Virus
I have no idea how to solve this problem. Pls help
Comments
-
Post here a complete scan log
0 -
Post here a complete scan log
BitDefender Log File
Product : BitDefender Internet Security 2009
Version : BitDefender UIScanner v.12
Scanning task : Deep System Scan
Log date : 19:42:26 04/10/2008
Log path : C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\deep_scan\1223142146_1_02.xml
Scan Paths:Path 0000: C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
Path 0001: C:\Program Files\BitDefender\BitDefender 2009\antispam32\bdimguiaux.exe
Path 0002: C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe
Path 0003: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Path 0004: C:\Program Files (x86)\Internet Explorer\IEUser.exe
Path 0005: C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
Path 0006: C:\Program Files\Windows Media Player\wmpnscfg.exe
Path 0007: C:\Program Files\Windows Mail\WinMail.exe
Path 0008: C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrv.exe
Path 0009: C:\Program Files (x86)\PC Connectivity Solution\Transports\NclIrSrv.exe
Path 0010: C:\Program Files\Windows Sidebar\sidebar.exe
Path 0011: C:\Program Files\Logitech\SetPoint\LBTWiz.exe
Path 0012: C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
Path 0013: C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
Path 0014: C:\Windows\ehome\ehmsas.exe
Path 0015: \Programi\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
Path 0016: C:\Program Files (x86)\Analog Devices\SoundMAX\SoundTray.exe
Path 0017: C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
Path 0018: C:\Program Files (x86)\Java\jre1.6.0_07\bin\jusched.exe
Path 0019: C:\Program Files\Logitech\SetPoint\SetPoint.exe
Path 0020: \Programi\Nokia\Nokia PC Suite 7\PCSuite.exe
Path 0021: C:\Windows\ehome\ehtray.exe
Path 0022: C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
Path 0023: \Programi\DAEMON Tools Lite\daemon.exe
Path 0024: C:\Program Files\Windows Sidebar\sidebar.exe
Path 0025: C:\Windows\System32\rundll32.exe
Path 0026: C:\Program Files\Logitech\Gaming Software\LWEMon.exe
Path 0027: C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
Path 0028: C:\Windows\Explorer.EXE
Path 0029: C:\Windows\system32\taskeng.exe
Path 0030: C:\Windows\system32\Dwm.exe
Path 0031: C:\
Path 0032: \
Path 0033: E:\
Path 0034: X:\
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target Selection Options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : Yes
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target Processing:Default action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Default action for encrypted infected objects : None
Default action for encrypted suspicious objects : None
Default action for password-protected objects : None
Scan engines summaryNumber of virus signatures : 1835442
Archive plugins : 43
Email plugins : 6
Scan plugins : 12
System plugins : 5
Unpack plugins : 7
Overall scan summaryScanned items : 1478787
Infected items : 0
Suspicious items : 0
Resolved items : 0
Unresolved items : 7
Password-protected items : 7
Individual viruses found : 0
Scanned directories : 35710
Scanned boot sectors : 10
Scanned archives : 15393
Input-output errors : 83
Scan time : 02:31:43
Files per second : 162
Scanned processes summaryScanned : 0
Infected : 0
Scanned registry keys summaryScanned : 416
Infected : 0
Scanned cookies summaryScanned : 416
Infected : 0
Objects that were not scanned:Object Name Reason Final Status
C:\Users\Matej\AppData\Roaming\EVEMon\eve-items2.xml.gz=]eve-items2.xml Overcompressed No action was possible
C:\Users\Matej\AppData\Roaming\EVEMon\eve-items2.xml.gz.bak=]eve-items2.xml Overcompressed No action was possible
\Programi\EVEMon\Resources\eve-items2.xml.gz=](gzip) Overcompressed No action was possible
\System Volume Information\_restore{077612EE-DC0D-4227-BD6A-718AD79EA8E5}\RP410\A0107831.exe=](NSIS o)=]lzma_solid_nsis0035=]eve-items2.xml Overcompressed No action was possible
E:\Delo_My_Book\EVE ONLINE\EVEMon-install-1.2.4.1005.exe=](NSIS o)=]lzma_solid_nsis0035=]eve-items2.xml Overcompressed No action was possible
E:\Delo_My_Book\Filmi\Power.DVDRip.XviD-NYMPHO\CD1\nympho-power.cd1.rar=](NO_NAME) Overcompressed No action was possible
E:\Delo_My_Book\Filmi\Power.DVDRip.XviD-NYMPHO\CD2\nympho-power.cd2.rar=](NO_NAME) Overcompressed No action was possible0 -
I HAVE THE SOME PROBLEM!!!
