• Announcements

    • cpucean

      Bitdefender Business Support Forum Rules - Read carefully before posting   09/13/2016

      Bitdefender Business Support Forum Rules (PLEASE READ BEFORE POSTING) In order to post to the Official Bitdefender Support Forums, you will need to register using a valid email address, and following the instructions to validate your membership. If you like to register, click here. GENERAL RULES Understand that once you have registered as a new user, you consequently agree with ALL THE FORUM RULES written below. These rules were designed to ensure you get the most from interacting with other users in a pleasant and constructive manner and to prevent any sort of abuse. 1. First and foremost, this is a support forum for Bitdefender. Do NOT post comparative tests for security software for they are unrelated to the main character of the forum. Also, the support process can take many forms: a troubleshooting routine is meant to locate the cause of the issue not offer a permanent solution –do NOT post replies in the form of "I need a fix now" instead of the information requested for without locating the cause there isn't any way to implement a fix. 2. Once an official position has been posted concerning a bug in Bitdefender and the ETA for the fix, the topic will be closed down. Do not ask for the topic to be reopened unless you still have the bug after the update targeted to handle this issue. 3. Users that have reached a 50% warn level will have their posts subjected to moderator approval and if they continue to ignore forum rules their account will be banned. 4. Users are not allowed to use clones(using more than one account by a single person). Breaking this rule will lead to a permanent IP ban. 5. Users are not allowed to use anonymous proxy. Breaking this rule will first result in a warning, followed by subjecting the user's posts to moderator approval/banning of the account. 6. When reporting an issue concerning Bitdefender make sure to offer the following basic information: - name and version of your Bitdefender product; - name and version of your Operating System; - the complete error message (if any) that you receive and, if possible, attach a screenshot with it; - name of other security solutions that you are running; - when asking questions about (un)detected files (false alarms, or files that you suspect to be infected, but aren't detected), please attach a complete Bitdefender scan log. Be sure to keep Bitdefender fully updated so the log contains accurate info – on the support forum we only accept the posting of scan logs, for sample submission of false positive/false negative samples please upload them onto a web based platform where we can retrieve and analyze them. 7. Topics related to the lack of response from the support department need to be backed up by as much information as possible concerning the issue that you have been facing. When you send an e-mail to support a Ticket ID will automatically be created - make sure to mention it in the forum post for it will speed up the entire process. 8. Moderators do NOT offer support by PM. Do not send personal messages to moderators unless they expressly request it from your side/ you wish to have a closed topic re-opened/ you wish to report a forum member or topic for abusive language or spam/ you are unsure as to posting a possible solution and you wish to consult with a moderator first. All users are treated as equal on this forum and by sending a PM to a moderator you will not be entitled to faster support. In case of rule violation reports, you can also use the built-in Report button to announce all moderators that there's a topic/post/user that violated the posting rules. Please do NOT use this function to ask for help, or announce the moderating team that you need urgent support! As said, all issues are handled as fast as possible, and none has priority over another. 9. Any form of aggressive language, directed at other forum members or at the Bitdefender Moderating Team or staff is completely forbidden. Continuous attacks will result in an account suspension or BAN. Also, any form of explicit, antisemitic or racial language, or social attacks (by images, text, PMs, signature, or any other form of communication on Bitdefender forum) will NOT be tolerated and will result in an immediately account BAN. Take into consideration that this forum a public place. Treat everyone else just like you want to be treated. 