Help! Objects Bypassing Bitdefender

Hi Guys,


I need some help here. I am not a computer exprt but I have a problem. I installed BD total security 2008 some time ago. I have a version of lavasoft Adaware 2008 on the pc. When i do a scan with BD everything comes out clean but if i repeat the scan with lavasoft, there are up to 65 infections detected. The objects that appear time and time again are CoolWeb search. How do I get BD to pick up those infections after referencing internet explorer? Please give me some advice here. My BD antispam toolbar in outlook express also vanished. How do I get it back


kevin B

Comments


  • Hi Guys,


    I need some help here. I am not a computer exprt but I have a problem. I installed BD total security 2008 some time ago. I have a version of lavasoft Adaware 2008 on the pc. When i do a scan with BD everything comes out clean but if i repeat the scan with lavasoft, there are up to 65 infections detected. The objects that appear time and time again are CoolWeb search. How do I get BD to pick up those infections after referencing internet explorer? Please give me some advice here. My BD antispam toolbar in outlook express also vanished. How do I get it back


    kevin B


    Hello,


    Try to reinstall BD in order to repair the antispam toolbar.


    Also.. try to submit the files detected as CoolWeb search by Lavasoft.

  • Hello,


    Try to reinstall BD in order to repair the antispam toolbar.


    Also.. try to submit the files detected as CoolWeb search by Lavasoft.


    I did reinstall BD last week and the antispam toolbar came back, but 3 days later it vanished again. Very illusive toolbar. I am not sure where to find the "files" that Lavasoft detected. I will run a scan again and try and check the log. Where do I send the details to and how is the best way to do it

  • You can just upload the files on the forum, in a password protected archive. See here for details: http://forum.bitdefender.com/index.php?showtopic=84


    Cris.


  • I did reinstall BD last week and the antispam toolbar came back, but 3 days later it vanished again. Very illusive toolbar. I am not sure where to find the "files" that Lavasoft detected. I will run a scan again and try and check the log. Where do I send the details to and how is the best way to do it


    Hi Cris,


    Thanks for your response. I did another scan with lavasoft this morning. A copy of the scanned log is attached. Is this the info you require?

    /applications/core/interface/file/attachment.php?id=2280" data-fileid="2280" rel="">Ad_Aware_20080619_10_24_58.log

  • Hello kevin B,


    Normally Ad-Aware 2008 quarantines the found infections except for cookies and mru these kind of items are immediately removed. Please open Ad-Aware 2008 press the scan section and press on quarantine & ignore there normally the infection should be stored. Please post the location of the found items. Write it also down. It could be that you need to restore them to be able to archive them so the virus researchers can add defenitions for it.


    Kind regards,


    Niels

  • In the attached log are 4 entries, all of them representing Registry entries that were deleted. This means that no files were removed from your PC. Am I wrong?


    Cris.

  • Hello Cris,


    He told that he did a new scan after he did a previous scan. So the scan log is only from the latest scan.


    Which could only be some remaints that Ad-aware found.


    Best regards,


    Niels


    Hello kevin B,


    Try to download and run this registry cleaner and see if after you have first closed outlook express the toolbar should be back. Once you have installed it run it go to the modules tab and press on registry cleaner,scan registry for problems,press on repair.


    Best regards,


    Niels

  • Hello Cris,


    He told that he did a new scan after he did a previous scan. So the scan log is only from the latest scan.


    Which could only be some remaints that Ad-aware found.


    Best regards,


    Niels


    Hello kevin B,


    Try to download and run this registry cleaner and see if after you have first closed outlook express the toolbar should be back. Once you have installed it run it go to the modules tab and press on registry cleaner,scan registry for problems,press on repair.


    Best regards,


    Niels


    Hi Niels,


    Thanks for the help, the toolbar is back now. The registry cleaner found 18 faults and repaired them. Once that was done, i went back to internet explorer and looked at weber carbs and a site on rifles. After that i ran lavasoft adaware gain and 14 infections were detected again. Still the same family of malware CoolWeb search as well as some mru's dont know what that is.


    I tried to upload the logfile (.xml) but it wouldnt upload. I got a red X which said , upload failed. Please ask the administrator to check the settings and permissions. Am I doing something wrong? I dont know too much about this stuff so I may need some more step by step instruction on how to get the logfile to you.

  • Hi Niels/Cris


    the logfile is 91kB in size and has a .log.xml extension. Is that why it wont upload?


    I appreciate your help so far.


    thanks kevin b

    /applications/core/interface/file/attachment.php?id=2291" data-fileid="2291" rel="">Ad_Aware_20080621_20_44_10.log


  • Hi Niels/Cris


    the logfile is 91kB in size and has a .log.xml extension. Is that why it wont upload?


