Jump to content


Photo

Blocked Trojan


  • Please log in to reply
4 replies to this topic

#1 easyd

easyd

    Newbie

  • Members
  • 3 posts

Posted 14 February 2010 - 01:16 PM

Hi All

Please can you help. I am currently using Bitdefender Internet Security 2010 and have twice received this during a deep virus scan: Gen:Trojan.Heur.S.8iw@acq8anfn, action taken blocked. I have tried to access the file on my pc to delete it but have been unsuccesful in tracing it: C:Windows/Temp/SBS_VE_AMBR

It also mentions Accessed By SBAMSVc.exe, which I believe is a component of Counterspy antispyware, which I also use on my pc, do you think there may be some sort of conflict?

I have attached the real time antivirus protection screen shot and the antivirus log file scan.

Hope you can help.

Regards

easyd

Attached Files



#2 Cris

Cris

    BitDefender Evangelist

  • Regular Bitdefender Poster
  • PipPipPipPipPipPip
  • 3,360 posts
  • Gender:Male
  • Location:Galați/Iași, România
  • Interests:- Programming and scripting (C/C++, ASM, Java, Haskell, a little PHP, JS and XSL for the moment...hope for more)<br />- Biking trips

Posted 14 February 2010 - 05:04 PM

Hello easyd,

As far as I can see, this issue has been discussed before on the Counterspy forums. In short, those folders are used by Counterspy to extract archived files in order to scan them. So, when Counterspy is used along with another Realtime Protection antivirus solution, and when the extracted files do contain malicious files, it is possible that the antivirus (in this case, BitDefender) and Counterspy will block eachother.

Gen:Trojan.Heur.S.8iw@acq8anfn looks like a heuristic detection. From BitDefender's point of view, unless you can provide an actual sample of the detected file so it can be analyzed, this detection will remain, because there is no way of telling if it really is a false positive or not (it might very well be a real threat). Please contact Couterspy Support for more details. Thank you.

Cris.

#3 easyd

easyd

    Newbie

  • Members
  • 3 posts

Posted 14 February 2010 - 05:14 PM

Hi Cris

Thanks for the speedy response, what would be the best way of obtaining and sending a sample of this detected file. Also who would the best people to send this file to?

Regards

easyd

Edited by Cris, 14 February 2010 - 05:26 PM.
Removed quote


#4 Cris

Cris

    BitDefender Evangelist

  • Regular Bitdefender Poster
  • PipPipPipPipPipPip
  • 3,360 posts
  • Gender:Male
  • Location:Galați/Iași, România
  • Interests:- Programming and scripting (C/C++, ASM, Java, Haskell, a little PHP, JS and XSL for the moment...hope for more)<br />- Biking trips

Posted 14 February 2010 - 05:31 PM

I don't know. I have no idea how exactly Countersy works. What I said above was from 2 minutes of reading a topic found on Google. To find the exact files, please contact Counterspy Support and ask them how you can obtain a certain temporary file. As I said, it seems that this issue has been largely discussed on their forum, so it shouldn't be to hard to find an answer.
But the answer has to come from them, not from us. BitDefender Forum is in no way capable of offering support for 3rd party software.


If you manage to get a sample, put it in a password-protected archive (with the password infected - details in my signature), upload the archive on a file sharing server of your choice (such as www.sendspace.com) and send me the download link by PM. I will forward the files to BitDefender Labs for analysis and will post back the response.

Cris.

#5 easyd

easyd

    Newbie

  • Members
  • 3 posts

Posted 19 February 2010 - 12:31 AM

Hi Cris

Sorry for the delay in getting back to you. I contacted the Sunbelt Forum, Sunbelt make Counterspy, and they enabled me run a Vipre Rescue virus scan using a command prompt in dos, under safe mode. This did not pick up any infections. They also stated that these files are temporary files created when Counterspy runs a scan. Looks as if this was a false positive created by Bitdefender.

Thanks for your help in this.

easyd




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users