10. Users are not allowed to open polls on the Bitdefender Support Forum. The only members that are allowed to open polls are the moderators. FORUM SIGNATURES, AVATARS AND DISPLAY NAMES The signature is optional on the forum, and should be a personal message of the user that chooses it. Moderators are obliged to include a link for the Bitdefender Forum Rules in their signature. Users will only be allowed to display a custom signature after having completed 15 posts on the forum. The following will NOT be tolerated: 1. Any type of explicit reference to the brand name and symbols of other security solutions available on the international market today, except Bitdefender. This is a support forum dedicated only to Bitdefender and advertising competitor products will lead to editing out the advertisement and a 20% increase in the warn level. 2. The use of images higher than 300 pixels width and/or 100 pixels height. 3. The use of images or text containing the words "Moderator", "Administrator" or "Admin" in the signatures. These will only confuse other users. 4. The use of images taken from other users of this forum. Please use unique avatars. 5. Use of signatures pointing to external links,they will be removed without any notice. WARNINGS Those who repeatedly violate these rules will receive a warn/suspend/ban. POSTING RULES 1. Topic titles must be as concise as possible, and starting posts must provide relevant information on the issues included, to ensure a fast and precise response from those who are willing to help. For example: avoid titles such as "Heeeeeelp!" but instead write "Question about the Bitdefender Antivirus". The last title has a lot more chances of receiving fast responses. Also, topic titles such as "Program X ######! " together with the lack of any constructive arguments will not be tolerated, the topic will be deleted and the user will receive a 20% warning. 2. Post new topics in the correct sections. The forum is structured by Product type (Home/Office or Business protection) and by product version (2008, 2009, 2010 or older versions). If you post the question in the correct section, you have a higher chance of getting a correct answer for your problems. 3. Bumps/Topic advertisements or any other attempts to make a topic more visible without adding any new or relevant information will NOT be tolerated and the post will be DELETED. 4. When posting a reply on a topic try to keep the suggestion within a relevant range – for example, when there is a post concerning an error message in Bitdefender 2009 do not recommend downgrading to Bitdefender 2008 for this suggestion does not address the original issue. Multiple posting of this type will lead to an increase of the warn level with 20%. 5. Off-topic replies (those that have nothing to do with the topic) will be deleted, and users will also receive a written warning . Repeated posting of off-topic replies will lead to an increase in the warn level with 10%. 6. Keep text color, fonts and letter casing within a normal and pleasant range - any post that contains only upper case text will automatically be subjected to editing, the same applies to posts containing characters larger than size 20. 7. Before opening a new topic, we strongly suggest that you use the SEARCH button, to be sure that the problem was not already discussed. In case you start a new topic with an issue that was already discussed, the new topic will be closed down, redirected and merged into the initial one. 8. Do not ask the same thing on more sections of the forum. Do not post the same topic more than once. Twin topics will be removed and redirected to the original one in order to avoid confusion. 9. Do NOT request/post warez software, cracks, serial numbers or any other actions which involve software piracy. Topics and replies related to cracking security software, advice on breaching security systems, cracking security protocols, flood attacks or posts that promote cracking or Internet attacks in any way will be deleted at once and the users that posted them will have their accounts suspended at once. Also, no support will be offered for users that are using a cracked version of BitDefender on their systems. 10. Please avoid topic titles such as "URGENT" since all cases are treated as soon as possible. 11. Be patient – there are a lot of issues on the forum and we are doing the best we can to answer them all. Therefore, you may receive your answer immediately, but it may also take several days just as well. 12. We do not allow people to post threads that advertise or solicit any products, services, funds or donations – all topics of this type will be automatically DELETED . Explicit advertising is also prohibited. FORUM RULES ARE SUBJECTED TO CONTINUOUS MODERATION AND CAN BE CHANGED AT ANY GIVEN TIME WITHOUT PRIOR NOTIFICATION. ANY TOPIC DEBATING FORUM RULES WILL BE CLOSED DOWN AND AUTOMATICALLY DELETED FOR THESE RULES ARE NOT SUBJECTED TO DEBATE. Bitdefender Business Support Forum Team
    • Aurelian Neagu