0 -
I HAVE THE SOME PROBLEM!!!
Me Three!0 -
The popup message you get may well be a bug in BitDefender. Please, all of you who get this message, attach a scan log to a new post.
Best regards!0 -
Is there any specific moment when that popup appears (any actions that you take, or any applications that you open), or it just appears randomly?
Cris.0 -
Just randomly.
0 -
Matej, can you please attach one (or more) of these files:
C:\Users\Matej\AppData\Roaming\EVEMon\eve-items2.xml.gz
C:\Users\Matej\AppData\Roaming\EVEMon\eve-items2.xml.gz.bak
\Programi\EVEMon\Resources\eve-items2.xml.gz
Put them in a password-protected ZIP and attach the archive to your next post.
Cris.0 -
Can you also post the settings you use for the real time scanner.
To bad the BD 2009 doesnt show,like BD 2008 does, the last real time scanned file.0 -
Matej, can you please attach one (or more) of these files:
C:\Users\Matej\AppData\Roaming\EVEMon\eve-items2.xml.gz
C:\Users\Matej\AppData\Roaming\EVEMon\eve-items2.xml.gz.bak
\Programi\EVEMon\Resources\eve-items2.xml.gz
Put them in a password-protected ZIP and attach the archive to your next post.
Cris.
Sori, i cannot do that. Bitdefender screen popup (screen from my 1 post) !
Think that 3 files create problem but im not 100%
How can i trick Bitdefender to copy those files ?0 -
Can you also post the settings you use for the real time scanner.
To bad the BD 2009 doesnt show,like BD 2008 does, the last real time scanned file.
Sure, here is settings.0 -
I found "the thing" on my computer too .
For curiosity i started a scan on my C partition with Dr.Web CureIT.Consequently i activated all features in BD realtime scanner(I alowed BD to scan inside archives,usually being off) ,behavioral scaner was setted at High.While Cure IT stoped and analyzed something with the name .. BackItUp(it flashed very fast ) ,Nero i presume, the Virus alert pop uped .It may be related to Nero.
Edit: This seemed to be the path of the file ,can t be archived also with Winrar ,acces is denied -> "C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img=]root.img" -> Overcompressed -> No action possible (this is what BD right click scan,on Nero folder, says).Its not recognozed as a virus in this scenario it only says is not scanable.0 -
I do not have Nero installed, my full deep scans, etc. show no issues, yet the real time scanner gives me the same "Virus name: Virus; Location: Unknown" message.
0 -
I do not have Nero installed, my full deep scans, etc. show no issues, yet the real time scanner gives me the same "Virus name: Virus; Location: Unknown" message.
In the scan log have you seen any file that was not scaned because of password protection for example?
Is the "Scan inside archives" option checked(inside real time scanner settings)?
If Agressive preset is selected that option is enabled also.I was not using "Scan inside archives" becasue my computer is clean and i keep it usually off though everything else is activated.
Behavioral scanner is active?0 -
I rescanned with Cure IT, the path seems to be "C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\logo.16" .At the moment when Cure IT analyses file "logo.16" from "BackItUp_ImageTool" folder the virus alert pop ups."Scan only new and unchanged files" from the real time scanner was turned off this time to repet the circumstances.This option didnt seem to have any efect on BD Deep Scan ,no alert when using on demand BD scan engine,maybe a bug that makes the on demand scaner ignoring the option "Scan only new and unchanged files".
This is the file that may generate the virus alert on my computer.0 -
Sm3K3R, your file doesn't trigger are alerts on my computer. Not On Demand, nor Realtime. Maybe you posted the wrong file...
Matej: you can temporarily disable BD Realtime Protection, archive those files, post them and re-enable the protection.
Cris.0 -
Sm3K3R, your file doesn't trigger are alerts on my computer. Not On Demand, nor Realtime. Maybe you posted the wrong file...
Matej: you can temporarily disable BD Realtime Protection, archive those files, post them and re-enable the protection.
Cris.
There are files in rar.... password: virus0 -
Matej, thank you for the files. I can reproduce the behavior and I will report it.
Cris.0 -
Np
0 -
My BD detects my musics with this virus! And my games
0 -
Post here a complete scan log !
0 -
Can't i formated my pc !
