Trojan.clicker. Html.iframe.ak And Win32.worm.nimda.r Bitdefender Cannot Remove These, BD Total Security 2010 cannot remove, delete or even quarantine these Options

[Jorge Medina]

Hello. I have BitDefender Total Security 2010, and while running a scan, it detected these two infections: Trojan.Clicker.HTML.IFrame.AK and Win32.Worm.Nimda.R, and also in my case, it could not delete them, clean them or even quarantine them. Simply, no action could be taken to clean or get rid of these threats. I have googled them and found so far that they (specially the trojan.clicker) to be classified as high risks. I cannot see anything from BitDefender to actually help in the removal of these threats. It seems they are not new threats, so I really do not understand how is it not possible for a "Total Security" tool to remove them.

Please help and send the instructions on how to fix this as soon as possible, because we are vulnerable and at high risk here.
My OS is Windows 7 64-bit, Home Premium Edition, I am working on a VAIO with Intel Core 2 Duo Processor, 4 Gigs of RAM, 350 Gigs of HDD. Although I mainly use Google Chrome, sometimes I also use IE and Firefox, all of them the latest versions.

My email should be in your database, but just in case, please let me know the solution for this at: jlme64@gmail.com or jlme64@prodigy.net.mx, as soon as you can, please.

Thank you very much.

[Jorge Medina]

I enclose (attach) the log for the scanning process, in order for you to be able to help me on this matter. Please do so urgently, as soon as possible. Thank you.

Jorge Medina


BitDefender Log File
BitDefender Log File
Product: BitDefender Total Security 2010 Version: BitDefender Antivirus Scanner Scanning task: Deep System Scan Log date: 29/07/2011 01:20:21 a.m. Log path: C:\ProgramData\BitDefender\Desktop\Profiles\Logs\deep_scan\1311920421_3_02.xml
Scan paths:
Path 0000: C:\
Scan Level:
Scan for viruses: Yes Scan for adware: Yes Scan for spyware: Yes Scan for applications: Yes Scan for dialers: Yes Scan for rootkits: Yes Scan for keyloggers: Yes
Virus Scanning Options:
Scan registry keys: Yes Scan cookies: Yes Scan boot sectors: Yes Scan memory processes: Yes Scan archives: Yes Scan runtime packers: Yes Scan e-mails: Yes Scan all files: Yes Heuristic Scan: Yes Scanned extensions: not configured Excluded extensions: not configured
Target Processing:
Default first action for infected objects: Disinfect Default second action for infected objects: None Default first action for suspect objects : None Default second action for suspicious objects: None Default action for hidden objects: None Default first action for encrypted infected objects: Disinfect Default second action for encrypted infected objects: None Default first action for encrypted suspicious objects: None Default second action for encrypted suspicious objects: None Default action for password-protected objects: Log only
Scan Engines Summary
Virus signatures: 8651221 Archive plugins: 48 E-mail plugins: 7 Scan plugins: 14 System plugins: 5 Unpack plugins: 9
Basic
Scanned items: 411913 Infected items: 2 Suspect items: 0 (no suspected items have been detected) Hidden items: 0 (no hidden items have been detected during this scan) Resolved items: 0 (infected or suspect items have been found and were ignored or could not be fixed) Unresolved items: 2
Advanced
Scan time: 01:32:36 Files per second: 74 Skipped items: 20123 Password-protected items: 0 Over-compressed items: 0 Individual viruses found: 2 Scanned folders: 11181 Scanned boot sectors: 4 Scanned archives: 2422
file:///C:/ProgramData/BitDefender/Desktop/Profiles/Logs/deep_scan/1311920421...
29/07/2011
BitDefender Log File
Input-output errors: 4 Scanned processes: 121 Infected processes: 2 Scanned registry keys: 4639 Infected registry keys: 0 Scanned cookies: 1 Infected cookies: 0
Remaining issues:
Object Path
<System>=>VirtMem Region Dump 0x31c0000 + 7f000 [9404] (pgexec dump) <System>=>VirtMem Region Dump 0x5380000 + 434000 [9404] (pgexec dump)
Threat Name
Trojan.Clicker.HTML.IFrame.AK
Win32.Worm.Nimda.R
Final Status
file:///C:/ProgramData/BitDefender/Desktop/Profiles/Logs/deep_scan/1311920421...
Disinfect failed (object was not found) Disinfect failed (object was not found)
29/07/2011

