Welcome Guest ( Log In | Register )

2 Pages V   1 2 >  
Reply to this topicStart new topic
> Bit Defender Can't Delete Files "infected (no Action Was Possible, File Was In An Archive)", when i scanned no action is possible!!!!
kevinconklin
post Apr 22 2009, 12:17 AM
Post #1


Newbie


Group: Members
Posts: 1
Joined: 22-April 09
Member No.: 23,583



hi i just got bit defender 2009 and i did a system scan and 7 files were not able to be deleted and it says "Infected (no action was possible, file was in an archive)"
all the files were in my backup here is a peice of the log file.
please tell me how to get rid of them if bit defender won't!! (IMG:style_emoticons/default/happy.gif)

[u]Remaining issues:Object Name Threat Name Final Status[/u]

C:\My Backup -- 23-04-06 1129\Documents and Settings\Michelle Conklin\Local Settings\Temp\WinFixer2006FreeSetup.exe=](Instyler o)=](Instyler Module 14) Adware.Errorsafe.E Infected (no action was possible, file was in an archive)

C:\My Backup -- 23-04-06 1129\Documents and Settings\Michelle Conklin\Local Settings\Temp\WinFixer2006FreeSetup.exe=](Instyler o)=](Instyler Module 1) Adware.Errorsafe.K Infected (no action was possible, file was in an archive)

C:\My Backup -- 23-04-06 1129\Documents and Settings\Michelle Conklin\Local Settings\Temp\WinFixer2006FreeSetup.exe=](Instyler o)=](Instyler Module 12) Adware.Winantispyware.A Infected (no action was possible, file was in an archive)

C:\My Backup -- 23-04-06 1129\Documents and Settings\Michelle Conklin\Local Settings\Temp\WinFixer2006FreeSetup.exe=](Instyler o)=](Instyler Module 0) Application.Generic.23289 Infected (no action was possible, file was in an archive)

C:\My Backup -- 23-04-06 1129\Documents and Settings\Michelle Conklin\Local Settings\Temp\WinFixer2006FreeSetup.exe=](Instyler o)=](Instyler Module 2) Application.Generic.24131 Infected (no action was possible, file was in an archive)

C:\My Backup -- 23-04-06 1129\Documents and Settings\Michelle Conklin\Local Settings\Temp\WinFixer2006FreeSetup.exe=](Instyler o)=](Instyler Module 3) Application.Generic.24133 Infected (no action was possible, file was in an archive)

C:\My Backup -- 20-05-08 2058\Documents and Settings\kev\Local Settings\Temp\Temporary Directory 1 for runescape scottocs bittorrent downloader.zip\BitDownload Setup.exe=](NSIS o)=]lzma_solid_nsis0006 Trojan.Swizzor.1 Infected (no action was possible, file was in an archive)

Go to the top of the page
 
+Quote Post
Cris
post May 11 2009, 08:18 PM
Post #2


BitDefender Evangelist
******

Group: Regular Bitdefender Poster
Posts: 3,360
Joined: 27-March 07
From: Galați/Iași, România
Member No.: 60



Hello kevinconklin,

I'm deeply sorry for the late reply. I didn't notice this thread when it was created. I only found it now.

Maybe you already solved your problem, but still I want to reply to your question, for future reference.



BitDefender can unpack many archived/packed formats, so archived threats can be detected. However, BitDefender has limited capabilities of cleaning up archived files (ZIP files, for instance, can be cleaned, but RAR files cannot).
This happens because most of the archiving/packing systems are proprietary formats. To clean an archive, you basically need to unpack all files (which BitDefender can do), and create a new archive containing only the clean files... which BitDefender can't do.

Because most archiving formats are proprietary formats, it means that the packing algorithm cannot be used without license from the author of the algorithm.

ZIP format is a free format, and everyone knows it and can use it to create (un)packers. But RAR format (for instance), is a closed format, owned by RarLabs (if I'm not mistaking). So for BitDefender to repack files in the RAR format would be basically illegal, not to mention somehow dangerous for the files, because BitDefender doesn't know the exact packing method and corrupt the archives. The same thing applies for the rest of the packing formats.


In your case, to remove the detected files, find the following files and manually delete them:
CODE
C:\My Backup -- 23-04-06 1129\Documents and Settings\Michelle Conklin\Local Settings\Temp\WinFixer2006FreeSetup.exe

C:\My Backup -- 20-05-08 2058\Documents and Settings\kev\Local Settings\Temp\Temporary Directory 1 for runescape scottocs bittorrent downloader.zip\BitDownload Setup.exe


Cris.

