Virus

I HAVE THE SOME PROBLEM!!!

Me Three!

Is there any specific moment when that popup appears (any actions that you take, or any applications that you open), or it just appears randomly?

Cris.

Matej, can you please attach one (or more) of these files:

C:\Users\Matej\AppData\Roaming\EVEMon\eve-items2.xml.gz
C:\Users\Matej\AppData\Roaming\EVEMon\eve-items2.xml.gz.bak
\Programi\EVEMon\Resources\eve-items2.xml.gz

Put them in a password-protected ZIP and attach the archive to your next post.

Cris.

I found "the thing" on my computer too .

For curiosity i started a scan on my C partition with Dr.Web CureIT.Consequently i activated all features in BD realtime scanner(I alowed BD to scan inside archives,usually being off) ,behavioral scaner was setted at High.While Cure IT stoped and analyzed something with the name .. BackItUp(it flashed very fast ) ,Nero i presume, the Virus alert pop uped .It may be related to Nero.

Edit: This seemed to be the path of the file ,can t be archived also with Winrar ,acces is denied -> "C:\Program Files\Nero\Nero 7\Nero BackItUp\BackItUp_ImageTool\root.img=]root.img" -> Overcompressed -> No action possible (this is what BD right click scan,on Nero folder, says).Its not recognozed as a virus in this scenario it only says is not scanable.

I do not have Nero installed, my full deep scans, etc. show no issues, yet the real time scanner gives me the same "Virus name: Virus; Location: Unknown" message.

In the scan log have you seen any file that was not scaned because of password protection for example?

Is the "Scan inside archives" option checked(inside real time scanner settings)?

If Agressive preset is selected that option is enabled also.I was not using "Scan inside archives" becasue my computer is clean and i keep it usually off though everything else is activated.

Behavioral scanner is active?

Sm3K3R, your file doesn't trigger are alerts on my computer. Not On Demand, nor Realtime. Maybe you posted the wrong file...

Matej: you can temporarily disable BD Realtime Protection, archive those files, post them and re-enable the protection.

Cris.

Matej, thank you for the files. I can reproduce the behavior and I will report it.

Cris.

My BD detects my musics with this virus! And my games

Can't i formated my pc !

After another test ,I am now able to send the "root.img" ,file that triggers 100% the virus alarm ,but unfotunatelly i can t uploaded it, because its 2.82MB in dimension (compressed to the maximum).

I did a full scan with Cure IT. It found nothing. BD finds nothing in a deep scan, yet I get this realtime virus alert. I'd love to upload a file, but none are infected. What gives?

thm655321, i ll clear something ,on my machine CureIT did not find infected files but while it was scaning(meaning opening and analyzing files) it trigered the real time BD scanner(that folowes any activity in our computers).I was using BD with the Agressive preset,for the Real Time scanner ,at that moment ,which means that files were analyzed (even archived) deeply.

With the real time BD scanner customized to not open archives(my speed setting) no such virus alert was triggered because with that setting that file wasnt fully analyzed.

I purelly use Cure IT and many more for crossed reference, from time to time.

Hello,

Is anyone still experiencing this problem? I checked a few moments ago, and BD didn't show the "Overcompressed" warning, nor the strange Realtime alert (tested with the files attached on this topic by Matej).

Cris.

Mine came back yesterday as well, but not today. Recent deep scans show nothing. Very odd.

I installed BD a couple of weeks ago. I "activated" it 2-3 days ago & since then I get the pop-up window telling me "BD has blocked a virus affecting your computer. Virus name: virus. Virus location: unknown".

I'm running Win XP latest service pack updates. I use Thunderbird for email & Firefox for browsing. I use no Micro$oft office products. Is anyone else seeing this? It's quite annoying.

/applications/core/interface/file/attachment.php?id=3480" data-fileid="3480" rel="">BitDefender_UnknownVirus.rtf

Please, anyone who has this problem, attach the causing files (as Matej did).

To identify the files, try this:

- make a deep scan of your system

- at the end of the scan, view the scan log, and see if there are files that couldn't be scanned because of Overcompressed

- find those files, put them in ZIP files, and attach them to a post here.

As I said, with the files that Matej attached, I cannot reproduce the problem. And I cannot ask anyone to look for a bug that has no way of reproduction.

Thank you.

Cris.

EDIT: A workaround (which I noticed when I first got Matej's files) is to disable Scan archives for the Realtime Protection. My guess is that the archive scanning generates this alert.

But for the bug to be corretly fixed, please attach the files (if you don't know what files to attach, attach a deep scan log).

Here is the log file from my deep scan.....

BitDefender Log File

Product : BitDefender Antivirus 2009

Version : BitDefender UIScanner v.12

Scanning task : Deep System Scan

Log date : 12:35:03 11/10/2008

Log path : C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Profiles\Logs\deep_scan\1223746503_1_02.xml

