Welcome Guest ( Log In | Register )

 
Reply to this topicStart new topic
> Gen:variant.kazy
shaw
post Nov 17 2011, 01:51 AM
Post #1


Newbie


Group: Members
Posts: 6
Joined: 13-October 10
Member No.: 37,887



Please help! Bitdefender has been reporting multiple files infected with Gen:Variant.Kazy virus, spyware, malware or whatever it is the last few days. BitDefender (Interent Security 2010) can't delete or quarantine them. I've deleted a couple of files (I'm now getting an errors from whatever's looking for one of the files). Should I have?? Could these be false positives? I've spent hours on this. Now every time I run the Virus Scanner Bitdefender ends with a Critical Error after detecting the first Kazy infection (so no clue how many I have!) and goes dark with "servers not responding" and I have to keep rebooting. Could these be false positives or is my PC just hosed! I'm afraid to do anything on my computer. Even going on this forum makes me nervous. I submitted similar info yesterday on the BitDefender "contact customer care" (opens an email ticket??) but have not heard anything back yet. Please help!!!

(I have screen shots but can't get them to upload)

Go to the top of the page
 
+Quote Post
Christian
post Nov 18 2011, 07:28 PM
Post #2


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello

In order to be able to assist you please run a Deep System Scan task with Bitdefender and send us the resulting scan report.

[how to GENERATE A DEEP SYSTEM SCAN LOG]

- Before running the scan please make sure that you have the latest virus definitions downloaded via the Update module: open Bitdefender and click the "Settings" button in the upper right side of the interface; Switch UI to "Novice Mode"; Click "OK"; Choose the "Update Now" task;
- After the update process completes successfully you can proceed to running the scan task: select the "Scan Now" task;
- When the scan ends, click the "View Log" button at the bottom right of the scan window; A browser window will open displaying the scan report; Save this file on a location of your choice and then attach it in your next reply.

NOTE! If you already ran a scan task you can send us your latest report instead.

[how to RETRIEVE THE LATEST DEEP SYSTEM SCAN LOG]
- Open Bitdefender and click the "View Logs" link on the lower right; Click the "Antivirus" tab on the left;
- In the "On-demand tasks" list (the one on the bottom) look for the latest (closest to the top) entry that reads "Deep System Scan" under the "Task Name" column and "Scan Finished" under the "Action name"; Double-click this entry and click the "View Scan Log" button at the bottom of the window that just popped up; A browser window will open displaying the scan report; Save this file on a location of your choice and then attach it in your next reply.

We recommend using the new Bitdefender QUICKSCAN for an extra layer of protection;

[how to USE THE BITDEFENDER QUICKSCAN]
Bitdefender QuickScan is an online scanning tool that uses a new technology to combine intelligent local scanning and in-the-cloud scanning which detects e-threats in memory quickly.

- Using your favorite web browser visit: http://quickscan.bitdefender.com/ and install the required ActiveX/Plugin when prompted;
NOTE! A detailed installation and compatibility guide can always be found at:
http://forum.malwarecity.com/index.php?showtopic=23
- click on "Start" and read the END USER SOFTWARE LICENSE AGREEMENT carefully; Select the "Accept" button to use the QuickScan tool or "Exit" if you do not agree with the terms and conditions;
- Allow the scanning process a few moments to complete;
- When the scan is over click on "Report" in order to open the log in the default text editor; Save the log to a location of your choice (e.g. Desktop) and then attach it in your next reply.

Thank you.
Go to the top of the page
 
+Quote Post
shaw
post Nov 19 2011, 11:32 PM
Post #3


Newbie


Group: Members
Posts: 6
Joined: 13-October 10
Member No.: 37,887



QUOTE (Cristi B. @ Nov 18 2011, 12:28 PM) *
Hello

In order to be able to assist you please run a Deep System Scan task with Bitdefender and send us the resulting scan report.

[how to GENERATE A DEEP SYSTEM SCAN LOG]

- Before running the scan please make sure that you have the latest virus definitions downloaded via the Update module: open Bitdefender and click the "Settings" button in the upper right side of the interface; Switch UI to "Novice Mode"; Click "OK"; Choose the "Update Now" task;
- After the update process completes successfully you can proceed to running the scan task: select the "Scan Now" task;
- When the scan ends, click the "View Log" button at the bottom right of the scan window; A browser window will open displaying the scan report; Save this file on a location of your choice and then attach it in your next reply.

NOTE! If you already ran a scan task you can send us your latest report instead.

[how to RETRIEVE THE LATEST DEEP SYSTEM SCAN LOG]
- Open Bitdefender and click the "View Logs" link on the lower right; Click the "Antivirus" tab on the left;
- In the "On-demand tasks" list (the one on the bottom) look for the latest (closest to the top) entry that reads "Deep System Scan" under the "Task Name" column and "Scan Finished" under the "Action name"; Double-click this entry and click the "View Scan Log" button at the bottom of the window that just popped up; A browser window will open displaying the scan report; Save this file on a location of your choice and then attach it in your next reply.