    I appreciate your help so far.


    thanks kevin b


    Let me try it this way, it is now zipped

    /applications/core/interface/file/attachment.php?id=2292" data-fileid="2292" rel="">Ad_Aware_20080621_20_44_10.log.zip

  • hi, i have bit defender v10 Internet security installed on my xp sp2 partition, it would appear that it is failing to stop malware installing its self on my pc, as yesterday i notice some changes,


    1, windows auto updates was disabled and could not be simply enabled,


    2 reg editor access disabled (admin) only user on pc


    3 system restore on all drives had been turned off,


    i had fixed all the issues before i found how this had happened, after running a deep scan which found nothing, i started pc tools spyware doctor, it on a intelli scan found a Trojan called Trojan.Wu disable, a few days ago whilst browsing i had a bd pop up saying that page was infected with some Trojan or other and had blocked this,but thinking about this i have had infections get past bd before now one such occurrence i had both sd and bd running bd flagged 1 thing and sd flagged a further 2, i spoke to someone at live assistance he did not seem really interested to say the least, so this is my point if a company who makes products such as bdv10 Internet security that incorporates antispyware ect, then all aspects should be on a par with other companies products as these new integrated so called solutions prevent other security solutions running with them, as at the moment we do need other parties security to protect our pc's also will bit defender be able to protect us from the new type of threats that are targeting routers changing the dns in the registry?

  • Hello kevin B,


    If you received that message something might have been wrong with the forum attachments upload tool.


    From what I see most off the items that Ad-Aware detected where cookies these aren't real high threats. You can easily remove them after a browser section.


    Do you still see anything listed in Ad-Aware 2008 when you go to the scan section and press on quarantine & ignore? Otherwise there is nothing that can be send to the virus researchers.


    Kind regards,


    Niels

  • Hello kevin B,


    If you received that message something might have been wrong with the forum attachments upload tool.


    From what I see most off the items that Ad-Aware detected where cookies these aren't real high threats. You can easily remove them after a browser section.


    Do you still see anything listed in Ad-Aware 2008 when you go to the scan section and press on quarantine & ignore? Otherwise there is nothing that can be send to the virus researchers.


    Kind regards,


    Niels


    Hi Niels,


    Good to hear from you again. Did you get the proper logfile, which went through on 21 June at 9:22? It was the 2nd one on the same day, just a bit later, the zipped one. The first one was just a summary and not a proper scan log. Please check out post 10 again when you have time and double check that you have the proper scan log. I have since then looked in the forum and found the "Services, startup and regedit" notes that were posted by cris and written by "the watcher" - dated May 1 2008. On the last page of those notes, "The watcher" recommends googling the filename and extension and see what comes up. I looked at the scan report that i sent you(the 2nd one) and googled xmllib.xmldp and also xmllib.xmldp1. Google told me that those were filenames for a trojan virus. On the Adaware scan log, that virus has a TAI of 10 and it is deemed to be critical.


    Following "the watchers" notes, i entered part of the string displayed by the adaware scan log and found those strings in the registry contents. I was hesitant to delete those registry items because i am unsure of whether i will be making a mistake or not. It would seem that those infections are in the registry. When I googled those xmllib.xmldp files, there was a link to the Sophos antivirus site. I followed that link and got to run a scan from the sophos site. 2 infections were detected Mal/behaviour family ID 217.


    I really still would like to get rid of the infections permanently and I am worried that Sophos and Adaware says the infection is critical, but in your view it appears to be less so. Could be that both adaware and sophos (limited 30 day trial versions) want me to subscribe. Anyway im fully subscribed to BD so i will stick with BD but i would rather be safe than sorry, so i am desperately still looking for a solution.


    regards


    kevin b

  • Hello kevin B,


    Sorry but what I was speaking about the cookies that have been found the other are indeed threats.


    I have downloaded the latest attachment that you have added to you reply. To be sure I also took a look at you previous attachment


    These are threats:


    [300006662] Root: HKCR Path: interface\{0b6ef17e-18e5-4449-86ea-64c82d596eae}


    [300006812] Root: HKCR Path: xmllib.xmldp


    [300006813] Root: HKCR Path: xmllib.xmldp.1


    [300006681] Root: HKCR Path: interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d}


    [300006944] Root: HKU Path: S-1-5-21-1390067357-1383384898-1957994488-1004\software\microsoft\internet explorer\main


    Can you please do this press the windows button together with r now type regedit press enter. Now expand (by pressing on the +-icon) before HKEY CLASSES ROOT scroll down and open Interface by clicking on the +-icon. now search for 0b6ef17e-18e5-4449-86ea-64c82d596eae} If still present left click on it and press on export. Be sure that it's save as a .reg file save it.


    Do the same thing for xmllib.xmldp and xmllib.xmldp.1, {b1e68d42-02c4-465b-8368-5ed9b732e22d}


    After that you need to open HKEY CURRENT USER expand: software,microsoft,internet explorer be sure that main is high lighted. You can do that by just left clicking on it. Export that also. After that you can archive these .reg files.


    Do you still see anything listed in Ad-Aware 2008 when you go to the scan section and press on quarantine & ignore? Otherwise there is nothing that can be send to the virus researchers.


    You didn't answered that question.


    Kind regards,


    Niels