      Malware Area Rules   09/14/2016

      Here you have a number of rules for this malware subforum.   Please read them carefully before posting:   1. Any user posting here is automatically assumed to have agreed with the Forum Rules.   2. This area is dedicated to those having problems cleaning the system or simply suspecting an infection.
      Also, those who post here are supposed to be BitDefender users (either home-use products or scan online services).
      If this condition is not met, we reserve the right to refuse support.   3. It is forbidden to attach any suspicious files, infected or potentially dangerous (Viruses, Trojans, Spyware, False Detections or potentially dangerous links).   4. It is forbidden to refer to other security solutions for system disinfection.It is also forbidden posting comparative tests between BitDefender and other security products.   5. When opening a new topic, give as many details about the problem as you can along with a recent scan report and screenshots (if necessary).   6. It is recommended for the scan report to be copied in the topic (not attached) so everyone can see it.   7. Removal instructions will be offered only by persons approved (forum moderators for example) or having knowledge about viruses and how to remove them.   8. Users that provide misleading information will be sanctioned.   9. Topics not covered in this format will be deleted or moved.

      10. If you have a False Positive or a False Negative to report please use our Submit Form   Thank you.
kevinconklin

Bit Defender Can't Delete Files "infected (no Action Was Possible, File Was In An Archive)"

30 posts in this topic

hi i just got bit defender 2009 and i did a system scan and 7 files were not able to be deleted and it says "Infected (no action was possible, file was in an archive)"

all the files were in my backup here is a peice of the log file.

please tell me how to get rid of them if bit defender won't!! ^_^

Remaining issues:Object Name Threat Name Final Status

C:\My Backup -- 23-04-06 1129\Documents and Settings\Michelle Conklin\Local Settings\Temp\WinFixer2006FreeSetup.exe=](Instyler o)=](Instyler Module 14) Adware.Errorsafe.E Infected (no action was possible, file was in an archive)

C:\My Backup -- 23-04-06 1129\Documents and Settings\Michelle Conklin\Local Settings\Temp\WinFixer2006FreeSetup.exe=](Instyler o)=](Instyler Module 1) Adware.Errorsafe.K Infected (no action was possible, file was in an archive)

C:\My Backup -- 23-04-06 1129\Documents and Settings\Michelle Conklin\Local Settings\Temp\WinFixer2006FreeSetup.exe=](Instyler o)=](Instyler Module 12) Adware.Winantispyware.A Infected (no action was possible, file was in an archive)

C:\My Backup -- 23-04-06 1129\Documents and Settings\Michelle Conklin\Local Settings\Temp\WinFixer2006FreeSetup.exe=](Instyler o)=](Instyler Module 0) Application.Generic.23289 Infected (no action was possible, file was in an archive)

C:\My Backup -- 23-04-06 1129\Documents and Settings\Michelle Conklin\Local Settings\Temp\WinFixer2006FreeSetup.exe=](Instyler o)=](Instyler Module 2) Application.Generic.24131 Infected (no action was possible, file was in an archive)

C:\My Backup -- 23-04-06 1129\Documents and Settings\Michelle Conklin\Local Settings\Temp\WinFixer2006FreeSetup.exe=](Instyler o)=](Instyler Module 3) Application.Generic.24133 Infected (no action was possible, file was in an archive)

C:\My Backup -- 20-05-08 2058\Documents and Settings\kev\Local Settings\Temp\Temporary Directory 1 for runescape scottocs bittorrent downloader.zip\BitDownload Setup.exe=](NSIS o)=]lzma_solid_nsis0006 Trojan.Swizzor.1 Infected (no action was possible, file was in an archive)

Share this post


Link to post
Share on other sites

Hello kevinconklin,

I'm deeply sorry for the late reply. I didn't notice this thread when it was created. I only found it now.

Maybe you already solved your problem, but still I want to reply to your question, for future reference.

BitDefender can unpack many archived/packed formats, so archived threats can be detected. However, BitDefender has limited capabilities of cleaning up archived files (ZIP files, for instance, can be cleaned, but RAR files cannot).

This happens because most of the archiving/packing systems are proprietary formats. To clean an archive, you basically need to unpack all files (which BitDefender can do), and create a new archive containing only the clean files... which BitDefender can't do.

Because most archiving formats are proprietary formats, it means that the packing algorithm cannot be used without license from the author of the algorithm.

ZIP format is a free format, and everyone knows it and can use it to create (un)packers. But RAR format (for instance), is a closed format, owned by RarLabs (if I'm not mistaking). So for BitDefender to repack files in the RAR format would be basically illegal, not to mention somehow dangerous for the files, because BitDefender doesn't know the exact packing method and corrupt the archives. The same thing applies for the rest of the packing formats.

In your case, to remove the detected files, find the following files and manually delete them:

C:\My Backup -- 23-04-06 1129\Documents and Settings\Michelle Conklin\Local Settings\Temp\WinFixer2006FreeSetup.exe

C:\My Backup -- 20-05-08 2058\Documents and Settings\kev\Local Settings\Temp\Temporary Directory 1 for runescape scottocs bittorrent downloader.zip\BitDownload Setup.exe

Cris.

P.S.: I will pin this topic. All other topics about this same issue will be closed and redirected to this one.

Share this post


Link to post
Share on other sites

Hi

I faced the same problem with 7zip format which is open source free format

Share this post


Link to post
Share on other sites

I did a Deep Scan and found dozens of files (some examples below & attached the latest scan log) that could not be scanned because they are "password protected". They seem to be all part of Spybot. How can I scan these individual files? Are they important? Could I try to find them and delete them or maybe even uninstall spybot?

Would be grateful for your advice.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\temp1673.zip=]Program Files/System32/drivers/Install.exe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\temp1673.zip=]Program Files/System32/drivers/tdiins.exe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\temp1673.zip=]Program Files/System32/drivers/tmcomm.sys

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\temp56c8.zip=]Program Files/System32/drivers/Install.exe

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\temp56c8.zip=]Documents and Settings/All Users/Application Data/Spybot - Search & Destroy/Recovery/sbRecovery.ini

BitDefLog1243929558_1_02.xml

Edited by Cris
Removed quote

Share this post


Link to post
Share on other sites

Hello CPS,

If you do not know the password for those archived files, then you cannot scan them. And since, in your case, it's about files that are in SpyBot recovery, I'm sure you don't know the password. :)

You can simply empty SpyBot's recovery. If you don't have SpyBot installed anymore, then simply manually delete this folder: C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ and everything it contains.