[Hjc]

Same problem here.

Since a few days, Bitdefender detect two infections on my computers.
Impossible to delete / quarantine.

Can you help us ?

Thanks.


ps : here is a copy of the scan log.

<System>=>VirtMem Region Dump 0x3fa0000 + 7f000 [1676] (pgexec dump) Trojan.Clicker.HTML.IFrame.AK Échec de la désinfection (l'objet n'a pas été trouvé)
<System>=>VirtMem Region Dump 0x6320000 + 434000 [1676] (pgexec dump) Win32.Worm.Nimda.R Échec de la désinfection (l'objet n'a pas été trouvé)

[Cristi Raducu]

The problem is caused due to a conflict between BitDefender and Ad-aware.
More exactly Ad-aware loads a number of suspicios/infected links in the memory and BitDefender picks them up.
The fix for this is to remove Ad-aware.

[Benp]

The problem is caused due to a conflict between BitDefender and Ad-aware.
More exactly Ad-aware loads a number of suspicios/infected links in the memory and BitDefender picks them up.
The fix for this is to remove Ad-aware.

First of all: forgive my english. I'm not a native speaker!

I just saw that information on another site and I tried to fix the problem that way! I loaded Bitdefender and now everything seems to be ok!

Thank you.

[Cristi Raducu]

First of all: forgive my english. I'm not a native speaker!

I just saw that information on another site and I tried to fix the problem that way! I loaded Bitdefender and now everything seems to be ok!

Thank you.

I am glad to hear about this.
If the problem shows up again then please let me know. (IMG:style_emoticons/default/smile.gif)

[dachef4282]

I have the same issue with BitDefender showing Win32.Worm.Nimda.R. I am unable to delete or quarntine and I do not have Ad-Aware. What can I do to remove the worm?

[Cristi Raducu]

I have the same issue with BitDefender showing Win32.Worm.Nimda.R. I am unable to delete or quarntine and I do not have Ad-Aware. What can I do to remove the worm?

Please run a deep system scan and post here the scan log results.

[dbmaya]

Please run a deep system scan and post here the scan log results.

HI Cristi,

Im having the same problem here, im unable to remove/delete/quarentene: Win32.worm.nimda.r
I do not have Ad-Awareyou were discussing earlier with someone else before.

please help me.

my scan log result is the following:(please see below)


BitDefender Log File


Product: BitDefender Total Security 2011
Scanning task: Deep System Scan
Log date: August-04-11 10:49:10 PM
Log path: C:\ProgramData\BitDefender\Desktop\Profiles\Logs\dcf483c4-26d0-4e6f-ba28-6a53a00adae1\1312513099_1_03.xml

Scan paths:
Path : C:\

[-]Scan Results Summary
[-]Remaining issues:Object Path Threat Name Final Status
Process: VirtMem Region Dump 0x64b0000 + 432000 Win32.Worm.Nimda.R Infected

