You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/
Thank you for your understanding.
Trojan.heur.5000ff0000
I'm running Vista 64 Home Premium addition and BD Antivirus 2009. This morning on both of my computers the BD scan found an infected file that it couldn't remove. The message was Gen:Trojan.Heur.5000FF000 - disinfection failed on 1 issues. Infected: <System>=>C:\WINDOWS\System32\mobsync.exe (memory dump).
Is this a false ID?
If not, what do I need to do to remove it?
Comments
-
Hello jfsjr,
Please find that file, put it in a password-protected archive, with the password infected, upload the archive on a file-sharing server, and send me the download link through PM. I will forward the file for analysis and tell you the result.
Cris.0 -
Just for reference I am running Vista 64-Bit Home Premium edition.
This morning my Scanner revealed two files BD could not disinfect, quarantine or remove. One was mentioned in another user's post, but I have a second one as well. They are:
Gen:Trojan.Heur.1040BF4040
Gen:Trojan.Heur.5000FF0000 (mentioned in another post)
This is from the log file.
<ScanDetails>
<AffectedItem index="0" itemType ="Process" path="[system]=]C:\Windows\System32\LogonUI.exe (memory dump)" threatType="virus" threatName="Gen:Trojan.Heur.1040BF4040" action="disinfect" finalStatus= "infected" error= "no action possible"/>
<AffectedItem index="1" itemType ="Process" path="[system]=]C:\Windows\System32\mobsync.exe (memory dump)" threatType="virus" threatName="Gen:Trojan.Heur.5000FF0000" action="disinfect" finalStatus= "infected" error= "no action possible"/>
</ScanDetails>
</ScanSession>
I'd appreciate any help in getting these infections removed ASAP.
Thanks0 -
have you been downloading anything?
0 -
I'm running Vista 64 Home Premium addition and BD Antivirus 2009. This morning on both of my computers the BD scan found an infected file that it couldn't remove. The message was Gen:Trojan.Heur.5000FF000 - disinfection failed on 1 issues. Infected: <System>=>C:\WINDOWS\System32\mobsync.exe (memory dump).
Is this a false ID?
If not, what do I need to do to remove it?
BitDefender also found this during a Deep System Scan. Can't remove it. Same location. I am running Windows Vista Ultimate, 64 bit.
If there is an answer on whether or not this is a False ID, please reply to this thread. Thanks!0 -
In the last several days, aside from Windows Updates, all I have downloaded is a few wallpapers from legitimate sites.
0 -
I'm getting this too. mobsync.exe is a Microsoft file. Can't find anything on the web about this trojan.
0 -
Hello jfsjr,
Please find that file, put it in a password-protected archive, with the password infected, upload the archive on a file-sharing server, and send me the download link through PM. I will forward the file for analysis and tell you the result.
Cris.
Cris,
I zipped and password protected it and placed it at: http://www.sprowlsrus.com/dl/ppa.zip for you to analyze.0 -
Same problem with tonight's scan
Object Name Threat Name Final Status
[system]=]C:\Windows\System32\mobsync.exe (memory dump) Gen:Trojan.Heur.5000FF0000 Disinfect Failed
I've had a few items in the past that could not be disinfected, but was always able to track down the file and delete it. mobsync is a different story. I guess I could remove mobsync. Don;t think it's anything useful.
Just posting to add my count as one who has this trojan.0 -
An additional question. When bitdefender cannot fix a trojan by deleting, cleaning or putting to quarantine, shouldn't it show up again on the next scan? I rescanned and it found no threats.
0 -
Arvis,
As far as I know, detection has been removed for the second detection. I don't know about the first one.
Please update BitDefender, make another scan, and post if this detection still appears.
Thank you.
Cris.0 -
Hello all ... I got one of these as well .... I started getting this just after I updated IE to Ver 8
AffectedItem itemType ="Process" path="[system]=]C:\Windows\System32\mobsync.exe (memory dump)" threatType="virus" threatName="Gen:Trojan.Heur.5000FF0000" action="disinfect" finalStatus= "infected" error= "no action possible
I'm going to uninstall IE8 and see if the file disappears after I update Bitdefender and do a scan.
Regards,
Tib0 -
Apparently, some users still have problems with the above mentioned detections, so I re-opened this topic. I will contact the analysis department and see what is happening.
Cris.0 -
It should be resolved since the morning update. It was a false heuristic detection only on the memory dumps of those files. Please update to latest definitions.
Have a nice day.0 -
It should be resolved since the morning update. It was a false heuristic detection only on the memory dumps of those files. Please update to latest definitions.
Have a nice day.
From yestarday i m using Bitdefender 2010 Total security Beta 1 and it detects this file mobsync as generic trojan! Should i delete it?0 -
From yestarday i m using Bitdefender 2010 Total security Beta 1 and it detects this file mobsync as generic trojan! Should i delete it?
Update to latest definitions and perform another scan. It shouldn't be detected anymore.0 -
I also have had one of the trojans mentioned in this thread be found in last night's scan. I had bitdefender update this morning and then did a deep scan and the same file was flagged as not removable.
[system]=]C:\Windows\System32\LogonUI.exe (memory dump)
Gen:Trojan.Heur.1040BF4040
Disinfect Failed
I am completely inexperienced with dealing with this sort of thing and any advice or simplified instructions for dealing with this would be appreciated.
0 -
After this morning's update, I ran deep scan -- neither infection showed up, so I think my problem is solved. I'm going to run the scans again tonight and see what happens. If i get a hit I will post the results.
Thanks Cris0 -
Updated as of today and I am still having this issue, I am starting to get concerned!
0 -
Updated as of today and I am still having this issue, I am starting to get concerned!
Are you getting the same detection names?
Post a scan log please.0 -
Apparently, some users still have problems with the above mentioned detections, so I re-opened this topic. I will contact the analysis department and see what is happening.
Cris.
Has there been any solution here? I have had the same issue on about 3-4 occasions. It disappears for a while and then reappears. This morning, the icon indicated critical problems. I had trouble launching BD, and then when it finally came up, it said there were no pending issues. I am very uneasy that there is something amiss here.0 -
Please update BitDefender and make a Deep Scan of your system. At the end, attach the scan log to your next post to see what is wrong. As far as I know, the problem was already fixed.
Cris.0 -
Please update BitDefender and make a Deep Scan of your system. At the end, attach the scan log to your next post to see what is wrong. As far as I know, the problem was already fixed.
Cris.
I will do that, but note that others did deep scans and continue to have the same issue. When you say the problem was already fixed, how was it fixed? Did you guys update the scanning software? Or, are you relying on clean scans? My issue with the latter is that I had clean scans in between the times this showed up.0
