Help - Search - Members - Calendar
Full Version: Eziriz' Net Reactor Dialog Boxes
Bitdefender Forum > English > Malware & Sample Submission > Malware Area
Bongo Joe
All of a sudden I am getting inundated with dialog boxes coming up with the message

"This assembly is protected by an unregistered version of Eziriz`s ".NET Reactor""

A look through Google doesn't seem to offer much information. Is his a virus or something? The only clue is that I have found is that it could be something to do with downloading; which I don't do.

Any ideas?
Cristi
.NET Reactor is a legitimate program.
Please check in Add/Remove programs (Programs and Features for Vista/7)if you have it installed.
Bongo Joe
Well, it may be a legitimate program but its actions aren't.

After looking around it seems to be that it's a .Net assembly and that someone has released an application using an unregistered version of Reactor.

The problem is that in this day and age one could have tens of dozens of .Net apps on one's machine and any one of these could have this unregistered version of this assembly distributed.

The problem is hat Reactor is shoving up HUNDREDS of dialog boxes and filling up Task Mangler with the same number of processes. The warning message isn't saying which .Net application is at fault. Rather it's acting like Malware with hundreds of dialog boxes popping up everywhere and is treating the end-user as the copyright criminal.

So, no. I disagree. BitDefender should be doing something to stop Reactor from creating applications with random process names and then allowing them to be fired them off. If this isn't malware then I don't know what is.

Cheers
BJ
Cristi
This is the behaviour of a buggy program and it should be solved by their developers.
Also this can happen to any ordinary program.
In this case you can either contact them for support on this matter or simply uninstall their application.
Bongo Joe
QUOTE (Cristi Raducu @ Feb 13 2011, 12:39 PM) *
This is the behaviour of a buggy program and it should be solved by their developers.
Also this can happen to any ordinary program.
In this case you can either contact them for support on this matter or simply uninstall their application.


Indeed. But, as I have said before; which application.

All that Reactor is telling me is that there is an unregistered verion of their assembly being used in a .Net application.

Which .Net application? Reactor doesn't tell me and I have dozens on my machine.

There are a number of issues here:

1. Someone distributed an application with an unregistered copy of Reactor.
2. Reactor reacts (sorry) by creating a process with a random .exe name which nags the unspecting end user.
3. BitDefender doesn't stop this at all.

Now the thing to do is to uninstall the offending.Net application. Yes, I would do. But which one? I have dozens on my machine as I expect that you have too. In fact, I don't know what applications I have here is written which with language/framework. Do you?

So saying that I ought to contact these mysterious 'them' doesn't help. What I want to know is how I can get Bit Defender to stop random processes being started.

Yes, the fault is with the .Net developer. But at the end of the day the Malware actions are clearly performed by Reactor and BitDefender won't stop this.

Cheers
BJ
Cristi
OK,to see exactly what happens in background please send me by PM a set of logs as described in this article + a set of screenshots with those pop-ups.

http://kb.bitdefender.com/site/article/490/

VERY IMPORTANT: you need to create the logs (especially the BDSI log) right after those pop-ups start to act.

Looking forward to your reply.
Bongo Joe
Okie Dokie. Will so shortly. First, Iwill need to re-install BitDefender as this issue doesn't seem to happen with Kaspersky except for one dialog box on start-up.

I can live with that rather than having to remove hundreds of dialog boxes. When I have an hour or two to mess about I will do this again with BD but as this is my development machine this isn't a good idea to have processes forking all over the place.

I was testing BitDefender 2009 and I hope to goodness that wasn't the culprit.

BJ
1dkd1dkd
QUOTE (Bongo Joe @ Feb 13 2011, 11:32 AM) *
Okie Dokie. Will so shortly. First, Iwill need to re-install BitDefender as this issue doesn't seem to happen with Kaspersky except for one dialog box on start-up.

I can live with that rather than having to remove hundreds of dialog boxes. When I have an hour or two to mess about I will do this again with BD but as this is my development machine this isn't a good idea to have processes forking all over the place.

I was testing BitDefender 2009 and I hope to goodness that wasn't the culprit.

BJ


Joe, I had the same problem and solved it. It has nothing to do with the real program ".NET Reactor". It is Bloodhound virus, a nuisance virus {low risk}. It can have many names...mine was in my windows directory and it was called windows.exe.

My Symantec virus scan found and removed it. The only thing I can't do at the moment is turn on my Windows Firewall, and until I re-installed my audio driver, my sound was muted and the volume control locked out.

Go to XXX for instructions on removal. All info is there.

Good luck.
John Petway
I can help.

1. Restart Computer in a Safe Mode
2. Go to Folder and Search Options under Organize
3. Click on View, then click on Show Hidden files, folders, and drives.
4. Uncheck all Hide
5. Close that and go to Windows folder.
6. Look for System32 folder.
7. Scroll down until you see Microsoft folder. You can open the folder if you like just to see what it is. You see window.exe (that is the Eziriz's .NET Reactor). Trust me you'll thank me later!
8. Go back to Microsoft Folder and delete folder.
9. Restart your computer.
10. That's it. No more pop up Eziriz's .NET Reactor.

Don't forget to email me at petway_john@live.com to say thank you.
barrynel

what is the name of the folder in line 2
that you posted to search for?
Christian
Hello smile.gif

This is an old topic, for new discussions please open a new one.

Thank you!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2014 Invision Power Services, Inc.