P.S.: I will pin this topic. All other topics about this same issue will be closed and redirected to this one.
Go to the top of the page
 
+Quote Post
Meshal
post May 19 2009, 06:17 PM
Post #3


Newbie


Group: Members
Posts: 2
Joined: 19-May 09
Member No.: 24,270



Hi
I faced the same problem with 7zip format which is open source free format
Go to the top of the page
 
+Quote Post
CPS
post Jun 2 2009, 09:53 AM
Post #4


Newbie


Group: Members
Posts: 6
Joined: 2-June 09
From: Australia
Member No.: 24,626



I did a Deep Scan and found dozens of files (some examples below & attached the latest scan log) that could not be scanned because they are "password protected". They seem to be all part of Spybot. How can I scan these individual files? Are they important? Could I try to find them and delete them or maybe even uninstall spybot?

Would be grateful for your advice.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\temp1673.zip=]Program Files/System32/drivers/Install.exe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\temp1673.zip=]Program Files/System32/drivers/tdiins.exe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\temp1673.zip=]Program Files/System32/drivers/tmcomm.sys

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\temp56c8.zip=]Program Files/System32/drivers/Install.exe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\temp56c8.zip=]Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/sbRecovery.ini

This post has been edited by Cris: Jun 3 2009, 09:48 AM
Reason for edit: Removed quote

Attached File(s)
Attached File  BitDefLog1243929558_1_02.xml ( 20.1K ) Number of downloads: 5
 
Go to the top of the page
 
+Quote Post
Cris
post Jun 3 2009, 09:55 AM
Post #5


BitDefender Evangelist
******

Group: Regular Bitdefender Poster
Posts: 3,360
Joined: 27-March 07
From: Galați/Iași, România
Member No.: 60



Hello CPS,

If you do not know the password for those archived files, then you cannot scan them. And since, in your case, it's about files that are in SpyBot recovery, I'm sure you don't know the password. (IMG:style_emoticons/default/smile.gif)

You can simply empty SpyBot's recovery. If you don't have SpyBot installed anymore, then simply manually delete this folder: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ and everything it contains.


What everybody needs to understand is that archived files don't represent any immediate threat to the system. Even if you have a real infection in an archive, that infection can only become active AFTER it is unarchived. And the moment the infected file is unarchived, BitDefender Realtime Protection will block it.
As long as the files remain archived, you are 100% safe, and you can simply delete the archive.

Cris.
Go to the top of the page
 
+Quote Post
jodaddy
post Oct 18 2009, 06:39 AM
Post #6


Newbie


Group: Members
Posts: 2
Joined: 18-October 09
Member No.: 28,091



I have been going crazy about this same exact situation )like the one explaind by kevinconklin) i cannot find whatsoever the files that say are infected i have been trying to get this resolved myself for about a week now and i have just about had it. is there anyone who can give me some DETAILED (i need detailed cause i am new with bitdefender, and how it works, etc.) on how to get this done from point A to point B. Here are the files it found....PLEASE HELP


File: C:\Windows\Temp\TMP00000F80BE6B9405AB36423E..........Virus Name: Gen:Adware.Heur.Ku4@2KGLJyli

File: C:\Windows\System32\config\systemprofile\AppaData\Local\Microsoft\Windows\TemporaryInternetFiles\Content.IE5YHKEKTXT\upgrade[1].cab=]upgrade.exe=](NSIS2o)=]lzma_solid_nsis0001 Virus Name: Gen.Adware.Heur.Ku4@2KGLJyli


File: C:\Windows\System32\config\systemprofile\AppaData\Local\Microsoft\Windows\TemporaryInternetFiles\Content.IE5YHKEKTXT\upgrade[1].cab=]upgrade.exe=](NSIS2o)=]lzma_solid_nsis0003 Virus Name: Application.Generic.208705

This post has been edited by Cris: Oct 18 2009, 09:47 AM
Reason for edit: Removed font size and color
Go to the top of the page
 
+Quote Post
Cris
post Oct 18 2009, 09:49 AM
Post #7


BitDefender Evangelist
******

Group: Regular Bitdefender Poster
Posts: 3,360
Joined: 27-March 07
From: Galați/Iași, România
Member No.: 60



Hello jodaddy,

Please attach here a BitDefender scan log so we can see exactly what's the situation.