0 -
Sm3K3R, your file doesn't trigger are alerts on my computer. Not On Demand, nor Realtime. Maybe you posted the wrong file...
Matej: you can temporarily disable BD Realtime Protection, archive those files, post them and re-enable the protection.
Cris.
Cris , at this moment im totally confused.This "thing" appeared while Cure IT was analyzing(decompressing or whatever) the files at this path : C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool .It happened(i somehow reproduced it) 3 times, but randomly when CureIT hits the path i already specified.If i run a BD scan it doesnt work i cant reproduce it as i cant reproduce every time with the CureIT scan also.I dont understand whats the problem exactly ,but it may be something related to Nero in my case.I cant help more
My Nero is version 7.9.6.0 and is the software that came bundled with my LG H55L DVD RAM.I m not using NeroBackItup from the suite its only installed along with the others.0 -
After another test ,I am now able to send the "root.img" ,file that triggers 100% the virus alarm ,but unfotunatelly i can t uploaded it, because its 2.82MB in dimension (compressed to the maximum).
0 -
I did a full scan with Cure IT. It found nothing. BD finds nothing in a deep scan, yet I get this realtime virus alert. I'd love to upload a file, but none are infected. What gives?
0 -
I did a full scan with Cure IT. It found nothing. BD finds nothing in a deep scan, yet I get this realtime virus alert. I'd love to upload a file, but none are infected. What gives?
thm655321, i ll clear something ,on my machine CureIT did not find infected files but while it was scaning(meaning opening and analyzing files) it trigered the real time BD scanner(that folowes any activity in our computers).I was using BD with the Agressive preset,for the Real Time scanner ,at that moment ,which means that files were analyzed (even archived) deeply.
With the real time BD scanner customized to not open archives(my speed setting) no such virus alert was triggered because with that setting that file wasnt fully analyzed.
I purelly use Cure IT and many more for crossed reference, from time to time.0 -
Any progress on this?
Thanks.0 -
Hello,
Is anyone still experiencing this problem? I checked a few moments ago, and BD didn't show the "Overcompressed" warning, nor the strange Realtime alert (tested with the files attached on this topic by Matej).
Cris.0 -
Hello,
Is anyone still experiencing this problem? I checked a few moments ago, and BD didn't show the "Overcompressed" warning, nor the strange Realtime alert (tested with the files attached on this topic by Matej).
Cris.
I have stopped getting the realtime alert. I presume BD did an update to fix the problem, as I did nothing on my end. If so, kudos BD.0 -
have some Realtime alert today ;(
0 -
have some Realtime alert today ;(
Mine came back yesterday as well, but not today. Recent deep scans show nothing. Very odd.0 -
Mine came back yesterday as well, but not today. Recent deep scans show nothing. Very odd.
I installed BD a couple of weeks ago. I "activated" it 2-3 days ago & since then I get the pop-up window telling me "BD has blocked a virus affecting your computer. Virus name: virus. Virus location: unknown".
I'm running Win XP latest service pack updates. I use Thunderbird for email & Firefox for browsing. I use no Micro$oft office products. Is anyone else seeing this? It's quite annoying.0 -
It's a bug
Wait for a espet0 -
Please, anyone who has this problem, attach the causing files (as Matej did).
To identify the files, try this:
- make a deep scan of your system
- at the end of the scan, view the scan log, and see if there are files that couldn't be scanned because of Overcompressed
- find those files, put them in ZIP files, and attach them to a post here.
As I said, with the files that Matej attached, I cannot reproduce the problem. And I cannot ask anyone to look for a bug that has no way of reproduction.
Thank you.
Cris.
EDIT: A workaround (which I noticed when I first got Matej's files) is to disable Scan archives for the Realtime Protection. My guess is that the archive scanning generates this alert.
But for the bug to be corretly fixed, please attach the files (if you don't know what files to attach, attach a deep scan log).0 -
Go to: C:\Users\All Users\BitDefender\Desktop\Events or C:\Documents and settings\All Users\BitDefender\Desktop\Events
Open the history.xml and the name of the file infected by virus is here!!!0 -
Here is the log file from my deep scan.....
