Trojan.fakealert.5 Quarantine Fix

I am running Windows 7 Ultimate 64 bit with Bitdefender 2010 Antivirus. Was affected by the trojan.fakealert.5 issue.


Steps which I took to fix the issue:


1) Stop Bitdefender (BD) Realtime Protection immediately


2) Update BD with Engine 7.30848 and Virus Signatures 5474032


3) Went into DB Antivirus tab -> Quarantine and restored whatever trojan.fakealert.5 files were there


4) For files which cannot be restored as a message saying the file is already there or the path not found here is a possible fix


5) Restore the files to a different directory using the "Browse" button. Make sure take note the original directory before restoring it to a different directory. In my case, for all c:\windows\system32 files I copied them to c:\system32 and for c:\windows\syswow64 files I copied them to c:\syswow64. The quarantined files should not be on your list any more after restoring. The objective here is to copy them back to their original folders as many of the files are shown as empty shells (they have 0KB) so you need to copy the normal ones back to the system folders.


6) Next, I restarted Windows using my Windows 7 DVD and click Repair and click Command Prompt. The reason why you need to use a DVD is because many of the restored system files are in use by Windows and it will not allow you to copy over them. Using command prompt I copied the files back to the original folders and then restarted Windows.


My Windows 7 is working more normal now. I didn't realise that after the system files were quarantined, Windows or BD placed empty shells of files with the same name in the system directories. It caused problems with a few of my programs.


Enjoy.

Comments

  • Yea, who wants to take time to fix 1000+ files this way?Not me!

  • I am running Windows 7 Ultimate 64 bit with Bitdefender 2010 Antivirus. Was affected by the trojan.fakealert.5 issue.


    Steps which I took to fix the issue:


    1) Stop Bitdefender (BD) Realtime Protection immediately


    2) Update BD with Engine 7.30848 and Virus Signatures 5474032


    3) Went into DB Antivirus tab -> Quarantine and restored whatever trojan.fakealert.5 files were there


    4) For files which cannot be restored as a message saying the file is already there or the path not found here is a possible fix


    5) Restore the files to a different directory using the "Browse" button. Make sure take note the original directory before restoring it to a different directory. In my case, for all c:\windows\system32 files I copied them to c:\system32 and for c:\windows\syswow64 files I copied them to c:\syswow64. The quarantined files should not be on your list any more after restoring. The objective here is to copy them back to their original folders as many of the files are shown as empty shells (they have 0KB) so you need to copy the normal ones back to the system folders.


    6) Next, I restarted Windows using my Windows 7 DVD and click Repair and click Command Prompt. The reason why you need to use a DVD is because many of the restored system files are in use by Windows and it will not allow you to copy over them. Using command prompt I copied the files back to the original folders and then restarted Windows.


    My Windows 7 is working more normal now. I didn't realise that after the system files were quarantined, Windows or BD placed empty shells of files with the same name in the system directories. It caused problems with a few of my programs.


    Enjoy.


    you may try also a windows update...just to be sure.

  • Where is your quarantine directory, i'm running 64 bit windows 7 and i can't find it?

  • Where is your quarantine directory, i'm running 64 bit windows 7 and i can't find it?


    You should be running BitDefender in Expert mode to see the Quarantine folder. Go to settings to change your view to Expert mode.

  • Dolzhenko
    edited March 2010
    You should be running BitDefender in Expert mode to see the Quarantine folder. Go to settings to change your view to Expert mode.


    I can see the quarantine in Bitdefender, I'm already using Expert, i mean in windows explorer, I can't restore from Bitdefender because it's giving me the "file already exists" and "path not found" errors, so i want to move them back through windows explorer if that's possible.


    EDIT: Whoops I skimmed over what you wrote. Nevermind thanks!

  • I am running Windows 7 Ultimate 64 bit with Bitdefender 2010 Antivirus. Was affected by the trojan.fakealert.5 issue.


    Steps which I took to fix the issue:


    1) Stop Bitdefender (BD) Realtime Protection immediately


    (...)


    Too late: i cannot open BitDefender: BitDefender Security Server (vsserv.exe) is not available

  • I can see the quarantine in Bitdefender, I'm already using Expert, i mean in windows explorer, I can't restore from Bitdefender because it's giving me the "file already exists" and "path not found" errors, so i want to move them back through windows explorer if that's possible.


    EDIT: Whoops I skimmed over what you wrote. Nevermind thanks!


    You can't move them back as the files in System32 and sysWoW64 are locked and cannot be copied over. So which is why I used a Windows DVD to do that as it will allow me to copy the files manually over. I tried safe mode but it still locked the two folders.

  • The problem is: Bitdefender won't restore any of the system32 files to ANY directory, not even desktop, I get the "path does not exist" error haha... even though my desktop does exist. So i can't restore those files to anywhere.

  • i installed the first update and its installing for about an hour is this normal or what ??

  • Where is your quarantine directory, i'm running 64 bit windows 7 and i can't find it?


    The directory is at C:\ProgramData\BitDefender\Desktop\Quarantine


    But do note that the files are renamed by BitDefender. I am not sure if it works but you might want to try renaming them to the original names but that will take forever if you have hundreds.


    I think the easiest is for BitDefender team to come out with a separate fix to restore all the files. Might need to run it off a CD-ROM unless there is a way to unlock the directories on the fly.

  • And I tried System restore on two different images. One just before the issue and another 7 days ago but that didn't fix it. So not sure if System restore will work well for you guys. The best way to check if System Restore works is to check the System32 and sysWoW64 folders to see if there are any .dll or .exe files that are 0 KB in size.

  • The directory is at C:\ProgramData\BitDefender\Desktop\Quarantine


    But do note that the files are renamed by BitDefender. I am not sure if it works but you might want to try renaming them to the original names but that will take forever if you have hundreds.


    I think the easiest is for BitDefender team to come out with a separate fix to restore all the files. Might need to run it off a CD-ROM unless there is a way to unlock the directories on the fly.


    Yeah i have to wait for another update, since i can't restore those files to ANY directory, i'm pretty much a sitting duck.

This discussion has been closed.