Cris.
Go to the top of the page
 
+Quote Post
mackjones
post Oct 21 2009, 08:30 AM
Post #8


Newbie


Group: Members
Posts: 1
Joined: 21-October 09
Member No.: 28,182



My computer is so infected in spite of my investment in Bitdefender that I am posting this from another computer, so i can't cut and paste any information.

Could you just tell me, since this information doesn't seem to be available on your website, if it's possible to contact a live person to help me out?

My added problem is that i live in France but for something this complicated i need to speak to someone in English!!!

By the way, your advice on finding and deleting items may seem simple to you, but i have no idea how to find and delete these things on my Dell Vista system. Instructions would be appreciated.
Go to the top of the page
 
+Quote Post
jodaddy
post Oct 22 2009, 07:34 PM
Post #9


Newbie


Group: Members
Posts: 2
Joined: 18-October 09
Member No.: 28,091



QUOTE (Cris @ Oct 18 2009, 01:49 AM) *
Hello jodaddy,

Please attach here a BitDefender scan log so we can see exactly what's the situation.

Cris.

Cscan log


regarding file in archive and cant find it manually.
Go to the top of the page
 
+Quote Post
Cris
post Oct 23 2009, 12:57 PM
Post #10


BitDefender Evangelist
******

Group: Regular Bitdefender Poster
Posts: 3,360
Joined: 27-March 07
From: Galați/Iași, România
Member No.: 60



The link you posted is invalid. Please post again.

Cris.
Go to the top of the page
 
+Quote Post
razzly
post Nov 2 2009, 04:41 PM
Post #11


Newbie


Group: Members
Posts: 1
Joined: 2-November 09
Member No.: 28,602



uhmm, I was having the similar problem can you help me how to get rid of this? here is the log:


Remaining issues:Object Name Threat Name Final Status

C:\Documents and Settings\personal\Local Settings\Application Data\Mozilla\Firefox\Profiles\30efxbab.default\Cache\52B4C643d01=](Instyler o)=](Instyler Module 1) Dropped:Application.Generic.217032 Infected (no action was possible, file was in an archive)

C:\System Volume Information\_restore{B7E848FE-5D12-4FB3-913D-4F76DB0549AC}\RP84\A0047720.exe=](Instyler o)=](Instyler Module 1) Dropped:Application.Generic.217032 Infected (no action was possible, file was in an archive)

C:\System Volume Information\_restore{B7E848FE-5D12-4FB3-913D-4F76DB0549AC}\RP84\A0047728.exe=](Instyler o)=](Instyler Module 1) Dropped:Application.Generic.217032 Infected (no action was possible, file was in an archive)

C:\Documents and Settings\personal\Local Settings\Application Data\Mozilla\Firefox\Profiles\30efxbab.default\Cache\52B4C643d01=](Instyler o)=](Instyler Module 2) Gen:Adware.Heur.vq1@Qal0vjfi Infected (no action was possible, file was in an archive)

C:\System Volume Information\_restore{B7E848FE-5D12-4FB3-913D-4F76DB0549AC}\RP84\A0047720.exe=](Instyler o)=](Instyler Module 2) Gen:Adware.Heur.vq1@Qal0vjfi Infected (no action was possible, file was in an archive)
C:\System Volume Information\_restore{B7E848FE-5D12-4FB3-913D-4F76DB0549AC}\RP84\A0047728.exe=](Instyler o)=](Instyler Module 2) Gen:Adware.Heur.vq1@Qal0vjfi Infected (no action was possible, file was in an archive)


Pls help out... thnx
Go to the top of the page
 
+Quote Post
Cris
post Dec 4 2009, 08:49 AM
Post #12


BitDefender Evangelist
******

Group: Regular Bitdefender Poster
Posts: 3,360
Joined: 27-March 07
From: Galați/Iași, România
Member No.: 60



Hello razzly,

Clear Firefox's cache, and apply the steps presented here: http://forum.bitdefender.com/index.php?showtopic=3575

Cris.
Go to the top of the page
 
+Quote Post
Justintsai911
post Jul 12 2010, 11:00 AM
Post #13


Newbie


Group: Members
Posts: 5
Joined: 6-May 10
Member No.: 33,842



I had the similar problem where i cannot delete the generic trojan after a deep scan...any help?.......thx



