Win32:tiny.ady Not Detected

catilley1092

This is in concern to a serious threat not detected by Bitdefender Total Security 2014 (Build#17.24.0.1033). Windows 7 Pro SP1 x64 is the OS.

I have been having some issues with how my PC responds as of late, unfortunately some is masked due to the high power of the unit, Dell XPS 8700 w/i7 4770, 12GB DDR3 1600 RAM & Samsung 840 EVO SSD, all very fast (7.7 WEI or better). Only graphics are slow at 6.7 with Intel HD 4600 & 6.9 with AMD 7570 (Dell OEM).

This PC dual boot_s with the OEM version of Windows 8 that was reinstalled so that I could get around all of the Secure Boot/UEFI crap, now I hardly see the Dell splash screen pass. Anyway, on the OEM side of the PC, I have 1 year of McAfee Internet Security, which I removed today because of overall negative reviews of the software. It has blocked or caught only a few threats that were actually tracking cookies, I have SuperAntiSpyware (Lifetime Pro) to handle these.

Anyway, after removal of McAfee, I wanted a second opinion. First, please allow me to explain, all of my computers are dual, tri or quad boot systems (a couple Linux). Typically like this one, Windows 7 & 8 or 8.1. I do not run the same security on the different OS's/drives on the same computer, as I don't believe in putting all of my eggs in one basket. MBAM Pro is also installed on all Windows installs. SuperAntiSpyware Pro is only on this machine. I have the Free version on the others. I installed the latest version of Avast Free Antivirus to replace McAfee.

My question is this, how did a threat such as Win32:Tiny.ADY get onto Windows 7 Pro with the latest Bitdefender Total Security (from Sphere packaging), the flagship of the company, with all of the latest updates applied? This is my main install on my main computer, this threat is rated as very serious, password stealing, can cause other damage also. I have it set to run short scans daily, plus Full scans 2 times a week, plus any other Full scans I manually run. This threat was found in the pagefile.

And it was Avast Free on Windows 8 that caught the threat (on the 1st Full scan), BD 2014 has ran at least 10 Full scans since date of install (12/24/2013). How does a Free solution outdo a premier product? I purchased the product not because of it's great pricing on Newegg ($19.99 Shell Shocker), but because of AV-Comparatives reviews of it (link below). Now I have concerns of another install, protected by Emsisoft Anti Malware, because it uses the BD engine, in addition to it's own.

http://chart.av-comparatives.org/chart1.ph...rt=0&zoom=2

Now I'm going to have to go to a trusted PC (likely Linux Mint) & change all of my financial passwords.

Is the pagefile excluded from BD's scan by default? I haven't excluded it from protection. There are also an unusually high number of "password protected" files that BD doesn't scan, yet those files aren't locked down. Most are in the same downloads folder as the ones that are scanned.

Anyway, how did such as threat get on this computer? BD was installed before any apps were, so it should have been intercepted at the point of attack.

Cat

PNutts3

I think you've overly complicated your systems to the point where anyone that wants to help is going to need a three day training course just to understand the layout. When you say you reinstalled Windows 8 to work around Secure Boot/UEFI that tells me that you may not have a firm grasp on what it is and what it does so I have to question the other decisions you've made. I may be wrong because of no technical details provided but sounds like your infected Windows 7 OS is visible and writable from Windows 8 and who knows what else. If so your desire to "not put all your eggs into one basket" made you ended up with soup.

But to try and answer your question, who knows? Maybe it was a false positive by a free product. Maybe Bitdefender doesn't detect it. Why didn't Malewarebytes Pro detect it?

Now to try and be helpful. The technical support here is terrible. I'd run to the Malwarebytes forum as fast as you can where many patient and knowledgeable people will walk you through the process to determine if your system is actually infected and if it is then how to clean it.

And really, think about simplifying your systems. You've got enough ponies to run a couple of vm guests simultaneously unless you're mining bitcoin or in a theoretical frame rate numbers war with someone. Your attempt to outfox the professional malware distributors and ****** kiddies has given you a slow, infected PC.