• Detection will be removed after the next update; thank you for the notification.
    în False Positive Comentat de vlad mai 2008
  • The file is clean; a macro from it triggers the heuristic. The easiest workaround is to simply except the folder containing this file from scanning.
  • It's a false positive; the next update should fix it.
  • Disable the virus shield & empty the IE cache. It's just an adware-related JS.
    în Trojan.clicker.cm Comentat de vlad mai 2008
  • E un JS din ceva pagina vizitata; dai disable la virus shield si golesti cache-ul IE. Eventual poti arhiva inainte fisierele C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8GUKQVSH\ads[1].js si C:\Documents and Settings\Administrator\Local Settings\Temporary Internet…
  • They are both false positives indeed; they will disappear after the next update. Thanks!
  • Please post a HijackThis/Startuplist log and a GMER log.
    în Mail Bot Comentat de vlad martie 2008
  • Please attach a copy of that file to a post and I'll have a look at it.
  • You have two AVs installed (neither of which is BitDefender, by the way); that may lead to system instability. C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll belongs to the "My Way Search Assistant" adware/spyware family. The "PeoplePal Toolbar" (C:\Program Files\PeoplePC\Toolbar\PPCToolbar.dll) is also most likely adware.…
  • Vundo is a very "polymoprphic" trojan and it gets "updated" all the time. Vundofix only works against that particular trojan, so it does a somewhat better job in keeping up to date with all it's variants. Download an updated version and try again. Attach here (in a new post) the following files:…
  • Imi cer scuze pentru intarziere (din nou), n-am mai trecut pe forum de multa vreme. Removal-tool-ul (pentru care ii multumim la Cd-MaN, ca el l-a scris si am uitat sa specific asta ultima data), il gasiti aici: http://forum.bitdefender.com/index.php?act...ost&id=1393
  • Embarassing as it may be, I've only seen this thread now. The malware is most likely C:\WINDOWS\system32\NTSpool.exe; it appears to be the backdoor Bifrose. There is indeed some malware started by that svchost.exe instance, probably through NTSpool.exe. Sorry for the (too) late answer.
  • Please attach here a copy of the infected file(s). There is a huge number of Vundo/Virtumonde variants ITW. I haven't tested it myself, but VundoFix seems to do a good job removing it and is kept up to date with the latest variants.
  • As AndreiASM suggested, please attach the infected sample(s) (not the log). Here is the virus scan result. Also i cant access the file. And trojan.vundo is also appearing now
  • It's an IRC backdoor that spreads through MSN. Detection added (Win32.Worm.IM.F); thanks for the sample!
    în Msnworm.bb Comentat de vlad decembrie 2007
  • Boggy & ColdAsIce, aveti removal tool-ul pe PM (daca-l postez aici nu-l puteti downloada). Daca mai are nevoie cineva, sa-l ceara cu incredere. @Cris: A pus cineva semnatura pe el, se pare. @afp: Sa ai noroc cu noul antivirus! Daca BD-ul actualizat la zi tot nu detecteaza nimic, trimite un mail la support@bitdefender.com…
  • BD detecteaza chestia asta euristic, deci o detecta de cand a aparut, ca urmare daca ati fi avut virus shield-ul activ, nu v-ati fi infectat in prima faza. Mi se pare foarte improbabila teoria conform careia nici un antivirus nu o detecteaza, avand in vedere ca in testele mele mai toti antivirusii (importanti) detecteaza…
  • I've downloaded System Mechanic 7 from iolo.com, but it's not currently detected by BD. It may have been a FP.
  • Being an "Email Marketer" triggered the heuristics; detection has been removed (update your BD in ~2-3 hours). Thanks for the sample!
  • It's a VB worm. Signed it; thanks for the sample. To remove it: - from task manager (or better yet, Process Explorer) kill the process System.exe. ATTN: do NOT kill the System process, but System.exe; - delete (or scan with BD after an update and instruct it to delete detected files): c:\windows\config\system.exe…
    în New Malware Comentat de vlad noiembrie 2007
  • By the time I got to it, it was already detected. It's a Tibs (Peed) downloder. Thanks for the sample!
  • svchost.exe is a legitimate process, but it's sort of a "loader" rather than a stand-alone application: it is actually running code from other modules. Please post a HijackThis log and we'll see what files we need to study.
  • Please upload D:\I386\APPS\APP17678\src\CompaqPresario_Spring06.exe and D:\I386\APPS\APP17678\src\HPPavillion_Spring06.exe; they appear to be false positives.
  • Simply deleting test.vbs will do. I'll try to add detection for it based on the previous post.
  • I've removed detection from the last version available on the site. The problem is that this software uses YM tricks usually employed by malware, which triggers the heuristic detection (hence the name Generic.Malware.*).
  • Detection added. Thanks for the samples!
  • Please upload gvthuar.exe. What you've uploaded is, as I've already said, just a data file.
  • This is not a virus; it's a file containing some encrypted data. Whatever is accessing this file is probably the virus.
  • Please attach the file to a post here and I'll fix it (it's very likely a FA, probably because the heuristic filter picks up improperly encrypted malware patterns in their signatures).
  • You are most welcome.