We recommend using the new Bitdefender QUICKSCAN for an extra layer of protection;

[how to USE THE BITDEFENDER QUICKSCAN]
Bitdefender QuickScan is an online scanning tool that uses a new technology to combine intelligent local scanning and in-the-cloud scanning which detects e-threats in memory quickly.

- Using your favorite web browser visit: http://quickscan.bitdefender.com/ and install the required ActiveX/Plugin when prompted;
NOTE! A detailed installation and compatibility guide can always be found at:
http://forum.malwarecity.com/index.php?showtopic=23
- click on "Start" and read the END USER SOFTWARE LICENSE AGREEMENT carefully; Select the "Accept" button to use the QuickScan tool or "Exit" if you do not agree with the terms and conditions;
- Allow the scanning process a few moments to complete;
- When the scan is over click on "Report" in order to open the log in the default text editor; Save the log to a location of your choice (e.g. Desktop) and then attach it in your next reply.

Thank you.



Thanks so much for you reply!!! Here are the logs you requested.
Attached File(s)
Attached File  Report_2011_11_19_16.19.50.txt ( 24.8K ) Number of downloads: 18
Attached File  1321415563_1_02.xml ( 3.22K ) Number of downloads: 17
 
Go to the top of the page
 
+Quote Post
Christian
post Nov 20 2011, 11:26 AM
Post #4


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hello

In the current situation, you need to manually delete that file from your machine.

That DLL file is injected in Internet Explorer and Windows Explorer. Bitdefender can't clean it up because those processes are in use.

Please follow the steps from below:

1. Disable the REAL-TIME PROTECTION on Bitdefender 2010.

[how to DISABLE THE REAL-TIME PROTECTION on Bitdefender 2010]
In order to disable the real-time protection please open Bitdefender, click the "Settings" button in the upper right side of the interface, Switch UI to "Advanced Mode", Click "OK"; Go to "Antivirus" > "Shield" and click on "Real-time protection is enabled", select the time interval that suites your troubleshooting needs and click "OK" (the message will change to "Real-time protection is disabled"). The real-time protection should be enabled after performing the troubleshooting procedure.

2. Browse to this location:

CODE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\


and delete this file:

CODE
WINDOWSMANAGERONLINE.DLL


Note: use the Shift+Delete command to actually delete that file without send it to Recycle Bin.

Note: that file could be hidden. Use the link below to display hidden files and folders:

http://www.bleepingcomputer.com/tutorials/...-windows/#winxp

QUOTE
Windows XP

In Windows Explorer, choose Tools > Folder Options.
Click the View tab in the Folder Options dialog box.
In Advanced Settings, select Show Hidden Files And Folders.
Deselect Hide Extensions For Known File Types.
Click OK.


3. Activate the REAL-TIME PROTECTION on Bitdefender 2010

As the new Bitdefender 2012 product suite was released, we would like to inform you that you benefit from a FREE upgrade to the latest version.
Apart from the fact that the 2012 suite brings lots of new features and improvements, it will most likely solve any issues that you may have encountered with your previous Bitdefender product.

http://forum.bitdefender.com/index.php?act...f=226&id=42

Thank you.
Go to the top of the page
 
+Quote Post
shaw
post Nov 21 2011, 02:09 AM
Post #5


Newbie


Group: Members
Posts: 6
Joined: 13-October 10
Member No.: 37,887



QUOTE (Cristi B. @ Nov 20 2011, 04:26 AM) *
Hello

In the current situation, you need to manually delete that file from your machine.

That DLL file is injected in Internet Explorer and Windows Explorer. Bitdefender can't clean it up because those processes are in use.

Please follow the steps from below:

1. Disable the REAL-TIME PROTECTION on Bitdefender 2010.

[how to DISABLE THE REAL-TIME PROTECTION on Bitdefender 2010]
In order to disable the real-time protection please open Bitdefender, click the "Settings" button in the upper right side of the interface, Switch UI to "Advanced Mode", Click "OK"; Go to "Antivirus" > "Shield" and click on "Real-time protection is enabled", select the time interval that suites your troubleshooting needs and click "OK" (the message will change to "Real-time protection is disabled"). The real-time protection should be enabled after performing the troubleshooting procedure.

2. Browse to this location:

CODE
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\


and delete this file:

CODE
WINDOWSMANAGERONLINE.DLL


Note: use the Shift+Delete command to actually delete that file without send it to Recycle Bin.

Note: that file could be hidden. Use the link below to display hidden files and folders:

http://www.bleepingcomputer.com/tutorials/...-windows/#winxp



3. Activate the REAL-TIME PROTECTION on Bitdefender 2010

As the new Bitdefender 2012 product suite was released, we would like to inform you that you benefit from a FREE upgrade to the latest version.
Apart from the fact that the 2012 suite brings lots of new features and improvements, it will most likely solve any issues that you may have encountered with your previous Bitdefender product.

http://forum.bitdefender.com/index.php?act...f=226&id=42

Thank you.


