Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BitDefender online scanner - false positive or actual virus?


  • Please log in to reply
8 replies to this topic

#1 carissa_lee_

carissa_lee_

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:05:35 PM

Posted 16 April 2010 - 01:51 AM

I was testing out BitDefender's online scanner, as I've never used an online scanner before and wanted to see if it might find something Avast or MBAM has looked over.

It came back telling me I had two viruses, Generic.Malware.SBEg.7660772E and Trojan.Generic.1109194. The locations of these viruses were C:\Program Files\Sony\Welcome to VAIO life\VAIO zone.exe and C:\Program Files\Sony\Welcome to VAIO life\WTVI.exe.

Could these be false positives? Or an actual virus thats hidden itself in an odd place?

Thank you!

*edit*
My laptop is a Sony VAIO VGN S360, so I would have assumed the files above were ones that should be on my computer, which is what makes me think it's a false positive. I'll be more than happy to provide any additional information, I just didn't know if it would be necessary. Please let me know if you need anything else!

Edited by carissa_lee_, 16 April 2010 - 02:02 AM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:35 PM

Posted 16 April 2010 - 03:14 PM

This is possibly a False positive. We should double check it before we take action.

Lets' upload this file for a second opinion on what it actually is..

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:
How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.
<filepath>suspect.file

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/


NOTE:
For submission to a specific anti-virus vendor see Submitting Virus Samples: How to Submit a Virus.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 carissa_lee_

carissa_lee_
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:05:35 PM

Posted 17 April 2010 - 12:22 AM

I'm sorry I didn't notice it before but I just looked at the bitdefender log it says it deleted both files along with a few under C:\System Volume Information\_restore*** that were listing the same infection. I noticed that after I had tried looking them up using Jotti and wasn't able to find them. I could have sworn I set it to prompt before deleting any files, so I didn't think to make sure before posting.

Edited by carissa_lee_, 17 April 2010 - 12:49 AM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:35 PM

Posted 17 April 2010 - 09:38 AM

Well,it happens... If you want to run another good scan run SAS below. If all's is good here after that we just want to clean out the System Volume Information when done.

Next run ATF and SAS: If you cannot access Safe Mode,run in normal ,but let me know.

Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

From your regular user account..
Download Attribune's ATF Cleaner and then SUPERAntiSpyware , Free Home Version. Save both to desktop ..
DO NOT run yet.
Open SUPER from icon and install and Update it
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining
.
Click the "Close" button to leave the control center screen and exit the program. DO NOT run yet.

Now reboot into Safe Mode: How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.

Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button.

If you use Firefox or Opera browser click that browser at the top and choose: Select All
Click the Empty Selected button.
If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program
.

NOW Scan with SUPER
Open from the desktop icon or the program Files list
On the left, make sure you check C:\Fixed Drive.
Perform a Complete scan. After scan,Verify they are all checked.
Click OK on the summary screen to quarantine all found items.
If asked if you want to reboot, click "Yes" and reboot normally.

To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log.
A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program.


Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 carissa_lee_

carissa_lee_
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:05:35 PM

Posted 18 April 2010 - 06:58 AM

Seems promising :thumbsup: I never had any original symptoms that made me think there might be a problem, so it seems to be running the same.


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/18/2010 at 01:40 AM

Application Version : 4.35.1002

Core Rules Database Version : 4817
Trace Rules Database Version: 2629

Scan type : Complete Scan
Total Scan Time : 01:16:40

Memory items scanned : 219
Memory threats detected : 0
Registry items scanned : 6389
Registry threats detected : 0
File items scanned : 20610
File threats detected : 0

Edited by carissa_lee_, 18 April 2010 - 07:01 AM.


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:35 PM

Posted 18 April 2010 - 01:50 PM

Ok, looks good. The first item was a malware from what I could find and it was removed. I'd say you are good to go.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 carissa_lee_

carissa_lee_
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:05:35 PM

Posted 18 April 2010 - 11:40 PM

So it doesn't seem that it was a false positive, at least the first one? That's good news, I guess, I was almost worried it may have deleted a file I might have needed.

I do have a question, if you don't mind?
I know enough not to run more than one antivirus program on my computer, and I currently rely only Avast! and MBAM for scans. Is it a better idea to have more than one malware scanning program on hand to run scans every so often to check for possible malware that one of the other scanners may not have picked up? Or is it the same idea as antivirus programs, where I shouldn't run more than one program at a time so they don't cancel each other out, so to speak? Should I just stick with what I use now? I know it's impossible to be 100% protected, since any anti-malware type program is usually one step behind the latest virus. I usually run a full scan with MBAM every few weeks, and along with the antivirus software I haven't seemed to have any problems since I originally received this computer, when it actually had a virus on it (I got it from a friend and I think it had Antivirus XP 2009 on it, or something, and he ended up reloading Windows hoping to get rid of it, but it didn't. I searched for a fix online and "discovered" MBAM, which fixed it successfully, and has seemed to work well ever since). But, if whatever BitDefender found may have actually been malware, I would like to make sure I use every tool at my disposal that may help prevent any problems down the line. Since whatever that was wasn't actually causing me any issues, if I hadn't just run a "test" scan with BitDefender I don't know if or when it would have ever been discovered.


Oh, also, thank you boopme for taking the time out to help :-) I absolutely love this website. I've searched a number of other forums like this, but this one seems to be the most thorough I have found so far. The wide variety of assistance provided is awesome. I regularly use this site just to read up and learn what I can, and share things like the what's posted under the breaking news section with friends and family. I also recommend nearly everyone with computer-related questions to come here first, because more than likely they will find all of their answers.

So, again - THANK YOU! To boopme, and everyone who contributes somewhere on this site. You are all very much appreciated :-)

Edited by carissa_lee_, 18 April 2010 - 11:41 PM.


#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,759 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:05:35 PM

Posted 19 April 2010 - 09:09 AM

Hello it's our pleasure...
Use one A/V and a couple anti malware and one software firewall.
I use AVira (A/V and Avast is fine), MBAM and SAS with my windows Vista firewall. I run these every week and I update first.. Also monthly I run an Online scan as you have.
Reloading Windows and not a format /reload will not remove malware. Neither will a new restore point. That may get you operational bto clean but the malware is still there.

That said we will create a new restore point and I'll post a link with safety tips.

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.


Please take a few minutes to read our quietman7's excellent Tips to protect yourself against malware and reduce the potential for re-infection:,in post 17. :thumbsup:


It was a pleasure to have met you.

boop
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 carissa_lee_

carissa_lee_
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Oregon
  • Local time:05:35 PM

Posted 20 April 2010 - 12:45 AM

Yeah, I don't think the person I received my computer from really even looked up how to fix the problem, I assume he just figured by reloading Windows he could "start fresh".

I will take lead from what you mentioned you use and keep SAS on my computer and run scans along with MBAM. I've always just used the pre-installed Windows firewall, as it seems to work fine for me. The BitDefender online scan was actually the first I'd ever used, I really would have never thought an online scan would be legit or could even work. But I'll play around with some of the ones I've seen mentioned here and scan from time to time with one of those as well.

Restore point created :thumbsup: I will read through his post as well.

Thanks again!!

Edited by carissa_lee_, 20 April 2010 - 12:55 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users