Real-time Protection

ragereaver

For some reason. The real-time protection icon is not showing up on my taskbar. But when i execute my task manager. It shows bdagent.exe in the process list there and when i hit ALT+G the 'game mode' was initiated. But somehow I still feel insecure

So what's wrong with it? Any solution for it? Im using Windows Vista Home Premium SP1

Niels

Hello ragereaver

Please take a look at the answer I gave in this topic.To verify is BitDefender realtime protection is running you must see the following processes running in task manager: vsserv.exe,xcommsvr.exe,livesrv.exe and bdagent.exe

Best regards

Niels

ragereaver

Okay i've run the fix in the page u link me to

Ah and yes the icon is showing up in the taskbar but i couldnt locate vsserv.exe,xcommsvr.exe,livesrv.exe in my process list

There's only bdagent.exe

Niels

Hello ragereaver,

Please check this:

Press the windows button together with r now type services.msc press enter. Normally you must find 4 services that have BitDefender in the name. Double click on the BitDefender Virus Shield service it should be started /running if not press on start/run the startup type should be set on automatic if not change it and press on apply and ok. The BitDefender Threat Scanner should also be started/running.

Best regards

Niels

ragereaver

Thanks all for the fast reply

Yeap i've checked

There's 4 services in with The BitDefender name in it

The virus shield service startup type is automatic and its started

While the threat scanner startup type is manual and its started

AndreiASM

There might be some incompatibility issues. Please try to repair your installation, if that fails as well, you should try reintsalling it. Please uninstall BD using the special removal tool, that you can find here, and than reinstall BD.

Good luck! Please come back if the problem persists.

ragereaver

Ok i've tried remove using the tool u provided and reinstall it again

It turned out to be worst

Now even windows security center are not recognizing it at all

Same issue happen

Any ways to clean off all the registry of BD and do a fresh install again?

AndreiASM

Yes, by using the removal tool, all the registry traces and all the files are removed. There are some incompatibility issues in your case. It would be very helpfull for us if you could tell us what programs are running on your pc, or even posting a HijackThis log.

ragereaver

OK here's what i've done

I've run the installation tool u provided once. Then reboot and run it again.

I downloaded CCleaner and fix every issue in it. Then i scan it again and found no errors.

I then downloaded Glary Utilities and scan for errors then fix every found items in it. Rescan and found no errors.

Reboot my machine then i do another install and then reboot again.

Then this time seems to be more promising. After the reboot yes the bitdefender icon appear in my taskbar. Windows security center recognize it as well. Then i update it and open my task manager...to my disappointment i found no vsserv.exe,xcommsvr.exe,livesrv.exe and bdagent.exe either

But there's this "File zone" graph thing running above my taskbar. Whenever i execute something there's a noticeable changes on the graph.

What should i do now?

I'll post a hijackthis log for my system. Anyway the hijackthis tells me that the host is blocking the access of it ? What's that suppose to mean?

This is the hijackthis log after I've everything stated above

Thanks ^^

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:29:06 PM, on 4/23/2008

Platform: Windows Vista SP1 (WinNT 6.00.1905)

MSIE: Internet Explorer v7.00 (7.00.6001.18000)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\Program Files\BenQ\Q-HotkeyMgr\HotkeySensor.exe

C:\Program Files\BenQ\QShot\QShot.exe

C:\Program Files\BenQ\BenQ Surround\BenQSurround.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Users\William FooWL\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.benq.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.benq.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O1 - Hosts: ::1 localhost

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll

O4 - HKLM\..\Run: [unattend0000000001{75ED7952-05BB-4A1F-B4A3-AD6B79325228}] wscript.exe c:\windows\winbom.vbs

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [Q-HotkeyMgr] "C:\Program Files\BenQ\Q-HotkeyMgr\HotkeySensor.exe"

O4 - HKLM\..\Run: [QShot] C:\Program Files\BenQ\QShot\QShot.exe

O4 - HKLM\..\Run: [benQSurround] C:\Program Files\BenQ\BenQ Surround\BenQSurround.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Q-MediaBar] "C:\Program Files\BenQ\Q-MediaBar\QBar.exe" /stop

O4 - HKLM\..\Run: [unattend0000000001{44C094C3-90E2-496F-AE1A-67DBAB28240E}] wscript.exe c:\windows\winbom.vbs

O4 - HKLM\..\Run: [skytel] Skytel.exe

O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"

O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O13 - Gopher Prefix:

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab

O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab

O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: MgiSvr - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i 3\uMgiSvr.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe

O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe

--

End of file - 6477 bytes

AndreiASM

Youre log is clean.

The problem persists after reboot as well?

ragereaver

Well...frankly i had no idea what's the problem at all

Juz vsserv.exe,xcommsvr.exe,livesrv.exe isn't showing up in my task manager

I had no idea how to test whether it is working anot unless im going to purposely visit some infected website *that would be insane *

AndreiASM

OK than, go to Start - Run and type in services.msc. Than, seek all the processes that have BitDefender in their names, and check their status and their Startup type. Please let me know what these values are.

ragereaver

There's 4 services with the name BitDefender in it

Name | Status | Startup Type

---------------------------------------------------------------------------------------------------

BitDefender Communicator - Started - Automatic

BitDefender Desktop Update Service - Started - Automatic

BitDefender Threat Scanner - Started - Manual

BitDefender Virus Shield - Started - Automatic

AndreiASM

This means, theoreticaly, that all services are running properly (which isn`t the case). Please try right-clicking on BitDefender Comunicator and then click restart. Make notice if anything changed.

ragereaver

Erm unfortunately when i click the communicator and click restart

Windows give me this msg

"Windows could not stop the BitDefender Communicator Service on Local computer

Error 1052 : The Requested control is not valid for this service"

alexcrist

That error is "by design" and is generated by BitDefender SelfProtect which doesn't allow you (or anything else) to stop the services (and restarting them means stopping and starting).

But you said you are running Vista. If I'm not mistaking, in Vista the services don't show up in TaskManager in the same list with other processes. Did you check the Services tab in TaskManager, to see if BD services appear as running?

You can test the protection here: http://eicar.org/anti_virus_test_file.htm

Go to the bottom of the page and try to download the test files. If BitDefender reacts, it means you are protected.

Cris.

Niels

Hello ragereaver,

What kind of account do you have? Is it an administrator account or with limited rights? What is the security status when you open BitDefender by right clicking on the red BitDefender icon near the system clock and press on show?

Best regards

Niels

ragereaver

Ah thanks for all the reply

Well firstly to cris

I've juz checked the services tab.Im glad to find all the services in there

Then i click on the link u gave me and dl each file and yes BitDefender block 3 out of 4 from it. There's one name eicar.com.txt which bitdefender din block(a window appeared above the taskbar) but it appear to just some text

seems like its working " />

To Niels

Hmmm?I dun get it. U mean i should right click on the BD icon located in the taskbar? then click on show to check the secuity status? Anyway im the only user of this laptop of mine and im sure im the admin for it.