[Cjreef]

Thanks for letting me know. I was getting worried about you as others were too.

[Cookiegal]

I don't see anything out of place there.

Have you heard anything back from the BitDefender people?

[Cjreef]

I finally did today. I had not heard since 9/29 and sent them an email. They claim they replied to me 3 days ago. It's always possible that I deleted the message by mistake but find it hard to believe since I was really anxious to hear from them. By the way, they do advertise that they provide phone support but I could not find a phone number on their website. Any idea what it might be?

Anyway, they sent me a new file to download, save with the extension .zip, unzip and run. It picked up two files which I had to send to them zipped and password protected. I will let you know when I hear from them again.

The file they sent, if it means anything to you, was pdmp_crypted. The two files picked up were Datasafeonline.exe and sprtcmd.exe.

[Cookiegal]

Those files both belong to Dell, one for their support tool and the other for on-line storage.

I have no idea of a phone number for them.

[Cjreef]

Hello Cookiegal,

After complaining that it was taking an awful long time, I finally received a reply from Bit Defender. I am more confused than ever so I decided not to do anything until I get more information from them. I am very frustrated with BitDefender at this point. Here is what they wanted me to do and my response to them:


Thank you for your response.

Could you please let me know what the problem is that we are trying to fix, that is, what you found out from the information that you requested and that I sent you. I am concerned that with the passage of so much time things might be getting a bit confused.

You are instructing me to run the .bat file. The mbrfix folder contains 7 items of which 2 have the extension .exe and 4 .bat. The last one is a FireFox documentation.

Because of the above and the fact that the documentation warns that incorrect use of the program may cause loss of all data I will need more precise instructions. I am assuming I can ignore the 64 version and that I should run the MBRFIX.EXE program but that is neither of the .bat files and you want me to run a.bat file. I need to be sure. And, again, I would like to know what it is going to do to my computer because I don’t understand how the MBR has anything to do with the message I get about the “svchost” application.

With thanks, Claude Poole.

-----Original Message-----
From: BitDefender Support Team [mailto:support@bitdefender.com]
Sent: Wednesday, October 28, 2009 1:12 PM
To: Claude Poole
Subject: Re: [Ticket ID:200909231009352] I need help with this screen


Dear Claude Poole,

Attached to this email you will find an archive "fixmbr.zip" containing the
utility used to restore the altered MBR.

Please download the attachment, disable the BitDefender real-time protection
and any other active security solutions, unpack the archive and run the .bat
file.

Once the process is completed enable the real-time protection.

~

[how to DISABLE THE REAL-TIME PROTECTION on version 2008]
In order to disable the Real-time protection please open BitDefender, select
"Settings", go to "Antivirus" > "Shield" and click on "Real-time protection is
enabled", select the time interval that suites your troubleshooting needs and
click "OK"; the message will change to "Real-time protection is disabled".
-----

[how to DISABLE THE REAL-TIME PROTECTION on version v10]
In order to disable the real-time protection please open BitDefender, go to
"Antivirus" > "Shield" and click on "Real-time protection is enabled"; this
message will change to "Real-time protection is disabled".
-----


If the situation persists or you require further assistance please do not
hesitate to contact us.
Best regards,

Cristian Raducu
BitDefender Technical Support Engineer

[Cjreef]

BitDefender sent me an explanation:
"The virus injected itself into the Master Boot Record and the only way to
remove it is to restore the MBR.
The archive contains 4 bat files:
Look at the file name and run the one that fits your operating system:

fix32_vista.bat ->Vista 32 OS
fix32_w2k_xp.bat -> Windows 2000/Windows XP 32 OS

and the rest are for x64 OS which we can exclude.
Loss of data may occur if you don't run the proper bat file."

I clicked on the bat file for Windows XP. A black screen came on for a fraction of a second, disappeared, then nothing.
I sent them another email, will let you know what happens.

If you have any ideas, please let me know, thank you.

[Cjreef]

"I clicked on the bat file for Windows XP. A black screen came on for a fraction of a second, disappeared, then nothing."

Bit Defender says that's normal.

I will let you know if the problem is solved.

Thanks for all your help.

[Cookiegal]

OK, thanks.

[Cjreef]

Well, I haven't seen a warning screen for a month now, so I'm assuming that the problem is solved. I did get a blue screen once though.

While we were going through the solving process I accumulated a bunch of icons on my desktop and I'm not sure which ones I can safely delete.

Malwarebytes
Spyware Blaster
Rootkit unhooker
Puppy.exe
jdk-6u16-windoes
Shortcut to process explorer (no idea what that is)
Hijack this
Spypware blaster.

Thanks again for your help.

[Cookiegal]

I suggest keeping these:

Malwarebytes
Spyware Blaster

You can delete these by dragging them to the recycle bin:

jdk-6u16-windoes
Shortcut to process explorer
Rootkit unhooker

Delete HijackThis via the Control Panel - Add/Remove programs.

Follow these steps to uninstall Combofix and all of its files and components.

• Click START then RUN
• Now type ComboFix /uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
  

Now you should turn system restore off to flush out all previous system restore points, then turn it back on and create a new restore point:

To turn off system restore, on the Desktop, right click on My Computer and click on Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a new restore point, click on Start – All Programs – Accessories – System Tools and then select System Restore.

In the System Restore wizard, select Create a restore point and click the Next button.

Type a name for your new restore point then click on Create.


Read here for info on how to tighten your security.