Scan Paths:Path 0000: C:\Program Files\BitDefender\BitDefender 2009\uiscan.exe

Path 0001: C:\Program Files\Mozilla Firefox\firefox.exe

Path 0002: C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe

Path 0003: C:\WINDOWS\System32\svchost.exe

Path 0004: C:\WINDOWS\System32\alg.exe

Path 0005: C:\Program Files\iPod\bin\iPodService.exe

Path 0006: C:\WINDOWS\system32\SearchIndexer.exe

Path 0007: C:\WINDOWS\system32\svchost.exe

Path 0008: C:\Program Files\Bonjour\mDNSResponder.exe

Path 0009: C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

Path 0010: C:\Program Files\Windows Desktop Search\WindowsSearch.exe

Path 0011: C:\Program Files\iTunes\iTunesHelper.exe

Path 0012: C:\Program Files\QuickTime\QTTask.exe

Path 0013: C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe

Path 0014: C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe

Path 0015: C:\Program Files\Common Files\Real\Update_OB\realsched.exe

Path 0016: C:\Program Files\USBToolbox\Res.EXE

Path 0017: C:\WINDOWS\system32\CTHELPER.EXE

Path 0018: C:\WINDOWS\Explorer.EXE

Path 0019: C:\WINDOWS\system32\spoolsv.exe

Path 0020: C:\WINDOWS\system32\svchost.exe

Path 0021: C:\WINDOWS\system32\svchost.exe

Path 0022: C:\WINDOWS\System32\svchost.exe

Path 0023: C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe

Path 0024: C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe

Path 0025: C:\WINDOWS\system32\svchost.exe

Path 0026: C:\WINDOWS\system32\svchost.exe

Path 0027: C:\WINDOWS\system32\lsass.exe

Path 0028: C:\WINDOWS\system32\services.exe

Path 0029: C:\WINDOWS\system32\winlogon.exe

Path 0030: C:\WINDOWS\system32\csrss.exe

Path 0031: \SystemRoot\System32\smss.exe

Path 0032: C:\

Path 0033: E:\

Scan Options:Scan for viruses : Yes

Scan for adware : Yes

Scan for spyware : Yes

Scan for applications : Yes

Scan for dialers : Yes

Scan for rootkits : Yes

Target Selection Options:Scan registry keys : Yes

Scan cookies : Yes

Scan boot sectors : Yes

Scan memory processes : Yes

Scan archives : Yes

Scan runtime packers : Yes

Scan emails : No

Scan all files : Yes

Heuristic Scan : Yes

Scanned extensions :

Excluded extensions :

Target Processing:Default action for infected objects : Disinfect

Default action for suspicious objects : None

Default action for hidden objects : None

Default action for encrypted infected objects : None

Default action for encrypted suspicious objects : None

Default action for password-protected objects : None

Scan engines summaryNumber of virus signatures : 1863035

Archive plugins : 43

Email plugins : 6

Scan plugins : 12

System plugins : 5

Unpack plugins : 7

Overall scan summaryScanned items : 221257

Infected items : 0

Suspicious items : 0

Resolved items : 0

Unresolved items : 12

Password-protected items : 12

Individual viruses found : 0

Scanned directories : 8486

Scanned boot sectors : 6

Scanned archives : 1583

Input-output errors : 32

Scan time : 00:46:03

Files per second : 79

Scanned processes summaryScanned : 32

Infected : 0

Scanned registry keys summaryScanned : 762

Infected : 0

Scanned cookies summaryScanned : 762

Infected : 0

Objects that were not scanned:Object Name Reason Final Status

C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]eps.ep2=]A.EP3 Password-protected No action was possible

C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]eps.ep2=]C.EP4 Password-protected No action was possible

C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]eps.ep2=]E.EP9 Password-protected No action was possible

C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]eps.ep2=]FA.EP3 Password-protected No action was possible

C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]eps.ep2=]L.EP3 Password-protected No action was possible

C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]eps.ep2=]L2.EP3 Password-protected No action was possible

C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]eps.ep2=]M.EP3 Password-protected No action was possible

C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]eps.ep2=]U.EP3 Password-protected No action was possible

C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]epa.ep2=]C.EP4 Password-protected No action was possible

C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]epa.ep2=]E.EP3 Password-protected No action was possible

C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]epc.ep2=]S.EP4 Password-protected No action was possible

C:\dwnld2008\epsetup.exe=](ZIP Sfx s)=]ic13.cab=]epu.ep2=]S.EP4 Password-protected No action was possible

Yes, I got it, thank you.

I reported (again) the problem and I'm waiting for an answer. There's nothing more that I can do...

Cris.

Well. this is certainly annoying me!

I have this problem with rar files.

Just be aware the the Vundo trojan is not detected by Bitdefender (not even using the highest security settings). I downloaded Malwarebytes' Anti-Malware (which is a free download), as instructed in the Microsoft Forums and it picked up numerous traces of Vundo.

I have to disagree. BitDefender detects many variants of Vundo and other polymorphic malware. The fact that it doesn't detect all variants doesn't mean that it doesn't detect it at all. Vundo is a malware family that is highly polymorphic, and it's practically impossible to detect all it's variants (but new variants are detected each day).

As for what MalwareBytes detected... if there were files that BD missed, you are welcome to attach them on Sample Submission, or send them through e-mail to BitDefender Support, so detection can be added for them.

Cris.

When does the bitdefender solves this problem with the "virus"? I 'm tired of this bug!!

This just happens to rar files, already talked to technical support but still did nothing!

Set the real time scanner to not open archives.When you scan on demand this Virus alert does not occure.

I think they will fix it soon.

I have no idea how to solve this problem. Pls help

Was or is there any fix for this problem? I have had BD installed and working just fine for the past 2 months and now all of a sudden when I open firefox I get this SAME POP UP and its driving me crazy.

I do two scheduled scans nightly, and they have come up with nothing.

If this is an actual bug in the program how do we get rid of it? And why now all of a sudden??

Can someone help me here please?