I had already tried manually deleting the file just as I deleted the other 3 files that were infected. I even tried in safe mode. I still attempted to follow your instructions but I can't delete the file because it is in use. Since you stated that it's used by Internet Explorer and Explorer, I closed both of these applications and attempted to delete in a command prompt but get "access denied". Also note that I was unable to follow your instructions for disabling real time protection. When clicking on settings, my UI is set to Expert (Advance mode is not an option) and I can only uncheck the Enable box next to Antivirus (which I did before the delete attempt). If I do successfully delete this file, how will this affect the operation of my PC? I'm already getting an error message every time I boot up because of one of the previous files I had to delete (Applicationhistoryup.dll). Any other suggestions?
Go to the top of the page
 
+Quote Post
shaw
post Nov 21 2011, 02:39 AM
Post #6


Newbie


Group: Members
Posts: 6
Joined: 13-October 10
Member No.: 37,887



UPDATE -

After sending my last response I opened Windows Task Manager and began ending processes. It wasn't pretty (lost my taskbar) but somehow I managed to delete this file by continually ending processes and running the delete command from my command prompt. I rebooted and now get an error message on this file but glad to see that IE and Windows Explorer still work! I ran BitDefenders QuickScan and it says I'm no longer infected. WooHoo!!

Any suggestion on where to get clean files to replace the ones that I've had to delete or is that beyond your area of expertise? Also, can you tell me what this Gen:Variant.Kazy does? Should I be concerned about passwords or anything like that?

One other question. Why doesn't BitDefender notify it's customers that they can upgrade for free? I've gotten emails advertising sales but was not aware this upgrade was free for me. I'm guessing had I upgraded, I could have avoided this mess altogether?? I plan to download the upgrade right after adding this reply!

Thanks!!
Go to the top of the page
 
+Quote Post
Christian
post Nov 21 2011, 03:45 PM
Post #7


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hi

That's great news.

Gen:Variant.Kazy is a generic detection for Vundo

http://en.wikipedia.org/wiki/Vundo

You don't have to replace the files because they were created by the trojan.

You should change your passwords now that your machine is clean. I'm talking here especially about the ones from your email accounts.

As you can see from this KB article, all customers can upgrade to 2012:

http://www.bitdefender.com/support/How-to-...r-2012-711.html

We do not provide automatic upgrade to the latest version because some customers don't have the system requirements for this version.

Thank you.

Go to the top of the page
 
+Quote Post
shaw
post Nov 22 2011, 12:25 AM
Post #8


Newbie


Group: Members
Posts: 6
Joined: 13-October 10
Member No.: 37,887



QUOTE (Cristi B. @ Nov 21 2011, 08:45 AM) *
Hi

That's great news.

Gen:Variant.Kazy is a generic detection for Vundo

http://en.wikipedia.org/wiki/Vundo

You don't have to replace the files because they were created by the trojan.

You should change your passwords now that your machine is clean. I'm talking here especially about the ones from your email accounts.

As you can see from this KB article, all customers can upgrade to 2012:

http://www.bitdefender.com/support/How-to-...r-2012-711.html

We do not provide automatic upgrade to the latest version because some customers don't have the system requirements for this version.

Thank you.


That makes sense, I'm no longer getting error messages on the files I deleted. This was a very frustrating experience but after reading about Vundo, guess I should feel lucky it wasn't much worse! I've now upgraded to BitDefender Internet Security 2012 which I think I'm going to like, especially the Quick Scan feature. Thanks so much for your help!!
Go to the top of the page
 
+Quote Post
Christian
post Nov 28 2011, 05:38 PM
Post #9


Bitdefender Support
******

Group: Root Admin
Posts: 13,998
Joined: 27-January 08
From: BitDefender HQ
Member No.: 9,374



Hi

Thank you very much for your feedback.

Should you require any assistance, don't hesitate to contact us.

Have a great week.
Go to the top of the page
 
+Quote Post
dawman
post Feb 12 2014, 02:55 PM
Post #10


Newbie


Group: Members
Posts: 5
Joined: 5-February 13
Member No.: 129,506



Hi,

Although this thread is quite old now, I hope I can get an update here. I am running Vista Home SP2, with BD Antivirus Plus 2013

I just tried to run Windows Update. The Updates were mostly for security, but several failed to install. When Update had finshed, BD alerted me to three infected files, all critical. BD says they are Gen:Variant.Kazy.336192 and that they cannot be cleaned by BD.

I have read all the posts in this thread, but I cannot:-

1) Find Disable Real-Time Protection in BD 2013

2) Open Documents and Settings, as it it restricts me

I must say I find it surprising there is not more up to date info from BD about this topic. Particularly frustrating is the GET HELP button in virus reporting window - it does absolutely nothing when clicked!

And by the way, there is a program advertised on the web called Spyhunter which says it will get rid of Kazy. I have not gone near it as I don't trust it, but it would be good if BD could do the job instead.

Your help would be most appreciated.

Regards, Dave

This post has been edited by dawman: Feb 12 2014, 02:57 PM
Go to the top of the page
 
+Quote Post

Reply to this topicStart new topic
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:

 



RSS Lo-Fi Version Time is now: 29th August 2014 - 04:12 PM