Virus!
I just downloaded Bitdefender for the first time, and had a scan. I found a virus called Trojan.Downloader.Agent.YIQ
Im not a pro, so...How do i remove the virus??
Comments
-
Hi Haakon,
I moved your topic to a more appropriate section.
Please post the path of the infected file. You can open the BD Scan log and copy here the paths of the file(s) that were found as infected. Don't add the log as an attachment, because on this section only BD Virus Analysts can download them. Just write in your post the paths.
Cris.0 -
Virus Statistics
Scan path : C:\Program Files\Knight Online\XPatch.exe
Folders : 0
Files : 1
Memory processes scanned : 0
Archives : 0
Runtime packers : 0
Identified viruses : 1
Infected files : 1
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 0
I/O errors : 0
Scan time : 00:00:02
Scan speed (files/sec) : 0
Virus definitions : 697924
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5
Virus scan options
Detection
[ ] Scan boot sectors
[ ] Memory Processes
[X] Scan archives
[X] Scan runtime packers
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user
Virus scan options
[X] Enable warnings
[X] Enable heuristics
[X] Show all files in log
[X] Report file: C:\Users\Håkon\AppData\Roaming\BitDefender\Desktop\Profiles\Logs\contextual\1185908057.log
Spyware scan options
[X] Scan for riskware
[ ] Skip dial and applications from scan
[ ] Registry keys
[ ] Cookies
Summary:
C:\Program Files\Knight Online\XPatch.exe Infected: Trojan.Downloader.Agent.YIQ
C:\Program Files\Knight Online\XPatch.exe Disinfection failed
C:\Program Files\Knight Online\XPatch.exe Move failed
Scanned files
C:\Program Files\Knight Online\XPatch.exe Infected: Trojan.Downloader.Agent.YIQ
C:\Program Files\Knight Online\XPatch.exe Disinfection failed
C:\Program Files\Knight Online\XPatch.exe Move failed
This one?0 -
Hello Haakon
Could you please post a downloadlink where you download the patch?
Upload the patch to this website: http://www.virustotal.com and post the result. I suggest that you also archive XPatch.exe in password protected archive with the following password: infected and attach it to your next post.
Regards
Niels0 -
Could you please post a downloadlink where you download the patch?
Do not post the link. Other users might access it and they might get infected.
Instead, write it in a Text file and attach it to your post. This way, only BD Virus Analysts can take a look at it.
Cris.0 -
Hello Haakon
Sorry I meant that you also have to add the link in you archive. I thought that I wrote that but that wasn't the case.
Regards
Niels
Thanks Cris for correcting me.0 -
It doesnt work to archive it with password. I've tried WinRar and WinZip.
When i use WinRar i get this error: XPatch.zip: Cannot create XPatch.zip
And WinZip: Error: You are trying to create a new Zip file on a disk that is read-only (C:\Program Files\Knight Online\XPatch.zip)
I used the "Virus Submission" guide.0 -
It doesnt work to archive it with password. I've tried WinRar and WinZip.
When i use WinRar i get this error: XPatch.zip: Cannot create XPatch.zip
And WinZip: Error: You are trying to create a new Zip file on a disk that is read-only (C:\Program Files\Knight Online\XPatch.zip)
I used the "Virus Submission" guide.
The reason why you couldn't make the archive was because BitDefender was blocking the source file (the infected file).
Before attempting to make the archive you should have disabled BD Realtime Protection. You have to be very careful not to open an infected file while BD is disabled and to re-enable BD Realtime Protection once you finished the archive. This is said very clearly in the "Virus Submission" guide.
Following these steps will surely allow you to make the protected archive.
Cris.0 -
Im sorry, but..What if I was wrong? I found this post at the Knight Online forum, where it was written:
"Many people are concerned about certain anti-virus programs detecting a Trojan Virus in the Knight Online executable that is packed in the latest patches from K2 Network. Our Quality Assurance department has installed these anti-virus programs, scanned the Knight Online files and determined these reports to be FALSE POSITIVES. We will be contacting the larger anti-virus companies to update their databases to remove these false positives. Rest assured that the files that are distributed by K2 Network do not contain viruses or other harmful files."
Maybe its just a false positive? Is BitDefender one of those antiviruses? I have had many searches with Ad-Aware too, but it couldnt find anything.0 -
We are looking into this matter now. If it is indeed a false positive, detection will be removed.
0 -
Hello Haakon
What you always can do is just add the downloadlink and attach that at your next post. I downloaded a patch for knights online and the installers drops executable files in system 32 folder which is very suspecious for a patch. It's a forum site of Knights online.
Regards
Niels
Downloadlink attached where I found the infected one./applications/core/interface/file/attachment.php?id=397" data-fileid="397" rel="">xpatch.rar
0 -
Well, XPatch was a piece of the installation package. I did not install or download it later.
0 -
Hello Haakon
I downloaded only the executable (xpatch.exe) from that source where I attached the link. That caused that strange behaviour. But it could be that wasn't the real patch. It was located on a Knights Online forum.
So I still recommend to help the virus researchers that you still add the link where you downloaded xpatch.zip from. That is easier for them.
Regards
Niels0 -
Here it is? I hope it was right just to copy / paste the link into attachments..
Seriously..I have no idea how to do this.0 -
Hello Haakon
I will explain it to you. Edit your post choose for full edit in the attachments sections by select a file press on browse now you must navigate to the text file where you wrote the downloadlink click on ok to finish press on upload. That is all what you have to do.
Regards
Niels0
