How to tell BD virus is okay?

Hello,

My BD tells me I have a virus and 2 infected objects, which cannot be moved/disinfected.

Since I found how to locate them, I found out my son is the culprit. <img class= " />

Since he cannot get enough of playing games, he now installed some zip file from a friend so he can play gameboy advanced games on the computer ...

So ... BD rightly tells they are virsuses, but I do think my son intends to continue to play his games.

What should I do? / How do I tell BD its ok?

Should I still upload the file? Many thanks in advance

Find more posts tagged with

Comments

Niels

Hi Dan137

To really know if it's a real threat I would recommend you that you upload these files in a password protected archive with this password "infected" (without the quotes). What virus does BitDefender detect?

If you want to really exclude it do this :

In which folder are these files detected? If it's in a subfolder of program files. Than you can exclude the folder by starting BitDefender go to antivirus,adjusted level,enable the option don't scan this path on all levels press on add (new) item and browse to the folder and press on ok. But BitDefender will detect it during a scan.

Regards

Niels

Dan137

What virus does BitDefender detect?

The virus is at:

C:\IBMTOOLS\DRIVERS\MOUSE\SP2WHEEL\MS98.CAB=>PMUninst.exe

Infected: Trojan.Popuper.BY

The other infected files are also here. Does this help?

Upload the file still?

Thanks

alexcrist

Hi Dan137,

As I see, the "virus" is located in the mouse driver. It's kinda hard to believe that a PC game would install such drivers, so it's a lot safer to pack that file (MS98.cab) in a password protected zip archive (password: infected) and upload it here.

It might be a false positive (in which case detection will be removed), but it could also be a real virus (in which case you should clean it, especially because it is located in a driver).

Also, if there are other infected files, upload them here (you can put them all in the same archive).

Cris.

Niels

Hi Dan137

It's strange that there is a trojan located in an uninstaller. I think that it's a false positiv.

But I would recommend such as Cris said to upload that file.

Regards

Niels

Dan137

It's kinda hard to believe that a PC game would install such drivers

Cris,

I wonder if it's a "PC game".

Do you know those handheld nintendo games? This zip file holds such a game/ gameboy advanced game. The friend somehow downloads all the nintendo gameboy games and he passes them on ... actually he tried to sell it to my son <_< , but since they're friends he agreed to just give it, since it's the older nintendo advanced games, pokemon actually. The friend does the same with the newer Nintendo DS games.

Now I'm trying the follow the thread on "Virus submission" and I'm stuck at

point 3. Select IZArc -> Add to Archive File...

My computer doesn't say "add to archive file"; It says

extract to ...

extract here

extract to MS98

Email MS98.CAB

Convert archive

Open with IZArc

Which should I choose?

The file in question is not a file, it's a zip folder. It's called MS98.CAB

IZArc CAB Archive

1,743 KB

I'm just actually uploading it like this. I renamed it "infected" ... hope this works.

Well ... that didn't work: "Upload failed. You are not permitted to upload this type of file"

Should I have to upload the folder while disabled realtime protection?

Should I just go into folder MS98.CAB and find specific files?

Should I just delete the folder?

Many thanks in advance,

Dan137

Niels

Hi Dan137

I don't use IZarc try to add that file as an archive. Because otherwise your receive an errormessage when you attach it without adding it to an archive.

Regards

Niels

Dan137

try to add that file as an archive.

Hey Niels,

What do you mean? How do you add the zip folder as an archive?

Also keep in mind, I called it a file all along, but it's a zip folder.

Thanks,

Dan137

Niels

Hi Dan137

Try to extract the cab file into a new folder. After that make a zip or rar archive of the extracted folder. That should normally work.

Regards

Niels