Attached File(s)
Attached File  1278532816_1_02_xml.htm ( 23.65K ) Number of downloads: 3
 
Go to the top of the page
 
+Quote Post
Cristi
post Jul 12 2010, 10:57 PM
Post #14


Technical Support
*****

Group: Technical Support
Posts: 1,559
Joined: 25-January 10
From: BD HQ
Member No.: 30,868



QUOTE (Justintsai911 @ Jul 12 2010, 01:00 PM) *
I had the similar problem where i cannot delete the generic trojan after a deep scan...any help?.......thx


The infected item is in the recycle bin.
Empty the recycle bin and run a new scan to make sure the system is clean.
Go to the top of the page
 
+Quote Post
Justintsai911
post Jul 16 2010, 08:10 PM
Post #15


Newbie


Group: Members
Posts: 5
Joined: 6-May 10
Member No.: 33,842



Dear Cristi Raducu,


Thx 4 ur help.........the trojan had been deleted and no longer a threat in my bitdefender........ thx ya. btw, would you mind to share some basic info reg this issue?.......i kinda want to noe how come everything when my bitdefender cannot delete a generic trojan, then when i ended up seeking help from this forum, then all the problem is solved.......izzit u guys helped to delete for me?..........i'm juz curious bout it.............
Go to the top of the page
 
+Quote Post
Cris
post Jul 26 2010, 06:03 PM
Post #16


BitDefender Evangelist
******

Group: Regular Bitdefender Poster
Posts: 3,360
Joined: 27-March 07
From: Galați/Iași, România
Member No.: 60



Hello Justintsai911,

The explanation can be found in Post #2 in this topic (just above). Is there anything that you don't understand or needs to be clarified?

Cris.
Go to the top of the page
 
+Quote Post
Rampant
post Dec 2 2010, 11:07 AM
Post #17


Frequent Poster
***

Group: Regular Bitdefender Poster
Posts: 727
Joined: 1-December 10
From: Russia, Novosibirsk
Member No.: 39,675



Да, но BitDefender не удаляет вирусы и из других контейнеров - jar, msi, exe, почему?
(Yes, but BitDefender does not delete viruses and from other containers - jar, msi, exe, why?)
Мы проводим тестирование различных антивирусов, и из базы в 500 семплов, BitDefender определяет 486, но вот удалить может только 430, остальные находятся в контейнерах, из которых он не может удалить, поэтому рейтинг BD оказывается ниже.
(We hold testing of various antiviruses, and from basis in 500 samples, BitDefender defines 486, but here can delete only 430, remaining are in containers from which it cannot delete, therefore rating BD appears more low. Thanks.)

This post has been edited by Rampant: Dec 2 2010, 11:08 AM
Go to the top of the page
 
+Quote Post
Rampant
post Dec 5 2010, 03:09 PM
Post #18


Frequent Poster
***

Group: Regular Bitdefender Poster
Posts: 727
Joined: 1-December 10
From: Russia, Novosibirsk
Member No.: 39,675



It is possible to receive comments under the given report? Thanks.
Attached File(s)
Attached File  1291557629_1_03.xml ( 13.58K ) Number of downloads: 6
 
Go to the top of the page
 
+Quote Post
Cristi
post Dec 5 2010, 05:52 PM
Post #19


Technical Support
*****

Group: Technical Support
Posts: 1,559
Joined: 25-January 10
From: BD HQ
Member No.: 30,868



QUOTE (Rampant @ Dec 5 2010, 04:09 PM) *
It is possible to receive comments under the given report? Thanks.


Did you select any action for the infected files?
Go to the top of the page
 
+Quote Post
Rampant
post Dec 5 2010, 06:13 PM
Post #20


Frequent Poster
***

Group: Regular Bitdefender Poster
Posts: 727
Joined: 1-December 10
From: Russia, Novosibirsk
Member No.: 39,675



All is specified in the report:
The first action by default for the infected objects: to Move files to quarantine
The second action by default for the infected objects: to Treat
The first action by default for suspicious objects: to Move files to quarantine
The second action by default for suspicious objects: No
Action by default for the latent objects: No
Action by default for the objects protected by the password: the Help for the password
Go to the top of the page
 
+Quote Post

2 Pages V   1 2 >
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 29th July 2014 - 10:59 PM