What everybody needs to understand is that archived files don't represent any immediate threat to the system. Even if you have a real infection in an archive, that infection can only become active AFTER it is unarchived. And the moment the infected file is unarchived, BitDefender Realtime Protection will block it.

As long as the files remain archived, you are 100% safe, and you can simply delete the archive.

Cris.

Share this post


Link to post
Share on other sites

I have been going crazy about this same exact situation )like the one explaind by kevinconklin) i cannot find whatsoever the files that say are infected i have been trying to get this resolved myself for about a week now and i have just about had it. is there anyone who can give me some DETAILED (i need detailed cause i am new with bitdefender, and how it works, etc.) on how to get this done from point A to point B. Here are the files it found....PLEASE HELP

File: C:\Windows\Temp\TMP00000F80BE6B9405AB36423E..........Virus Name: Gen:Adware.Heur.Ku4@2KGLJyli

File: C:\Windows\System32\config\systemprofile\AppaData\Local\Microsoft\Windows\TemporaryInternetFiles\Content.IE5YHKEKTXT\upgrade[1].cab=]upgrade.exe=](NSIS2o)=]lzma_solid_nsis0001 Virus Name: Gen.Adware.Heur.Ku4@2KGLJyli

File: C:\Windows\System32\config\systemprofile\AppaData\Local\Microsoft\Windows\TemporaryInternetFiles\Content.IE5YHKEKTXT\upgrade[1].cab=]upgrade.exe=](NSIS2o)=]lzma_solid_nsis0003 Virus Name: Application.Generic.208705

Edited by Cris
Removed font size and color

Share this post


Link to post
Share on other sites

Hello jodaddy,

Please attach here a BitDefender scan log so we can see exactly what's the situation.

Cris.

Share this post


Link to post
Share on other sites

My computer is so infected in spite of my investment in Bitdefender that I am posting this from another computer, so i can't cut and paste any information.

Could you just tell me, since this information doesn't seem to be available on your website, if it's possible to contact a live person to help me out?

My added problem is that i live in France but for something this complicated i need to speak to someone in English!!!

By the way, your advice on finding and deleting items may seem simple to you, but i have no idea how to find and delete these things on my Dell Vista system. Instructions would be appreciated.

Share this post


Link to post
Share on other sites
Hello jodaddy,

Please attach here a BitDefender scan log so we can see exactly what's the situation.

Cris.

Cscan log

regarding file in archive and cant find it manually.

Share this post


Link to post
Share on other sites

The link you posted is invalid. Please post again.

Cris.

Share this post


Link to post
Share on other sites

uhmm, I was having the similar problem can you help me how to get rid of this? here is the log:

Remaining issues:Object Name Threat Name Final Status

C:\Documents and Settings\personal\Local Settings\Application Data\Mozilla\Firefox\Profiles\30efxbab.default\Cache\52B4C643d01=](Instyler o)=](Instyler Module 1) Dropped:Application.Generic.217032 Infected (no action was possible, file was in an archive)

C:\System Volume Information\_restore{B7E848FE-5D12-4FB3-913D-4F76DB0549AC}\RP84\A0047720.exe=](Instyler o)=](Instyler Module 1) Dropped:Application.Generic.217032 Infected (no action was possible, file was in an archive)

C:\System Volume Information\_restore{B7E848FE-5D12-4FB3-913D-4F76DB0549AC}\RP84\A0047728.exe=](Instyler o)=](Instyler Module 1) Dropped:Application.Generic.217032 Infected (no action was possible, file was in an archive)

C:\Documents and Settings\personal\Local Settings\Application Data\Mozilla\Firefox\Profiles\30efxbab.default\Cache\52B4C643d01=](Instyler o)=](Instyler Module 2) Gen:Adware.Heur.vq1@Qal0vjfi Infected (no action was possible, file was in an archive)

C:\System Volume Information\_restore{B7E848FE-5D12-4FB3-913D-4F76DB0549AC}\RP84\A0047720.exe=](Instyler o)=](Instyler Module 2) Gen:Adware.Heur.vq1@Qal0vjfi Infected (no action was possible, file was in an archive)

C:\System Volume Information\_restore{B7E848FE-5D12-4FB3-913D-4F76DB0549AC}\RP84\A0047728.exe=](Instyler o)=](Instyler Module 2) Gen:Adware.Heur.vq1@Qal0vjfi Infected (no action was possible, file was in an archive)

Pls help out... thnx

Share this post


Link to post
Share on other sites

Hello razzly,

Clear Firefox's cache, and apply the steps presented here: http://forum.bitdefender.com/index.php?showtopic=3575

Cris.

