BitDefender Antivirus
Contact Us | My BitDefender

  




 The system appears infected
This article explains what to do if the computer seems infected but BitDefender does not detect any threats.

 What to do when BitDefender does not detect malware
Some files may not be detected by BitDefender even if they are malicious. This is called a false negative and usually occurs when the malware uses new (unexplored) techniques.

 Cookie threats!
A lot of people are interested in cookies and why any internet security type product covers the cookie area in order to protect the computer. How can a cookie harm the computer? How are cookies and spyware connected? The present document tries to offer some light over these aspects.

 What to do when BitDefender detects legitimate applications
There is a possibility that BitDefender will report a legitimate file as being infected. This is called a false positive and usually occurs when BitDefender decides that the file behaves like a malware.

 Using the BitDefender Rescue CD
This article describes the usage of the BitDefender Rescue CD.

 Hoaxes

Describes the typical hoaxes and how to recognize them.

 Security papers
I need to know/learn more about viruses/spam/security.

 Kaspersky Wrongly Flagged BitDefender as Malware Misidentified .dll No Cause for Alarm
On Thursday, January 18, products from competing antivirus maker Kaspersky began misidentifying a file (filecopy.dll) which is not a virus, but rather a legitimate component of BitDefender software. The confusion spread, as some other antivirus producers "took the lead" from Kaspersky and added the file to their signature databases as a virus.

As a result, this component of BitDefender was being flagged (at 14.00 local Friday 19) as:
BDS/Agent.aec.6 by AntiVir
Win32.Agent.aec by eSafe
Backdoor.Win32.Agent.aec by Kaspersky.
Backdoor.Agent.aec by Ewido
W32/Agent.AYBF by Norman

 FileServer x86 Downadup issue patch
BitDefender has released an engine patch that will improve the detection for the Downadup worm.

 BitDefender releases the Downadup removal tool
Short description of the Downadup/Conficker/Kido behaviour:

1. It creates files autorun.inf and RECYCLED\{SID<....>}\RANDOM_NAME.vmx on removable drives and on public network shares

2. It stores itself in the system as a DLL-file with a random name in c:\windows\system32\

3. It registers itself in system services with a random name, creating the following service:

Name: netsvcs

ImagePath: %SystemRoot%\\system32\\svchost.exe -k netsvcs

Then the worm creates the following registry entry:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\netsvcs\Parameters\"ServiceDll" = "[PathToWorm]"

4. The worm deletes any user-created System Restore points.

5. It tries to attack network computers via random ports, using Microsoft Windows vulnerability MS08-067. The worm then creates a http server on the compromised computer on a random port, for example:

http://[EXTERNAL IP ADDRESS OF INFECTED MACHINE]:[RANDOM PORT]

6. Upon successful exploitation, the other computer will then connect to this URL and download the worm spreading the infection.

7. Downadup then contacts several domains and tries to download additional files onto the compromised computer.

Showing articles from 1 to 10 of 16

Page 1   Page 2   
Useful Links


MyBitDefender Login



©   2009 BITDEFENDER SiteMap | Legal Terms | Site Feedback | Global Sites | Privacy Policy