Exploit.win32.ms04-028.gen With Image Editing

Sal Khan
Sal Khan
in Bitdefender 2009 products

I have a Samsung SCH-i760. Whenever I transfer files to my computer from the phone and open the image in MS Picture Viewer (VISTA Home Premium) - I receive Exploit.Win32.MS04-028.Gen Virus alerts in IS2009 whenever I make even a slight change to the image (eg: rotate).


I have had this problem for 8 months now and was hoping 2009 would solve this, but it doesn't. I have tried sending the images to friends and they have no problems. When BD scans the files every night, it comes up clean. It's only when I try to edit the images.


I am fully updated.

Comments

  • cbeiu
    cbeiu

    First of all I will need a copy of your history.xml:


    C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Events


    Also, please explain in detail exactly how you copy the images from the device and how you open them (we need to be able to reproduce the issue).


    It would also be great if you could upload some samples (a few of the images that trigger detection) and post the links here.

  • Sal Khan
    Sal Khan
    First of all I will need a copy of your history.xml:


    C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Events


    Also, please explain in detail exactly how you copy the images from the device and how you open them (we need to be able to reproduce the issue).


    It would also be great if you could upload some samples (a few of the images that trigger detection) and post the links here.


    Attached are the history file, a screen grab of the pop-up notification, and 2 example image files that are problematic.


    The method of file transfer doesn't seem to make a difference as the problem still comes up. Whether I connect my phone to my laptop via Bluetooth or USB cable, or even take out the MicroSD card from the phone and place it in the computer's card reader. It also doesn't matter if I open it off the device(s) or copy it to my computer and then open it - I will still get the virus notification.


    To make the notification appear: All I have do is open the image which by default opens in Windows Photo Gallery. If I use the buttons to rotate the image, then try to save the image, the pop-up appears from BD as well as an error message in Window Photo Gallery saying it could not be saved. My only way around this issue is to open the image in Paint, Copy the image, then make a new Paint file, then paste the image into that new file. I can then manipulate the new image file any way I wish in any program. But naturally, this is not acceptable.


    Of note: This only happens with images from my phone. Images from my digital camera or any other source have yet to give me a problem.

    /applications/core/interface/file/attachment.php?id=4860" data-fileid="4860" rel="">history.xml

    post-13524-1236299155_thumb.jpg

    post-13524-1236299171_thumb.jpg

    post-13524-1236299189_thumb.jpg

  • cbeiu
    cbeiu

    Please upload the latest files from C:\ProgramData\BitDefender\Desktop\Quarantine (using any upload service you want). We will analyze them and if possible remove the detection.

  • rootkit
    rootkit ✭✭✭

    After that, download CCleaner http://www.softpedia.com/get/Security/Secu.../CCleaner.shtml and clean up your HDD and your registry :)

  • Sal Khan
    Sal Khan
    Please upload the latest files from C:\ProgramData\BitDefender\Desktop\Quarantine (using any upload service you want). We will analyze them and if possible remove the detection.


    Attach are 2 of the 4 files in that folder. The .BDQ files would not attach.

    /applications/core/interface/file/attachment.php?id=4868" data-fileid="4868" rel="">BDQF_1236275554_0.xml

    /applications/core/interface/file/attachment.php?id=4869" data-fileid="4869" rel="">BDQF_1236206884_0.xml

  • cbeiu
    cbeiu

    The .bdq are the actual samples that we need. Please upload them to an upload service of your choice OR you can upload them on one of our FTP servers (details below):


    -----


    horizon.bitdefender.ro


    user: ccsubmit-write00


    pass: XM6wD6a(M]25


    -----

  • Sal Khan
    Sal Khan
    edited March 2009
    The .bdq are the actual samples that we need. Please upload them to an upload service of your choice OR you can upload them on one of our FTP servers (details below):


    -----


    horizon.bitdefender.ro


    user: ccsubmit-write00


    pass: XM6wD6a(M]25


    -----


    Uploaded now and ready.


    (My apologies on the upload misunderstanding. For some reason I wasn't thinking FTP.)

  • cbeiu
    cbeiu
    Uploaded now and ready.


    (My apologies on the upload misunderstanding. For some reason I wasn't thinking FTP.)


    Thank you for the samples. Our team in charge with the scanning engines is working on this.


    (of course I will let you know as soon as I have more information) ;)

  • cbeiu
    cbeiu

    I just received confirmation that the issue has been fixed. Please update BitDefender and test if the situation as you described it still occurs.

  • Sal Khan
    Sal Khan
    I just received confirmation that the issue has been fixed. Please update BitDefender and test if the situation as you described it still occurs.


    Ran update twice (just in case), restarted, and now have:


    Virus Signatures: 2795299


    Engine Version: 7.24223


    However, I still get the error messages in both Windows Photo Gallery AND a Virus is recorded as Quarantined.

  • cbeiu
    cbeiu

    We are analyzing this once more and I will let you know what conclusion we reach.

  • cbeiu
    cbeiu

    This issue has been fixed (again). Is anyone else still experiencing this?

  • Sal Khan
    Sal Khan
    This issue has been fixed (again). Is anyone else still experiencing this?


    Now I'm getting the error message in Windows Photo Gallery as stated originally, but it doesn't get reported in BT2009 history at all.

  • Sal Khan
    Sal Khan

    Well it's been a while. But I'm back and it's still happening as of tonight, but with a twist.


    I'm still getting the exact errors and problems as stated above many times however now, with IS2009, it's not logging the error in the quarantine as it would with 2008.


    I tried unchecking all the enabled features in IS2009 and try again, but I got the same message. Once again, it only happens with images from my phone and only started when I had IS2008.


    My only current work-around is using MS Office Picture Manager instead. For some reason, that can rotate the image without problems... but it's not as convenient for me personally.

  • alexcrist
    alexcrist

    Hello Sal Khan,


    Please set BitDefender Realtime scanner not to take any actions on the detected files, but only to block them:


    post-60-1241887437_thumb.jpg


    After that, try to get an image as you tried before, make a screenshot on the alert and post it here.


    Cris.

  • Sal Khan
    Sal Khan

    Gave it a shot and no go. Still get the same error but now no Virus warning pops up and still nothing in the quarantine. Tried the other drop down settings as well but with the same results. Really very strange. Now I don't know if it IS a BD problem. But it only started over a year ago when running IS2008.


    Hello Sal Khan,


    Please set BitDefender Realtime scanner not to take any actions on the detected files, but only to block them:


    After that, try to get an image as you tried before, make a screenshot on the alert and post it here.


    Cris.

  • alexcrist
    alexcrist
    edited May 2009

    Well, if BitDefender doesn't show any warnings, nor there is any information in History or Quarantine, then I find it very hard to believe that it's a detection problem.


    If you want to test if BitDefender has anything to do with this error (anything at all), tell me, and I'll send you a PM with instructions on how to disable BitDefender without uninstallation.


    Cris.

All Time Leaders

Categories

Defenders of the month