Share this post


Link to post
Share on other sites
I had the similar problem where i cannot delete the generic trojan after a deep scan...any help?.......thx

The infected item is in the recycle bin.

Empty the recycle bin and run a new scan to make sure the system is clean.

Share this post


Link to post
Share on other sites

Dear Cristi Raducu,

Thx 4 ur help.........the trojan had been deleted and no longer a threat in my bitdefender........ thx ya. btw, would you mind to share some basic info reg this issue?.......i kinda want to noe how come everything when my bitdefender cannot delete a generic trojan, then when i ended up seeking help from this forum, then all the problem is solved.......izzit u guys helped to delete for me?..........i'm juz curious bout it.............

Share this post


Link to post
Share on other sites

Hello Justintsai911,

The explanation can be found in Post #2 in this topic (just above). Is there anything that you don't understand or needs to be clarified?

Cris.

Share this post


Link to post
Share on other sites

Да, но BitDefender не удаляет вирусы и из других контейнеров - jar, msi, exe, почему?

(Yes, but BitDefender does not delete viruses and from other containers - jar, msi, exe, why?)

Мы проводим тестирование различных антивирусов, и из базы в 500 семплов, BitDefender определяет 486, но вот удалить может только 430, остальные находятся в контейнерах, из которых он не может удалить, поэтому рейтинг BD оказывается ниже.

(We hold testing of various antiviruses, and from basis in 500 samples, BitDefender defines 486, but here can delete only 430, remaining are in containers from which it cannot delete, therefore rating BD appears more low. Thanks.)

Edited by Rampant

Share this post


Link to post
Share on other sites

It is possible to receive comments under the given report? Thanks.

1291557629_1_03.xml

Share this post


Link to post
Share on other sites
It is possible to receive comments under the given report? Thanks.

Did you select any action for the infected files?

Share this post


Link to post
Share on other sites

All is specified in the report:

The first action by default for the infected objects: to Move files to quarantine

The second action by default for the infected objects: to Treat

The first action by default for suspicious objects: to Move files to quarantine

The second action by default for suspicious objects: No

Action by default for the latent objects: No

Action by default for the objects protected by the password: the Help for the password

Share this post


Link to post
Share on other sites

Right,and if the first 2 fail you can also select Delete.

Share this post


Link to post
Share on other sites

And at a choice - removal, the same situation, I about this problem try to specify for a long time already to your developers, I am personally familiar with Octavian Cernăuţeanu and Iulian JOSAN, but also they can help nothing, and it affects results of testing, and for the simple user an explanation that viruses will be remote at unpacking attempt, mean a little. Here result of today's testing at us at a forum, 509 samples have been collected, used only manual scanning, BitDefender showed result of 80 % only because could not delete these 39 viruses. Thanks.

post-39675-1291570174_thumb.jpg

Edited by Rampant

Share this post


Link to post
Share on other sites

Pay attention to results eScan, it uses anti-virus signatures BitDefender, but result absolutely another.

Share this post


Link to post
Share on other sites

@1291557629_1_03.xml

Another point is that why Bitdefender fails to repack the archives after Proactive detection of Gen:Trojan.Heur.DP.yGW@aiLng7lG although it didn't take any action? Is the Proactive Detection is the cause of failure to repack the archive?

Edited by ONT

Share this post


Link to post
Share on other sites

Hi. My Google translated Russian is a bit rusty, but if I properly understand the header, these results say that our Unix offering has better detection than our standard Windows version. While this may be different with other solution providers, all our products use the same definitions files for on-demand scanning. According to what I can read about the test on the advertised forum, this is a detection test which is based on the removal of files from a folder. As some products have their settings set to disinfect or ignore files by default, this is not fair(BitDefender products for example prefer not to delete some heuristically detected files). Such testing conditions are improper and do not follow testing standards. Going on, this appears to be a random collection of 509 samples of uncertain origin, questionable spread and importance, that may or may not be malicious(for example false positives, cracks, trainers). 509 samples is by no standard a representative base for judging effectiveness of products.

Now that I'm done bashing:

@ONT. please provide a container that we fail to repack as per your description.

Edited by Catalin Salgau

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now