vlad

They don't need to be rebooted. I can't imagine what happened, but I've never heard of this behavior before. It was most likely a very peculiar accident (perhaps a request to reboot got missed somehow, I really can't imagine).

It's a VB downloader; thanks for the sample.

I checked the first sample and it's no longer detected; I also removed detection from the second sample just now. In a couple of hours they should both be fixed. Please update your BD and try again. Sorry about replying late, but our previous chat was at ~9 PM on Friday... I had to get home. As for uploading files,…

Semnat vierme sau backdoor. Mersi de sample!

Ai fi surprins ce fisiere vin pe suport chiar si acum...

Apar pe saptamana cateva zeci/sute de site-uri de genul asta, iar variantele de Zlob variaza tot cam la fel. Exista destule detectii generice, insa tactica lor e ca atunci cand e detectat, il modifica pana nu-l mai detecteaza nimeni.

Detection is on it's way. Thanks for the sample!

Megaupload says: "The file you are trying to access is temporarily unavailable." I'll try again later.

Generic.Peed.Eml.* are detections for spammed mails with the "Storm Worm", as press worldwite kindly refers to it. You probably actually receive mails everyday with it, since it's spammed very tenaciously, and that's why it keeps appearing. Neither this, nor Exploit.Iframe.Vulnerability.* aren't self-multiplying, so the…

W32/Gobi.A is a very poor signature from Avira which detects clean temporary files generated by BD during the scan.

The file uploaded here is clean; detection will be removed after the next update. As for uploading files, you can use free file uploading services for larger files (megaupload.com, etc.), but make sure to archve the samples with the password infected.

Thanks; they've been added to the tracking system.

Please upload the detected files here and I'll have a look. It might be a false positive, so don't delete the files just yet.

Softwin plateste reviewuri pozitive? Nu, dar le da softu' pe gratis, ca saracii, la fel ca "recenzorii de jocuri mafioti", n-au bani sa-l ia singuri. Nu sunt review-uri platite, si cum zicea si Raul, nici scorurile nu sunt mari. Daca va obositi sa cititi si ce scrie in review o sa vedeti ca BD chiar _are_ feature-urile…

The messages aren't stored individually, but in something resembling an archive. And the format of the mail inbox "archives" is not officially made public, so removing files from them is risky. It's also pretty difficult to link the files to the mail details (sender, subject, etc.). And of course the numbering doesn't…

@claudiu: E stabil. Aha... e, asa da. Justificarile temeinice nu ma entuziasmeaza, da' confirmarea ta ferma... Nu mai comentez Comodo, pare a fi inutil. Ca principiu tehnic totusi, citeste putin despre hook-uri, HIPS-uri si firewall-uri; o sa intelegi ce-am zis despre ele. De teste nu ma mai leg, crezi ce vrei. NDIS-ul era…

@vladx: AVG a progresat _foarte_ mult, insa am explicat deja de ce fara euristica e degeaba. N-am zis ca leak-testurile sunt rele in sine, doar ca sunt folosite pentru a manipula opinia publica. Am mai zis ca nu sunt suficiente pentru a compara firewalluri, parere pe care o mentin. Da, au un miez de adevar, dar cam atat.…

@claudiu: Testele leak sunt subiective pentru _toate_ produsele testate, pentru tocmai chestiile pe care le testeaza si pentru felul in care o fac. Si tocmai pentru ca se injecteaza peste tot Comodo e instabil (pentru ca sunt aplicatii care in mod ~legitim se injecteaza si ele). Doar pentru ca tu nu ai asemenea aplicatii…

nu imi pot explica de ce se vrea ca ferrariul rosu sa aiba musai ”benă” Good point, good wording for it. (sorry de intarziere, n-am mai citit forumul demult).

Continuare: [...]acea prostie de program a dat mizerie tuturor firewall-urilor cu state vechi la TOATE testele Leak Nici nu incep sa comentez cum se fac testele leak... I-as bate pe oamenii aia daca mi-ar fi la indemana pentru felul in care deformeaza realitatea (daca din prostie, necunostinta sau interes pecuniar nu-mi…

Invatati de la ceilalti est-europeni (eset, alwil, grisoft) cum se face un antivirus bun cu rolul de a securiza calculatorul ESET face un antivirus bun, insa ratele lor de detectie n-au fost niciodata exceptionale (euristica e intr-adevar buna). Alwil si Grisoft... probabil nu "impotmolesc" calculatorul, insa nici nu prind…

I don't think anyone actually removed the attachment; maybe it failed uploading somehow. Send it to virus_submission@bitdefender.com and put 4vir somewhere in the subject. I signed some imgkulot-related malware just a few days ago, but it may not be the same.

This malware is a javascript which exploits the ".ANI" vulnerability (MS07-017). Please post the complete detection path (normally simply emptying your IE temporary folder with the realtime protection disabled should fix this).

OEMCUST appears to be indeed some sort of OEM software package for user assistance (as Niels said). PSKill (by SysInternals, aquired by MS recently) is an application that kills processes, but then again so is taskkill.exe, which is delivered with every Windows (NT/2K/XP) installation. As it has already been stated, it is…

Please look for Recycled\ctfmon.exe and upload it here.

Detected as Trojan.Peed.ICB. Thanks for the samples.

Detection has been added. Thank you for the sample!

The removal tool is generic, so it can't detect all possible Virtumonde versions. To remove the ones that escaped, try following the steps here: http://forum.bitdefender.com/index.php?showtopic=1054 . Unlocker will fail on Virtumonde, and Safe Mode doesn't help either. You can also try this tool which Mieke recommmended:…

Trojan.Clicker.CM is just an HTML page which attempts to show popups. It's the same thing as this one here: Application.JS.ForcePopup. Temporarily disabling BD and emptying your IE cache should fix it.

Detection added. Thank you for the sample!