Help - Search - Members - Calendar
Full Version: Gen:trojan.heur.vp.gem3@auuvmgpi
Bitdefender Forum > English > Malware & Sample Submission > Malware Area
luigie
HiI have the Trojan.Heur on my computer.
Whenever it comes up Bitdefender has isolated it but cannot disenfect, delete or quarantee the trojan.
How can I get rid of it?
By the way the Trojan comes up with different names. The only part that never seems to change is:
Trojan.Heur.......
Please help. I have a scrn print of the Trojan see upload below.
Luigie
luigie
Hi
I have another scrn print of the Trojan using another name but I can't upload it.
It is on word.
Cristi
Hi there Luigie,

Please provide me with the following information for a clear view of the situation.

1. the number of virus signatures in your BitDefender
2. are you running with any other security programs besides BitDefender ?
3. your operating system
4. did you run any scans after seeing those pop-ups and what were the results?
5. when exactly do you receive those pop-ups,time intervals etc do you do anything in special to trigger them?
luigie
QUOTE (Cristi Raducu @ Oct 4 2010, 08:48 PM) *
Hi there Luigie,

Please provide me with the following information for a clear view of the situation.

1. the number of virus signatures in your BitDefender
2. are you running with any other security programs besides BitDefender ?
3. your operating system
4. did you run any scans after seeing those pop-ups and what were the results?
5. when exactly do you receive those pop-ups,time intervals etc do you do anything in special to trigger them?

1. I don't know what you mean by "number of virus signatures in your BitDefender."
2. Just windows.
3. Windows 7
4. I have run many scans "Bit Defender Total Security", including deep system scan and it finds nothing.
5. The bitdefender pop up occurs randomly all the time (as per upload above). It always pops up with my Friends Provident Link system.
Best regards
Luigie
luigie
Hi
I'm just trying to upload another Trojan scrn print. It would not allow me to upload a word file so this time I'm going to try a PDF file. rolleyes.gif
It worked. unsure.gif
Luigie
luigie
QUOTE (luigie @ Oct 4 2010, 10:29 PM) *
Hi
I'm just trying to upload another Trojan scrn print. It would not allow me to upload a word file so this time I'm going to try a PDF file. rolleyes.gif
It worked. unsure.gif
Luigie

ooops here I have another scrn print of the Trojan. Please help.
Best regards
Luigie
Cristi
To find out the virus signatures number you need to open your BitDefender and switch to expert mode.
From the left menu go to Update and you will see it there.

If the pop-ups occur only when you're running that application then please send me by PM (if possible) a sample of the main executable for Friends Provident.
You will find it in the installation folder of this program,likely in C:\Program Files
luigie
QUOTE (Cristi Raducu @ Oct 5 2010, 11:03 PM) *
To find out the virus signatures number you need to open your BitDefender and switch to expert mode.
From the left menu go to Update and you will see it there.

If the pop-ups occur only when you're running that application then please send me by PM (if possible) a sample of the main executable for Friends Provident.
You will find it in the installation folder of this program,likely in C:\Program Files

Hi Cristi
Thanks!
Virus signatures = 626008
Pop ups occur on many applications. Sometimes on no application at all. It pops up sometimes when on desk top screen.
It always pops up when running Friends Provident Link system (that is where I first noted it).
What do you mean by "a sample of the main executable for Friends Provident?
Please help as it is getting worse.
Best regards
Llew
Cristi
Try to create a set of logs as described in this article and send them to me by PM.

http://www.bitdefender.com/KB490-en--The-s...s-infected.html

If you encounter problems attaching the logs you can upload them on a server such as www.sendspace.com and send only the download links.
luigie
QUOTE (Cristi Raducu @ Oct 5 2010, 11:44 PM) *
Try to create a set of logs as described in this article and send them to me by PM.

http://www.bitdefender.com/KB490-en--The-s...s-infected.html

If you encounter problems attaching the logs you can upload them on a server such as www.sendspace.com and send only the download links.

Hi Cristi
Not sure if I've uploaded the correct files.
luigie
Cristi
The GMER log is correctly made but the BDSI log is just a simple text file.
The BDSI log is automatically created on your desktop having the name: bd_sys_log.xml.zip
luigie
QUOTE (Cristi Raducu @ Oct 6 2010, 01:06 AM) *
The GMER log is correctly made but the BDSI log is just a simple text file.
The BDSI log is automatically created on your desktop having the name: bd_sys_log.xml.zip

Hi
I've found bd_sys_log.xml.zip but I get a message from the forum "Upload failed. You are not permitted to upload this type of file"
When I try to open the file it asks for a password.
What do I do now?
Best regards
Llew
Cristi
I mentioned above:

"If you encounter problems attaching the logs you can upload them on a server such as www.sendspace.com and send only the download links."
luigie
QUOTE (Cristi Raducu @ Oct 6 2010, 11:52 AM) *
I mentioned above:

"If you encounter problems attaching the logs you can upload them on a server such as www.sendspace.com and send only the download links."

