Unable To Disinfect Or Move File

Greatbigmouth
edited July 2007 in Malware talk

Hello.


I am unable to disinfect or move a file to the Bitdefender quarentine. This is not the first time it's happened.


Last week BitDefender detected a virus and was able to move it to the quarantine successfully. However, a few days later it detected the same virus again and was unable to move that very same virus. How is that possible? Could BitDefender be corrupted? How do I fix this?


Here is my latest scan report,


Thanks


//-----------------------------------------------------------------


//


// Product BitDefender Internet Security v10


// Product 10.2


//


// Created on: 02/07/2007 23:13:54


//


//-----------------------------------------------------------------


Virus Statistics


Scan path : C:\


D:\


Folders : 7706


Files : 315560


Memory processes scanned : 33


Archives : 8774


Runtime packers : 10260


Identified viruses : 1


Infected files : 1


Memory processes infected : 0


Suspect files : 0


Warnings : 0


Disinfected files : 0


Deleted files : 0


Moved files : 0


I/O errors : 30


Scan time : 00:51:41


Scan speed (files/sec) : 101


Spyware Statistics


Registry keys scanned : 1655


Registry keys infected : 0


Cookies scanned : 40


Cookies infected : 0


Spyware files infected : 0


Spyware threats detected : 0


Virus definitions : 697213


Scan plugins : 16


Archive plugins : 41


Unpack plugins : 6


Mail plugins : 6


System plugins : 5


Virus scan options


Detection


[X] Scan boot sectors


[X] Memory Processes


[X] Scan archives


[X] Scan runtime packers


[X] Scan email


File mask


[ ] Programs


[X] All files


[ ] User defined extensions:


[ ] Exclude extensions: ;


Action


Infected objects


[ ] Ignore


[X] Disinfect


[ ] Delete


[ ] Move to quarantine


[ ] Prompt user


Second action


[ ] Ignore


[ ] Delete


[X] Move to quarantine


[ ] Prompt user


Virus scan options


[X] Enable warnings


[X] Enable heuristics


[ ] Show all files in log


[X] Report file: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1183410834.log


Spyware scan options


[X] Scan for riskware


[ ] Skip dial and applications from scan


[X] Registry keys


[X] Cookies


Summary:


C:\Program Files\Sierra\SWAT 4\Gamespy\ArcadeInstallSWAT4_14d.EXE=>wise0012 Detected: Adware.Gamespyarcade.F


C:\Program Files\Sierra\SWAT 4\Gamespy\ArcadeInstallSWAT4_14d.EXE=>wise0012 Disinfection failed


C:\Program Files\Sierra\SWAT 4\Gamespy\ArcadeInstallSWAT4_14d.EXE=>wise0012 Move failed

Comments

  • BD failed to move the infected file because it's located in an installer package. You may remove manually the entire package.


    Andrei

  • Hello Greatbigmouth


    The reason is also that BitDefender or any other antivirus can't rebuild the installer because the installers are protected so they can't be modified. The only thing what you can do is what Andrei suggested. Or if possible do not choose to install gamespy arcade. So as you can see here it isn't a very high threat: http://www.siteadvisor.com/sites/gamespyar...nloads/4812833/


    Regards


    Niels

  • Thanks for the advice. One last question though,


    Last week BitDefender blocked a virus called "Trojan.Clicker". It was able to move it to quarantine, yet 3 days ago it detected it on my PC and was unable to move or disinfect.


    Also, why did I find that virus on my PC if BitDefender blocked it in the first place? It told me that my PC was NOT infected, yet It detected the virus during a scan? :(


    Thanks

  • Hello Greatbigmouth


    Blocked means that BitDefender will not allow it that the infected file is executed. Try to close your browser but also take a look in task manager (press control+alt+del(ete) go to processes) that the process of your browser isn't running : firefox.exe , iexplore.exe if these processes are still present kill them.


    Regards


    Niels

  • Hi Niels,


    I did close my browser but it was still unable to move the very same virus that it disinfected a few days earlier. Eventually I removed it by clearing my browser's cache. I still don't understand why it could move it to quarantine on one day, but couldn't move it on the next day. :huh: Exact same virus......

  • Hello Greatbigmouth


    It could be that a system restore point is infected. BitDefender can't move system restore points. To fix that disable system restore temporary: go to start,my computer,rightclick on my computer,choose properties,system restore,check the option disable system restore on all stations confirm by pressing on apply and ok. Wait till system restore is disabled. When you received that message uncheck it again and press on apply and ok to confirm. Can you please post the location where it was found? Start BitDefender go to general,events,double click on the entry infected files found.


    Regards


    Niels

  • Hi Niels,


    Thanks for the reply.


    Here is the location where the Trojan was found.


    File C:\documents and settings\user\application data\opera\opera\profile\cache4\opr001w0.js=](gzip)


    infected with Trojan.Clicker.CM


    Previously BitDefender found that exact same trojan in the Internet Explorer cache. Could it be that it can't move it from the Opera cache?


    Thanks

  • Hi!


    You may disable BD real-time protection and delete the file manual. Re-activate BD real-time protection then.


    Andrei

  • Hello Greatbigmouth


    Did you kill opera.exe in task manager? Because sometimes the process is still running.


    Perform a scan afterwards and normally BitDefender will be able to remove it.


    If you want to go that location you have first to display hidden files and folders. So go to start,my computer,documents and settings after that go to tools,folder options,display,check the option display hidden folders and files and confirm by pressing on apply and ok. Now you will see a folder called application data. You can also use this tool called unlocker so you don't have to disable the realtimeprotection: http://ccollomb.free.fr/unlocker/unlocker1.8.5.exe Install it rightclick on the infected file and choose unlocker,by action select delete and press on unlock all.


    Regards


    Niels

  • Thanks for the advice!


    My system is clean, and I will keep you posted if anything similar happens again in the future. ;)


    GBM

  • Glad that we could help you! :)


    Andrei

  • Also glad glad that we could help you


    Regards


    Niels