...
I use BitDefender (it will not run in Safe Mode). During my last
scan,
it found the following which it cannot delete or quarantine
because
they are embedded:
1. Adware.Dogpile.l
C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=]wise0080
I cannot find CONFLICT.1
2. Adware.Dogpile.l
C:\WINDOWS\Downloaded Program
Files\CONFLICT.1\Toolbar_cobrand.EXE=](Embedded EXE r)=]wise0080
3. Backdoor.Dssdoor.C
D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]RunSequence.exe
4. Backdoor.Dssdoor.C
D:\System Volume
Information\_restore(AB4B39B1-ECCC-40C6-B62403F7E55B5A)\RP850\Ao467860.exe=]RAR
Sfx o)=]_aps activator.exe
Can someone tell me how to get rid of them? Thanks............
So what does "embedded" mean to you so that we know what you mean?
I
don't use BitDefender. The free version is only a on-demand
scanner.
If "embedded" means a packed file then the scanner should still be
able to point to the file containing the program. If "embedded"
means
rootkit, those can be nasty to remove so you might want to consider
backing up all your data files and plan for a partition reformat and
fresh OS install. You might want to try other anti-malware programs
specifically aimed at detecting rootkits. SysInternals has their
Rootkit Revealer but you need to know how it works and it doesn't do
any cleanup but just lets you know of a possible rootkit (some
drivers
act like them; e.g., Daemon-Tools). Grisoft has their AVG
AntiRootkit
scanner plus you might want to use their AVG AntiSpyware (which used
to be called ewido). a-squared has low coverage (compared to ewido)
but you could use it as another on-demand scanner (it is v-e-r-y
slow
to scan). You never mention WHAT you use as your primary anti-virus
program that include on-access scanning. Other products to try are
Spybot S&D, Lavasoft Ad-Aware, and HijackThis. Some folks have used
PC Tools "Spyware Doctor" (I only remember trialing it in a VM under
VMWare Server and decided to discard it but don't remember why).
Unless you buy it, the OnGuard protection is only trialware.
F-Secure
has their Blacklight rootkit scanner but I haven't used it in over a
year, maybe two years.
Some files, whether goodware or malware, do not exist until the
parent
program is executed. That is, the program generates a new file and
that is the one it runs or uses as an ancilliary/helper program. So
it is possible you won't find those files unless the parent program
is
running.
The output you show from BitDefender is not very explanatory. Are
the
"files" that it (you) mentions the actual files or are they
shortcuts
or favorites stored somewhere else that reference these file names?
Are they remnant registry entries (so the file may not even exist
anymore although pointers to them still exist in the registry)?
That
a path and filename are outputted doesn't say if a file is being
identified, a shortcut to that file, a registry pointer to that
file,
a favorite, or what.
If the path appears that it does exist and that is what BitDefender
is
pointing to (a path and file), did you check if you enabled Explorer
to see hidden folders/files? Did you open a DOS shell and use the
'cd' command to navigate there?
The pests in the restore points are easily eliminated by turning off
System Restore which clears out all old restore point files, then
turn
it back on.
They have their own forum at
http://forum.bitdefender.com/ where you
can ask other users familiar with the same program about the alerts
you are getting.
