Smokey's Security Weblog

veritas odium parit

Severe BitDefender 2010 update problem: set of bad definitions released

Read for you on SANS, posted today, 18:29:31 UTC:

We have started to receive reports this morning concerning a popular consumer antivirus product has caused some grief today. BitDefender 2010 appears to have released a set of bad definitions. Unfortunately, these bad virus definitions appear to detect core DLL files and even parts of BitDefender, itself, as infected by “Trojan.FakeAlert.5”. There is quite a thread discussing this issue on the BitDefender Forums.

If you or your organization uses BitDefender, I would heavily recommend that you disable auto-update of the definitions until corrected ones are released soon. Also, I would recommend preparing to do a lot of hands-on clean up to reverse those files which were quarantined by accident.

Sound not good at all…

Post updated – Official BitDefender statement:

Due to a recent update it is possible that BitDefender detects several Windows and BitDefender files as infected with Trojan.FakeAlert.5

In order to solve this issue you will have to perform these steps:

– open the BitDefender interface in Expert Mode
– go to the Antivirus tab and disable the Realtime Protection permanently.
– go to the Quarantine tab and restore all items that are detected as Trojan.FakeAlert.5.
– reboot your PC
– open BitDefender in Expert Mode
– go to the Update tab and run an update.
– wait for the update to finish and enable the Realtime Protection that was disabled earlier.

If, however, your Windows can no longer boot properly you will need to perform one of the 2 actions below:

1. Use Last Known Good Configuration
– reboot your PC and press F8 repeatedly until you reach a text menu
– choose the last option on the bottom of the page named Last Known Good Configuration

2. Use System Restore

Source: BitDefender


March 20, 2010 Posted by | Advisories, Alerts, Anti-Virus, Downloads, Malware, Recommended External Security Related Links | , , , , , , , , , , | Leave a comment

Guests allowed to post on Smokey’s for Log Analysis and Malware Removal help

Smokey’s Security Forums have changed the posting policy regarding the Malware Removal Help and Log Analysis Forums.
In the past it was only allowed to registered board members to post in mentioned forums, from now on posting in these forums is possible to guests too.

A few things for guests to remember

The only forums that you are allowed to post in are:

OTL (formerly OTListIt2) Log Analysis – Malware Removal & System Cleaning (English language)
Hilfe bei Problemen mit Viren, Trojanern, Würmern, Spyware, Adware, Ransomware, Popups und sonstigen Schädlingen (German – Deutsch language)
Not getting helped? Please post here!

Some additional info for guests

– Remember to give yourself a name atm you make a post, it’s better than calling you ‘Guest’.
– You will have to pass a ‘captcha’ validation for each post you make.
– You will be asked for an email address for each post you make.
– You will not receive a notification of replies, so you will have to check manually for any replies to your post.
– Normal board rules regarding behavior are still valid.
– If a ‘Helper’ feels you have broken forum rules, they can refuse to continue with help.

Wish you all a safe computing experience!  🙂

March 14, 2010 Posted by | Malware, Recommended External Security Related Links, Uncategorized | , , , , , | 2 Comments