[+]Resolved issues:Object Path Threat Name Final Status
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@server.iad.liveperson[1].txt Cookie.Sialiv Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\Low\di@ru4[1].txt Cookie.Ru4 Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@ads.pointroll[1].txt Cookie.PointRoll Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@nhl.112.2o7[1].txt Cookie.2o7 Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@casalemedia[2].txt Cookie.Casalemedia Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@www.burstnet[2].txt Cookie.BurstNet Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\Low\di@network.realmedia[2].txt Cookie.RealMedia Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\Low\di@statcounter[2].txt Cookie.Statcounter Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\Low\di@trafficmp[2].txt Cookie.Trafficmp Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@apmebf[1].txt Cookie.Apmebf Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@r1-ads.ace.advertising[1].txt Cookie.Advertising Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@bs.serving-sys[1].txt Cookie.BS.Serving-Sys Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\Low\di@advertising[1].txt Cookie.Advertising Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\Low\di@doubleclick[2].txt Cookie.DoubleClick Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\Low\di@realmedia[2].txt Cookie.RealMedia Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@tribalfusion[3].txt Cookie.TribalFusion Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@burstnet[2].txt Cookie.BurstNet Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@pixel.rubiconproject[1].txt Cookie.Rub Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@sympatico[2].txt Cookie.Sympatico.CA Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\Low\di@apmebf[2].txt Cookie.Apmebf Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@mediaplex[2].txt Cookie.Mediaplex Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@tap.rubiconproject[1].txt Cookie.Rub Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@questionmarket[1].txt Cookie.QuestionMarket Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@www.webxtracking[2].txt Cookie.Tracking Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@tjx.112.2o7[1].txt Cookie.2o7 Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@advertising[1].txt Cookie.Advertising Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@advertising[3].txt Cookie.Advertising Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@doubleclick[2].txt Cookie.DoubleClick Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@pointroll[1].txt Cookie.PointRoll Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@realmedia[2].txt Cookie.RealMedia Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@msnportal.112.2o7[1].txt Cookie.2o7 Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@rubiconproject[2].txt Cookie.Rub Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@network-ca.247realmedia[1].txt Cookie.247RealMedia Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@searsca.122.2o7[1].txt Cookie.2o7 Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@zedo[1].txt Cookie.Zedo Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@tribalfusion[2].txt Cookie.TribalFusion Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@fastclick[1].txt Cookie.FastClick Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@pelmorexmedia.122.2o7[1].txt Cookie.2o7 Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@ads.networldmedia[1].txt Cookie.AJRotator Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\Low\di@rubiconproject[1].txt Cookie.Rub Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@service.sympatico[1].txt Cookie.Sympatico.CA Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@2o7[1].txt Cookie.2o7 Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@cisco.112.2o7[1].txt Cookie.2o7 Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@dominionenterprises.112.2o7[1].txt Cookie.2o7 Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@trafficmp[1].txt Cookie.Trafficmp Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@statcounter[1].txt Cookie.Statcounter Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@cbsdigitalmedia.112.2o7[1].txt Cookie.2o7 Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@statse.webtrendslive[2].txt Cookie.WebTrendsSt Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@247realmedia[2].txt Cookie.247RealMedia Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\Low\di@fastclick[2].txt Cookie.FastClick Deleted
Cookie: C:\Users\DI\AppData\Roaming\Microsoft\Windows\Cookies\di@smartadserver[2].txt Cookie.SmartAdServer Deleted

[-]Not scanned objects:Object Path Reason: Final Status
File: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat=>_TUProjDT.dat Password-protected Not scanned (file was password-protected)
File: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat=>IRIMG1.JPG Password-protected Not scanned (file was password-protected)
File: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat=>_TUProj.dat Password-protected Not scanned (file was password-protected)
File: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat=>DataSafe_Green.ico Password-protected Not scanned (file was password-protected)
File: C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.dat=>IRIMG1.BMP Password-protected Not scanned (file was password-protected)

[-]Detailed Scan Summary
[-]Basic
Scanned items: 343337
Infected items: 52
Suspect items: 0 (no suspected items have been detected)
Resolved items: 57
Unresolved items: 0

[Cristi Raducu]

Detections that start with Process: VirtMem Region Dump are all related to the below topic and the fix will enter today.

http://forum.bitdefender.com/index.php?showtopic=27953