Cannot Resolve:application.tshack.a, Application.wlhack.a

RBD_2322
RBD_2322
in Bitdefender 2009 products

Hi,


In my log I have the following remaining issues. I cannot find any information about them. Are they real, is this a false positive? Any information is appreciated.


Running on XP Pro service pack 2


thanks,


Rick


Product : BitDefender Internet Security 2009


Version : BitDefender UIScanner v.12


Scanning task : Deep System Scan


Log date : 08:36:02 02/04/2009


Scan Options:Scan for viruses : Yes


Scan for adware : Yes


Scan for spyware : Yes


Scan for applications : Yes


Scan for dialers : Yes


Scan for rootkits : Yes


[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\TERMSERVICE\PARAMETERS\ServiceDll=]C:\WINDOWS\SYSTEM32\TERMSRV.DLL Application.TSHack.A Infected


[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\APPLICATION\AUTOCHK\EventMessageFile=]C:\WINDOWS\SYSTEM32\WINLOGON.EXE Application.WLHack.A Infected


[system]=]C:\WINDOWS\system32\winlogon.exe (disk) Application.WLHack.A Disinfect Failed

Comments

  • alexcrist
    alexcrist
    edited April 2009

    Hello Rick,


    Sorry for the delayed answer.


    The files that appear in the log are indeed malware, as far as I can assume.


    The detections that you posted are only registry and process scans detections. Those files should have also been detected as simple files (since you made a Deep scan), thus they should have been deleted by BitDefender.


    Please post the complete scan log (I mean...don't copy only certain part of it. Copy the whole contents of the log) so I can take a look at it and tell you what to do next.


    Cris.

  • RBD_2322
    RBD_2322

    Hi,


    Uploaded the failing log output, thanks for the support.


    Best Regards,


    Rick

    /applications/core/interface/file/attachment.php?id=4995" data-fileid="4995" rel="">1239019528_1_02.xml

  • alexcrist
    alexcrist

    Please read this post: http://forum.bitdefender.com/index.php?s=&...ost&p=54446 (you don't have to read the whole topic, just that specific post) and send me through PM an AVIS log. If anything malicious is running in your system, it will appear there.


    Cris.

  • alexcrist
    alexcrist
    edited April 2009

    I got the log on mail.


    The only thing that seems suspicious is this file:


    c:\windows\system32\drivers\svchost.exe


    This file is not legit, even though it has an "official" name.


    Please folow the steps presented here: How to find hidden malware


    After that, try to find the above file. If you find it, put it in a password-protected archive (with the password infected), upload it on a file-sharing site and send me the download link through PM.


    I will contact a Virus Researcher to analyse your problem further.


    Cris.

  • RBD_2322
    RBD_2322

    I have enabled explorer to show hidden and system files and the file svchost.exe is not there. I also used a DOS prompt and did a DIR command with the /AS and /AH option and nothing showed up as well.


    I am looking in C:\WINDOWS\system32\drivers. There does not appear to be any exes in that directory.


    Now what??


    Thanks for the help,


    Rick

  • RBD_2322
    RBD_2322

    I did find the following doing a drive search:


    C:\i386\svchost.exe


    C:\WINDOWS\system32\ssvchost.exe <--- yes the name is ssvchost.exe doesn't seem right


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\SofwareDistribution\Download\dd9ab5193501484cfe6884fa1d22f9e\svchost.exe


    thanks,


    Rick

  • alexcrist
    alexcrist
    edited April 2009
    C:\WINDOWS\system32\ssvchost.exe <--- yes the name is ssvchost.exe doesn't seem right


    Put it in an archive, as I said above, and send me the download link.

All Time Leaders

Categories

Defenders of the month