folder.

You can send it via http://www.sendspace.com or http://www.mediafire.com and after send me the link or more simply via PM.

Thanks,

Alex

KentWilliams

Hello,

Thanks for your feedback.

Can you help us with more info?

Maybe gzserv.log can help us, it is located in BD AV Free installation folder.

You can send it via http://www.sendspace.com or http://www.mediafire.com and after send me the link or more simply via PM.

Thanks,

Alex

I've just found those files were been used/created by Microsoft Security Essentials:

2013/01/20 18:02:41 OnAccessImpl.cpp [COnAccessImpl::ScanTimeoutCallback] TIMEOUT for file \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de5e (process \Device\HarddiskVolume3\Program Files\Microsoft Security Client\MsMpEng.exe pid: 572)
2013/01/20 18:02:41 OnAccessImpl.cpp [COnAccessImpl::ScanTimeoutCallback] TIMEOUT for file \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de61 (process \Device\HarddiskVolume3\Program Files\Microsoft Security Client\MsMpEng.exe pid: 572)
2013/01/20 18:02:41 ScanCore.cpp [CScanCore::ScanFile] INFECTED with Gen:Variant.Adware.Graftor.47219 -> \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de5e (pid: 572)
2013/01/20 18:02:41 Rescan.cpp [CRescan::Scan] Could not rescan . errCode: -1073741807
2013/01/20 18:02:42 OnAccessImpl.cpp [COnAccessImpl::ScanTimeoutCallback] TIMEOUT for file \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de64 (process \Device\HarddiskVolume3\Program Files\Microsoft Security Client\MsMpEng.exe pid: 572)
2013/01/20 18:02:42 ScanCore.cpp [CScanCore::ScanFile] INFECTED with Gen:Variant.Adware.Graftor.47219 -> \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de61 (pid: 572)
2013/01/20 18:02:42 Rescan.cpp [CRescan::Scan] Could not rescan . errCode: -1073741807
2013/01/20 18:02:43 OnAccessImpl.cpp [COnAccessImpl::ScanTimeoutCallback] TIMEOUT for file \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de67 (process \Device\HarddiskVolume3\Program Files\Microsoft Security Client\MsMpEng.exe pid: 572)

Another file ("backup-005548.tar.bz2") has been quarantined. How can I remove it from quarantine and prevent future false threat identifications of that file?

azavoianu

Hello again,

As I can see in your text attached from gzserv.log our service has quite a lot of timeouts, and that's because you are using two security products: Microsoft Security Essentials and Bitdefender Antivirus Free Edition, which are incompatible on the same system.

You must uninstall one of them for the proper functionality of your security product and computer.

Thanks,

Alex

KentWilliams

Hello again,

As I can see in your text attached from gzserv.log our service has quite a lot of timeouts, and that's because you are using two security products: Microsoft Security Essentials and Bitdefender Antivirus Free Edition, which are incompatible on the same system.

You must uninstall one of them for the proper functionality of your security product and computer.

Thanks,

Alex

Thank you! I've already uninstalled MSE.

How can I remove a quarantine file and prevent future false threat identifications of that file by Bitdefender Antivirus Free Edition?

azavoianu

Hello,

We are working on this issue, in the next product update this feature(restore from quarantine) will be available.

Thanks for feedback,

Alex

KentWilliams

Hello,

We are working on this issue, in the next product update this feature(restore from quarantine) will be available.

Thanks for feedback,

Alex

The original file seems to be renamed to "<original filename>.108910.gzquar". If I just rename this new file will I recover the original?

KentWilliams

Hello,

We are working on this issue, in the next product update this feature(restore from quarantine) will be available.

Thanks for feedback,

Alex

I need to recover the quarantined file. How can I do it before the next update?

azavoianu

Hello,

You can reboot your pc and enter in safe mode. After that you can rename and recover quarantined files.

Thanks,

Alex