Bit Defender Done Good

Today I surfed a fair number of sites searching for good wildlife and bird photos.
After about an hour or more Bit Defender sent up a message that a Trojan PWS.Bancos.142 had been blocked and that my computer was not infected. Evidently there were 5 files that were at risk or had become infected.
File c:\i1386\msstdfmt.dll and c:\windowssystem32\msstdfmt.dll.

All that is gobbleygook to me. But I am glad that BD found it. I am not sure why 5 files were involved.
Then about the same time, not knowing that BD was scanning , I started Counteerspy, and it found a keylogger, WinRecon Commercial Key Logger.

Subsequently I updated and scanned with mwav escan which found nothing, BD again and found nothing, and Ewido which found nothing.

I think I am clean. I am a little surprised that BD found the Trojan and Ewido was not the "First responder."

So I am glad that I have good security. I scan once a day with several programs.

Jerry

 

Good security is the key to a great future

Trojans...well I've dealt with them once too often

 

Well, ewido is not supposed to be the first responder if the AV has the capability of picking something up. It is a second line of defense, so in case BD hadn't detected that trojan, ewido would have (probably, I can't say for sure because I don't have a sample).

 

jerry glad that u and bitdefender are going along pretty good..stick with it somemore time and see..

 

Thanks for the replies.
I was not aware of the way that the AT would work with the AV. That is useful. I have found Ewido picks up spyware, but this is the first "trojan attack" I have had.

I hlike BD, but have had some uncertainties as to protection when it disabled. I now know that it does that for a few seconds after update. It does update a lot. Evidently BD folks are keeping up with the threats.

I also downloaded a trial of Trojan Hunter last night to get "another opinion" as to being clean. It scanned and all was well.
I trialed it on my old computer and liked it. I am not sure why I chose Ewido, although I am happy with it.
It may have been the price, but I subsequently learned that they do not charge a fee each year, at least for now. If I left Ewido I would go with TH.

I assume that if I do not have the shields of Ewido and TH operational at the same time, they will not conflict. I have TH disabled at present.

Have a good day, and keep your shields up.

Jerry

 

Unfortunately, you can never really know if you have "good security".

 

An AV and AT work on different 'levels', which is why they can co-exist together, but your AV will always have 'first bite of the cherry'; if it misses then your AT will get a shot.

I don't think ATs embed themselves so deeply into your system as AVs, so maybe you can run more than one AT simultaneously, which you should not do with AVs.

I personally prefer Ewido over Trojan Hunter, because it has much wider coverage of malware. Ewido has about 106,000 sigs while Trojan Hunter has but a fraction of that, this shows itself in general malware tests such as this (much maligned!) test:- http://www.virus.gr/english/fullxml/default.asp?id=69&mnu=69

where Ewido gets nearly 40% of samples, while TH lags far behind.

 

Thanks, Topper.
I like Ewido. It updates often and has caught some spyware that nothing else had found. I have found both Ewido and Trojan Hunter easy to use for someone who is not especially knowledgeable in computers.
Jerry

 

Hello, this is my first post here.

I am sorry Jerry, but that had been a false positive.
The same message appeared here after a fullscan.
Wondering how this file could get infected, I scanned it at Virustotal.
No other scanner but BitDefender detected malware in this file, so I sent it to BitDefender.
Seven hours later the sigs had been corrected and the file (that belongs to windows or other harmless apps) produced no longer false alert.

 

StU,

Welcome to Wilders.
Thanks a lot for the informaton. I wondered how several files could get infected.
I did not think to send the info to BD, so "You done good." I am not sure how to send the information to BD.

I always get some false positives from mwav escan. There are about 5 entries regarding a couple of recovers (I think) files and three Wild Tanfgent entries. I have tried the removal tool for WT, but it does not rid my machine of it. I don't consider it a problem and just ignore it. The WT is part of the Dell Media Experience if I remember correctly.

Thanks again for the added information. Have a good day.

Jerry

 

This article should help you to submit your files to BD, Jerry:

http://kb.bitdefender.com/KB154-en--How-to-Submit-the-Quarantined-Files.html

 

If you don't want to use BitDefenders quarantine, just mail the suspect file zipped and password-protected to virus@bitdefender.com.
And don't forget to send them a little description and the password as well.

 

not 100% true.

You should send it to virus@bitdefender.com, the file should be archived (ZIP or RAR recommended), as well as password protected.

And yes, you should also send a little info and the password

 

Thanks to both of you. However I do not know how to archive a file. If I have an occassion to send a file I will ask. I have zip tools, but I have never ZIPPED a file.

EDIT After goning to the link, I can do that if the file is in the quarantined folder.

Jerry

 

That's no problem cause there are some who are zipping all day

Most of the times it would be a rightclick and choosing "add to archive" > you name the folder/file and a progressbar will notify you when it ends with archiving/zipping.

once finished you'll be able so send it (and password protect if wanted, with a letter or a complaint, you can choose

 

@Firecat:
I am sorry, but in fact english is not my native language, so misunderstandings can happen.

 

I think I can do it now. Thanks.

Jerry