BitDefender Log File
Product : BitDefender Antivirus 2009
Version : BitDefender UIScanner v.12
Scanning task : Deep System Scan
Log date : 12:35:03 11/10/2008
Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1223746503_1_02.xml
Scan Paths:Path 0000: C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe
Path 0001: C:\Program Files\Mozilla Firefox\firefox.exe
Path 0002: C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
Path 0003: C:\WINDOWS\System32\svchost.exe
Path 0004: C:\WINDOWS\System32\alg.exe
Path 0005: C:\Program Files\iPod\bin\iPodService.exe
Path 0006: C:\WINDOWS\system32\SearchIndexer.exe
Path 0007: C:\WINDOWS\system32\svchost.exe
Path 0008: C:\Program Files\Bonjour\mDNSResponder.exe
Path 0009: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
Path 0010: C:\Program Files\Windows Desktop Search\WindowsSearch.exe
Path 0011: C:\Program Files\iTunes\iTunesHelper.exe
Path 0012: C:\Program Files\QuickTime\QTTask.exe
Path 0013: C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
Path 0014: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
Path 0015: C:\Program Files\Common Files\Real\Update_OB\realsched.exe
Path 0016: C:\Program Files\USBToolbox\Res.EXE
Path 0017: C:\WINDOWS\system32\CTHELPER.EXE
Path 0018: C:\WINDOWS\Explorer.EXE
Path 0019: C:\WINDOWS\system32\spoolsv.exe
Path 0020: C:\WINDOWS\system32\svchost.exe
Path 0021: C:\WINDOWS\system32\svchost.exe
Path 0022: C:\WINDOWS\System32\svchost.exe
Path 0023: C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
Path 0024: C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
Path 0025: C:\WINDOWS\system32\svchost.exe
Path 0026: C:\WINDOWS\system32\svchost.exe
Path 0027: C:\WINDOWS\system32\lsass.exe
Path 0028: C:\WINDOWS\system32\services.exe
Path 0029: C:\WINDOWS\system32\winlogon.exe
Path 0030: C:\WINDOWS\system32\csrss.exe
Path 0031: \SystemRoot\System32\smss.exe
Path 0032: C:\
Path 0033: E:\
Scan Options:Scan for viruses : Yes
Scan for adware : Yes
Scan for spyware : Yes
Scan for applications : Yes
Scan for dialers : Yes
Scan for rootkits : Yes
Target Selection Options:Scan registry keys : Yes
Scan cookies : Yes
Scan boot sectors : Yes
Scan memory processes : Yes
Scan archives : Yes
Scan runtime packers : Yes
Scan emails : No
Scan all files : Yes
Heuristic Scan : Yes
Scanned extensions :
Excluded extensions :
Target Processing:Default action for infected objects : Disinfect
Default action for suspicious objects : None
Default action for hidden objects : None
Default action for encrypted infected objects : None
Default action for encrypted suspicious objects : None
Default action for password-protected objects : None
Scan engines summaryNumber of virus signatures : 1863035
Archive plugins : 43
Email plugins : 6
Scan plugins : 12
System plugins : 5
Unpack plugins : 7
Overall scan summaryScanned items : 221257
Infected items : 0
Suspicious items : 0
Resolved items : 0
Unresolved items : 12
Password-protected items : 12
Individual viruses found : 0
Scanned directories : 8486
Scanned boot sectors : 6
Scanned archives : 1583
Input-output errors : 32
Scan time : 00:46:03
Files per second : 79
Scanned processes summaryScanned : 32
Infected : 0
Scanned registry keys summaryScanned : 762
Infected : 0
Scanned cookies summaryScanned : 762
Infected : 0
Objects that were not scanned:Object Name Reason Final Status
C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]eps.ep2=]A.EP3 Password-protected No action was possible
C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]eps.ep2=]C.EP4 Password-protected No action was possible
C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]eps.ep2=]E.EP9 Password-protected No action was possible
C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]eps.ep2=]FA.EP3 Password-protected No action was possible
C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]eps.ep2=]L.EP3 Password-protected No action was possible
C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]eps.ep2=]L2.EP3 Password-protected No action was possible
C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]eps.ep2=]M.EP3 Password-protected No action was possible
C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]eps.ep2=]U.EP3 Password-protected No action was possible
C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]epa.ep2=]C.EP4 Password-protected No action was possible
C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]epa.ep2=]E.EP3 Password-protected No action was possible
C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]epc.ep2=]S.EP4 Password-protected No action was possible
C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]epu.ep2=]S.EP4 Password-protected No action was possible0 -
Please, anyone who has this problem, attach the causing files (as Matej did).
