Kindly be advised we cannot cancel subscriptions or issue refunds on the forum.
You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/

Thank you for your understanding.

Gen:variant.adware.graftor.47219 On "c:\windows\temp\tmp00*" Files

Options
KentWilliams
KentWilliams
in Bitdefender antivirus free edition

I'm using Windows 7 Ultimate SP1 x64 and since I've installed Bitdefender Antivirus Free Edition 2 days ago I'm getting lots of infection reports like the following:


Scan Results
The Virus Shield detected 4 infected items.
Scan Results
File Name    Infection    Action
C:\Windows\Temp\tmp00006899\tmp00058ca6    Gen:Variant.Adware.Graftor.47219    None
C:\Windows\Temp\tmp00006899\tmp00058c9a    Gen:Variant.Adware.Graftor.47219    Deleted
C:\Windows\Temp\tmp00006899\tmp000583fa    Gen:Variant.Adware.Graftor.47219    Deleted
C:\Windows\Temp\tmp00006899\tmp000587ba    Gen:Variant.Adware.Graftor.47219    Deleted


Those "tmp00*" files all have 319KB and don't last for long. What are creating them? Are they really infected or created by a malware?

Comments

  • azavoianu
    azavoianu
    Options

    Hello,


    Thanks for your feedback.


    Can you help us with more info?


    Maybe gzserv.log can help us, it is located in BD AV Free installation folder.


    You can send it via http://www.sendspace.com or http://www.mediafire.com and after send me the link or more simply via PM.


    Thanks,


    Alex

  • KentWilliams
    KentWilliams
    Options
    Hello,


    Thanks for your feedback.


    Can you help us with more info?


    Maybe gzserv.log can help us, it is located in BD AV Free installation folder.


    You can send it via http://www.sendspace.com or http://www.mediafire.com and after send me the link or more simply via PM.


    Thanks,


    Alex


    I've just found those files were been used/created by Microsoft Security Essentials:


    2013/01/20 18:02:41 OnAccessImpl.cpp [COnAccessImpl::ScanTimeoutCallback] TIMEOUT for file \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de5e (process \Device\HarddiskVolume3\Program Files\Microsoft Security Client\MsMpEng.exe pid: 572)
    2013/01/20 18:02:41 OnAccessImpl.cpp [COnAccessImpl::ScanTimeoutCallback] TIMEOUT for file \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de61 (process \Device\HarddiskVolume3\Program Files\Microsoft Security Client\MsMpEng.exe pid: 572)
    2013/01/20 18:02:41 ScanCore.cpp [CScanCore::ScanFile] INFECTED with Gen:Variant.Adware.Graftor.47219 -> \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de5e (pid: 572)
    2013/01/20 18:02:41 Rescan.cpp [CRescan::Scan] Could not rescan . errCode: -1073741807
    2013/01/20 18:02:42 OnAccessImpl.cpp [COnAccessImpl::ScanTimeoutCallback] TIMEOUT for file \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de64 (process \Device\HarddiskVolume3\Program Files\Microsoft Security Client\MsMpEng.exe pid: 572)
    2013/01/20 18:02:42 ScanCore.cpp [CScanCore::ScanFile] INFECTED with Gen:Variant.Adware.Graftor.47219 -> \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de61 (pid: 572)
    2013/01/20 18:02:42 Rescan.cpp [CRescan::Scan] Could not rescan . errCode: -1073741807
    2013/01/20 18:02:43 OnAccessImpl.cpp [COnAccessImpl::ScanTimeoutCallback] TIMEOUT for file \Device\HarddiskVolume3\Windows\TEMP\tmp000077bd\tmp0000de67 (process \Device\HarddiskVolume3\Program Files\Microsoft Security Client\MsMpEng.exe pid: 572)


    Another file ("backup-005548.tar.bz2") has been quarantined. How can I remove it from quarantine and prevent future false threat identifications of that file?

  • azavoianu
    azavoianu
    edited January 2013
    Options

    Hello again,


    As I can see in your text attached from gzserv.log our service has quite a lot of timeouts, and that's because you are using two security products: Microsoft Security Essentials and Bitdefender Antivirus Free Edition, which are incompatible on the same system.


    You must uninstall one of them for the proper functionality of your security product and computer.


    Thanks,


    Alex

  • KentWilliams
    KentWilliams
    Options
    Hello again,


    As I can see in your text attached from gzserv.log our service has quite a lot of timeouts, and that's because you are using two security products: Microsoft Security Essentials and Bitdefender Antivirus Free Edition, which are incompatible on the same system.


    You must uninstall one of them for the proper functionality of your security product and computer.


    Thanks,


    Alex


    Thank you! I've already uninstalled MSE.


    How can I remove a quarantine file and prevent future false threat identifications of that file by Bitdefender Antivirus Free Edition?

  • azavoianu
    azavoianu
    Options

    Hello,


    We are working on this issue, in the next product update this feature(restore from quarantine) will be available.


    Thanks for feedback,


    Alex

  • KentWilliams
    KentWilliams
    Options
    Hello,


    We are working on this issue, in the next product update this feature(restore from quarantine) will be available.


    Thanks for feedback,


    Alex


    The original file seems to be renamed to "<original filename>.108910.gzquar". If I just rename this new file will I recover the original?

  • KentWilliams
    KentWilliams
    Options
    Hello,


    We are working on this issue, in the next product update this feature(restore from quarantine) will be available.


    Thanks for feedback,


    Alex


    I need to recover the quarantined file. How can I do it before the next update?

  • azavoianu
    azavoianu
    Options

    Hello,


    You can reboot your pc and enter in safe mode. After that you can rename and recover quarantined files.


    Thanks,


    Alex

All Time Leaders

Categories

Defenders of the month