Hmmm first time I ever did this rolleyes.gif
Download Link in HTML (for use in web sites, myspace, blogs, etc):
<a href='http://www.sendspace.com/file/2ziloi'>http://www.sendspace.com/file/2ziloi</a>
Download Link in Forum code (for use in phpBB, vBulletin, etc):
http://www.sendspace.com/file/2ziloi

Please let me know if that's how it works. wacko.gif
Best regards
luigie
Cristi
The sent logs are clean,we suspect a false detection on Friends Provident
If you close Friends Provident do you still receive pop-ups?
Please send me by PM if possible all exe files from this folder D:\Program Files\FPI\LinkPlus\ and any file of type: TMP0000 from D:\Windows\Temp if they are still present.
luigie
QUOTE (Cristi Raducu @ Oct 7 2010, 12:23 AM) *
The sent logs are clean,we suspect a false detection on Friends Provident
If you close Friends Provident do you still receive pop-ups?
Please send me by PM if possible all exe files from this folder D:\Program Files\FPI\LinkPlus\ and any file of type: TMP0000 from D:\Windows\Temp if they are still present.

Hi I receive the pop ups all the time (sometimes 20 or 30 times in a day). I only open Friends Provident max once a week.
The only .exe I could find in Friends Provident is this one:
Download Link in HTML (for use in web sites, myspace, blogs, etc):
<a href='http://www.sendspace.com/file/n611kc'>http://www.sendspace.com/file/n611kc</a>
Download Link in Forum code (for use in phpBB, vBulletin, etc):
http://www.sendspace.com/file/n611kc

I have a lot of file in D:\Windows\Temp\TMP0000 which ones must I look out for. Most have 0 bytes as file size.
By the way, which time zone are you in, we seem to be in different parts of the world. rolleyes.gif
Best regards
luigie
luigie
QUOTE (luigie @ Oct 7 2010, 12:39 PM) *
Hi I receive the pop ups all the time (sometimes 20 or 30 times in a day). I only open Friends Provident max once a week.
The only .exe I could find in Friends Provident is this one:
Download Link in HTML (for use in web sites, myspace, blogs, etc):
<a href='http://www.sendspace.com/file/n611kc'>http://www.sendspace.com/file/n611kc</a>
Download Link in Forum code (for use in phpBB, vBulletin, etc):
http://www.sendspace.com/file/n611kc

I have a lot of file in D:\Windows\Temp\TMP0000 which ones must I look out for. Most have 0 bytes as file size.
By the way, which time zone are you in, we seem to be in different parts of the world. rolleyes.gif
Best regards
luigie

Hi Sorry I misled you on the TMP files. I was looking at the tmp files and not the TMP files.
I have 7 TMP files and have uploaded 3 then four as below:
You have successfully uploaded 3 files to sendspace.com
File 1:
File Name: TMP0000053617658FFAEBCCF87F
File Size: 512 KB
Download Link: http://www.sendspace.com/file/y0vu61
Delete File Link: http://www.sendspace.com/delete/y0vu61/8de...ba78eeeb3499882

File 2:
File Name: TMP0000106792FCECFBE22177EA
File Size: 512 KB
Download Link: http://www.sendspace.com/file/ta8fpn
Delete File Link: http://www.sendspace.com/delete/ta8fpn/3f3...9be8209729f9908

File 3:
File Name: TMP00000023081B1B09F9875428
File Size: 512 KB
Download Link: http://www.sendspace.com/file/qmoql2
Delete File Link: http://www.sendspace.com/delete/qmoql2/49a...02b05b59697e20f

You have successfully uploaded 4 files to sendspace.com
File 1:
File Name: TMP000010664E0670D33297F143
File Size: 512 KB
Download Link: http://www.sendspace.com/file/vrm0kd
Delete File Link: http://www.sendspace.com/delete/vrm0kd/28f...3e190bbcf8a1b61

File 2:
File Name: TMP000001924D24E5172302F9B1
File Size: 512 KB
Download Link: http://www.sendspace.com/file/130grp
Delete File Link: http://www.sendspace.com/delete/130grp/364...6d6a0a7fe0b4e18

File 3:
File Name: TMP0000060AEA0E676A2BF2F901
File Size: 512 KB
Download Link: http://www.sendspace.com/file/0uhlfy
Delete File Link: http://www.sendspace.com/delete/0uhlfy/a0f...e011e5399edf03a

File 4:
File Name: TMP0000019AA1C00EBE32EF3940
File Size: 512 KB
Download Link: http://www.sendspace.com/file/pnl7za
Delete File Link: http://www.sendspace.com/delete/pnl7za/2d3...6d615f5df94d915

Please let me know if you need any more info.
Best regards
luigie
Cristi
The sent files are clean.
To get the files blocked by BitDefender you need to set up the antivirus to move the files to quarantine instead of blocking them.
For this you need to open BitDefender in expert mode,go to Antivirus ->Custom Level and under: Action to take when an infected file is found change it from Deny access to Move to quarantine.

Next you need to look under the Quarantine tab to see if the detected items are moved to quarantine and from there you can send them to us.
luigie
QUOTE (Cristi Raducu @ Oct 9 2010, 06:47 PM) *
The sent files are clean.
To get the files blocked by BitDefender you need to set up the antivirus to move the files to quarantine instead of blocking them.
For this you need to open BitDefender in expert mode,go to Antivirus ->Custom Level and under: Action to take when an infected file is found change it from Deny access to Move to quarantine.

Next you need to look under the Quarantine tab to see if the detected items are moved to quarantine and from there you can send them to us.

Hi Cristi
I've tried your above recommendation to no avail. I still have the Trojan and the BitDefender notification hasn't changed. It is popping up about 30 or 40 times a day.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.