Defection Failed And Move Failed
While scanning i've found a lot of viruses except they failed to disinfect and move
Any suggestion is appreciated.
Virus Statistics
Scan path : C:\
\
Folders : 5706
Files : 405125
Memory processes scanned : 46
Archives : 14937
Runtime packers : 21896
Identified viruses : 6
Infected files : 8
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 0
I/O errors : 54
Scan time : 02:53:34
Scan speed (files/sec) : 38
Spyware Statistics
Registry keys scanned : 1573
Registry keys infected : 0
Cookies scanned : 1487
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0
Virus definitions : 955509
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 7
Mail plugins : 6
System plugins : 5
Virus scan options
Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user
Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1195254838.log
Spyware scan options
[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies
Summary:
C:\Documents and Settings\HP_Owner\Local Settings\Temp\nsz241.tmp\dcads40.exe=>(NSIS o)=>lzma_solid_nsis0005 Detected: Adware.BHO.WQE
C:\Documents and Settings\HP_Owner\Local Settings\Temp\nsz241.tmp\dcads40.exe=>(NSIS o)=>lzma_solid_nsis0005 Disinfection failed
C:\Documents and Settings\HP_Owner\Local Settings\Temp\nsz241.tmp\dcads40.exe=>(NSIS o)=>lzma_solid_nsis0005 Move failed
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Rar$EX00.812\setup.exe=>(NSIS o)=>lzma_nsis0011=>(NSIS o)=>lzma_solid_nsis0005 Detected: Adware.BHO.WQE
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Rar$EX00.812\setup.exe=>(NSIS o)=>lzma_nsis0011=>(NSIS o)=>lzma_solid_nsis0005 Disinfection failed
C:\Documents and Settings\HP_Owner\Local Settings\Temp\Rar$EX00.812\setup.exe=>(NSIS o)=>lzma_nsis0011=>(NSIS o)=>lzma_solid_nsis0005 Move failed
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\IMUKQL2G\whCC-TRAFE7[1].exe=>(RAR Sfx o)=>readme.txt Detected: Spyware.Webhancer.Y
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\IMUKQL2G\whCC-TRAFE7[1].exe=>(RAR Sfx o)=>readme.txt Disinfection failed
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\IMUKQL2G\whCC-TRAFE7[1].exe=>(RAR Sfx o)=>readme.txt Move failed
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\IMUKQL2G\whCC-TRAFE7[1].exe=>(RAR Sfx o)=>whAgent.exe Detected: Spyware.Webhancer.AE
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\IMUKQL2G\whCC-TRAFE7[1].exe=>(RAR Sfx o)=>whAgent.exe Disinfection failed
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\IMUKQL2G\whCC-TRAFE7[1].exe=>(RAR Sfx o)=>whAgent.exe Move failed
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\IMUKQL2G\whCC-TRAFE7[1].exe=>(RAR Sfx o)=>whInstaller.exe Detected: Adware.Webhancer.BI
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\IMUKQL2G\whCC-TRAFE7[1].exe=>(RAR Sfx o)=>whInstaller.exe Disinfection failed
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\IMUKQL2G\whCC-TRAFE7[1].exe=>(RAR Sfx o)=>whInstaller.exe Move failed
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\IMUKQL2G\whCC-TRAFE7[1].exe=>(RAR Sfx o)=>webhdll.dll Detected: Adware.Webhancer.BI
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\IMUKQL2G\whCC-TRAFE7[1].exe=>(RAR Sfx o)=>webhdll.dll Disinfection failed
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\IMUKQL2G\whCC-TRAFE7[1].exe=>(RAR Sfx o)=>webhdll.dll Move failed
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\IMUKQL2G\whCC-TRAFE7[1].exe=>(RAR Sfx o)=>whiehlpr.dll Detected: Adware.Webhancer.Y
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\IMUKQL2G\whCC-TRAFE7[1].exe=>(RAR Sfx o)=>whiehlpr.dll Disinfection failed
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\IMUKQL2G\whCC-TRAFE7[1].exe=>(RAR Sfx o)=>whiehlpr.dll Move failed
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\W5WVGBC3\sp2-cydoor-728-2[1].swf=>[sWF command] Infected: Trojan.SwfDL.A
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\W5WVGBC3\sp2-cydoor-728-2[1].swf=>[sWF command] Disinfection failed
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\W5WVGBC3\sp2-cydoor-728-2[1].swf=>[sWF command] Move failed
Comments
-
Dear VietBoiiPhuoc
The reason why moving or disinfecting failed is because no antivirus can just move or disinfect the infected files and rebuild the installer afterwards. I recommend that you download this program. Don't forget to uncheck yahoo toolbar during installation. Close your browser first by doing this press the windows button together with r type taskmgr press enter. You have to select iexplore.exe, firefox.exe or opera.exe and press on kill task. Start ccleaner and press on run cleaner. Perform another scan.
I've moved your topic to a more appropriate forum section.
Best regards
Niels0 -
I tried customer help and got disconnected 3 times and I sent an email yesterday. I found this problem and it was similar to mine but the solution did not help. Here is my report, I hope you can help
//-----------------------------------------------------------------
//
// ProductBitDefender Antivirus v10
// Product10.2
//
// Created on: 29/11/2007 19:45:36
//
//-----------------------------------------------------------------
Virus Statistics
Scan path : C:\
Folders : 8223
Files : 191548
Memory processes scanned : 42
Archives : 6529
Runtime packers : 9156
Identified viruses : 3
Infected files : 2
Memory processes infected : 1
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 1
I/O errors : 27
Scan time : 00:45:04
Scan speed (files/sec) : 70
Spyware Statistics
Registry keys scanned : 1699
Registry keys infected : 0
Cookies scanned : 1
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0
Virus definitions : 18969263
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 7
Mail plugins : 6
System plugins : 5
Virus scan options
Detection
[X] Scan boot sectors
[X] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user
Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1196383536.log
Spyware scan options
[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies
Summary:
<System>=>C:\WINDOWS\noskrnl.exe (memory dump) Infected: Generic.Malware.SFMHY@mmign.C60A0025
<System>=>C:\WINDOWS\noskrnl.exe (memory dump) Disinfection failed
<System>=>C:\WINDOWS\noskrnl.exe (memory dump) Move failed
<System>=>C:\WINDOWS\noskrnl.exe (full dump) Infected: Generic.Malware.SFMHY@mmign.3E78F560
<System>=>C:\WINDOWS\noskrnl.exe (full dump) Disinfection failed
<System>=>C:\WINDOWS\noskrnl.exe (full dump) Move failed
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\noskrnl.exe Infected: Generic.Malware.SFMHY@mmign.50DA829A
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\noskrnl.exe Disinfection failed
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\noskrnl.exe Moved0 -
Have you tried any antispyware program?
The antyspyware programs can detect more adware/spyware related malware than antivirus programs which are primarily detect and remove viruses.
You can try SuperAntispyware (freeware). Install, update and run, if it didn't remove the malware in normal mode or at reboot go to safe mode and remove it from there.
You may need to do some cleaning manually after that.0 -
The reason why move failed for the first two entries, is because they are memory dump scans - it means the file is currently loaded in memory. Open the task manager and kill the noskrnl.exe process, then go to C:\Windows and manually delete the file. Run another scan to make sure you're clean.
0