To identify the files, try this:
- make a deep scan of your system
- at the end of the scan, view the scan log, and see if there are files that couldn't be scanned because of Overcompressed
- find those files, put them in ZIP files, and attach them to a post here.
As I said, with the files that Matej attached, I cannot reproduce the problem. And I cannot ask anyone to look for a bug that has no way of reproduction.
Thank you.
Cris.
EDIT: A workaround (which I noticed when I first got Matej's files) is to disable Scan archives for the Realtime Protection. My guess is that the archive scanning generates this alert.
But for the bug to be corretly fixed, please attach the files (if you don't know what files to attach, attach a deep scan log).
Cris,a link towards the file should be in a PM that i send you some days ago,if not i will resend it again.0 -
Yes, I got it, thank you.
I reported (again) the problem and I'm waiting for an answer. There's nothing more that I can do...
Cris.0 -
Hello
So far the problem with the message overcompressed appears on my computer when certain files are packed with winuhac or any archive tool that can compress files better than winzip or winrar after being packed by normal archivers tools.(read has more possibilities to pack files better). When the compression level is set to best.
Kind regards,
Niels0 -
Any idea WHEN this BUG will be fixed ?! I still get msg for UNKNOWN VIRUS
0 -
I have the some bugg!!!1!
0 -
Well. this is certainly annoying me!
0 -
Hello Matej,Sheepdisease and Di0g0,
Did you contacted support about this issue? It would also be helpful if you can give them the steps how to reproduce it. Support or BitDefender software engineers don't look at this forum. I have also the problem with overcompressed and I have reported it. So far I didn't have that message from unknown virus. When does that message pop-up? I mean are you using a certain program or are you doing something. That is information that BitDefender need to be able to reproduce it.
Kind regards,
Niels0 -
I have this problem with rar files.
0 -
Well, well, well!
The problem had deteriorated and I couldn't even run Windows Update(s) anymore. I went looking for answers and found the one I was looking for.
Just be aware the the Vundo trojan is not detected by Bitdefender (not even using the highest security settings). I downloaded Malwarebytes' Anti-Malware (which is a free download), as instructed in the Microsoft Forums and it picked up numerous traces of Vundo.0 -
Just be aware the the Vundo trojan is not detected by Bitdefender (not even using the highest security settings). I downloaded Malwarebytes' Anti-Malware (which is a free download), as instructed in the Microsoft Forums and it picked up numerous traces of Vundo.
I have to disagree. BitDefender detects many variants of Vundo and other polymorphic malware. The fact that it doesn't detect all variants doesn't mean that it doesn't detect it at all. Vundo is a malware family that is highly polymorphic, and it's practically impossible to detect all it's variants (but new variants are detected each day).
As for what MalwareBytes detected... if there were files that BD missed, you are welcome to attach them on Sample Submission, or send them through e-mail to BitDefender Support, so detection can be added for them.
Cris.0 -
When does the bitdefender solves this problem with the "virus"? I 'm tired of this bug!!
This just happens to rar files, already talked to technical support but still did nothing!0 -
When does the bitdefender solves this problem with the "virus"? I 'm tired of this bug!!
This just happens to rar files, already talked to technical support but still did nothing!
Set the real time scanner to not open archives.When you scan on demand this Virus alert does not occure.
I think they will fix it soon.0 -
Hey guys, I found this thread through google, so thought I would post my findings.
If I run Firefox (3.0) the "Virus" Unknown message pops up.
If I run Internet explorer, the message does not pop up.
After installing Bitdefender Total Security 2009 last week, I took it upon myself to tamper with the default settings in the Real time Scanning options.
Selecting HTTP scanning and a few other options.
I recently installed a download manager called Flashget, and Flashgot plugin for Firefox.
Today I start getting the above error message.
I got rid of the message by setting the Virus Protection to "Default Settings".
The Error has stopped.
This makes me think it is Firefox and/or plugin related, as my homepage is the same for both IE8 and FF3.
Hope this helps
PS:I disabled and re-enabled Flashgot Addon for Firefox, and checked the Scan HTTP Traffic again. On re-opening Firefox 3 the error is still gone.0 -
I have no idea how to solve this problem. Pls help
Was or is there any fix for this problem? I have had BD installed and working just fine for the past 2 months and now all of a sudden when I open firefox I get this SAME POP UP and its driving me crazy.
I do two scheduled scans nightly, and they have come up with nothing.
If this is an actual bug in the program how do we get rid of it? And why now all of a sudden??
Can someone help me here please?0