PDA

View Full Version : Failure to Launch - Msoft Security Essentials



cottlad
03-16-2010, 05:15 PM
Tonight i go to start HEM
Starts loading as normal but immediately closes down after main window appears. At which point a MSE red popup reads: 'Microsoft Security Essentials detected 1 potential threat and suspended it. Click 'Clean' to remove this threat.'

When i click 'Show details' the detected item is shown as:
Backdoor: Win32/Bisar!rts Alert Level: High

Any ideas?

_Loki_
03-16-2010, 05:33 PM
Any ideas about what ? It's a backdoor trojan - follow the instructions MSE gives you is probably the answer

Did you clean it as instructed ?

Encyclopedia entry: Backdoor:Win32/Bisar!rts - Learn more about malware - Microsoft Malware Protection Center (http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3aWin32%2fBisar!rts&ThreatID=-2147342124)

cottlad
03-16-2010, 05:39 PM
Ya i cleaned it as instructed and a 'your PC is now clean' type message comes up. Same thing happens though every time i try and run HEM so wondered if it was a known HEM problem/bug/update/virus whatever.

cottlad
03-16-2010, 06:57 PM
Category: Backdoor

Description: This program provides remote access to the computer it is installed on.

Recommendation: Permit this detected item only if you trust the program or the software publisher.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:C:\Users\Shaun\AppData\Local\Xenocode\Applian ceCaches\HoldemManager.exe_v1C84EDBD\TheApp\STUBEX E\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe


That shows full details
The HMImport.exe shows modified 5 mins ago which is when i just tried cleaning again.

Is this a problem on my side?
Can i delete this exe and re-install?
I really dunno what to do.... anyone suggest something?

cottlad
03-16-2010, 08:12 PM
Just got another warning, this time for Win32/Bumat!rts

Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommendation: Permit this detected item only if you trust the program or the software publisher.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:C:\Users\Shaun\AppData\Local\Xenocode\Applian ceCaches\HoldemManager.exe_v2B34C5A3\Native\STUBEX E\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe
file:C:\Users\Shaun\AppData\Local\Xenocode\Applian ceCaches\HoldemManager.exe_v65ED1E19\Native\STUBEX E\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe

:confused:

fozzy71
03-16-2010, 09:56 PM
It sounds like you are using an old version of HM (circa November of last year).

Please update to the latest beta - http://www.holdemmanager.com/downloads/HmBetaUpdate.exe

Close HEM and your anti-virus and delete any \xenocode\appliance cache folders and any other possible false positive files.

1. Enable "Show hidden files and folders" under Control Panel -> Folder Options -> View
2. Go to C:\Users\%USERPROFILE%\AppData\Local\Xenocode\Appl iance Cache and delete every folder you can find in there

If you are on XP, that location is C:\Documents and Settings\%USERPROFILE%\Local\Application Data\xenocode\appliance cache

Empty your recycle bin.

reboot

cottlad
03-16-2010, 10:05 PM
seems to have done the job thanks.
Do you think i am/was infected or just a conflict/error?

Seems fine now :)

fozzy71
03-20-2010, 10:33 AM
It is an old False-Positive bug. If you want to be sure you are not infected by something I suggest following these steps - Virus/Spyware/Malware Q&A - Please read before posting - Computer Technical Help - Software and Hardware Forum (http://forumserver.twoplustwo.com/48/computer-technical-help/virus-spyware-malware-q-please-read-before-posting-321637/)

Eternal
03-27-2010, 01:30 AM
I did a microsoft security scanned and these showed up. My HEM is working normal and fine as usual, I just did a random scan and found these. PLEASE TELL ME THIS IS PART OF HEM or DID I JUST FIND A VIRUS IN MY COMPUTER, is this possibly a way for hackers to view holecards???

Backdoor:Win32/Bisar!rts
Category: Backdoor

Description: This program provides remote access to the computer it is installed on.

Recommendation: Permit this detected item only if you trust the program or the software publisher.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

tems:
file:C:\Documents and Settings\Stylistic\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v5 01547F3\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HoldemManager.exe
file:C:\Documents and Settings\Stylistic\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v7 BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\DBControlPanel.exe
file:C:\Documents and Settings\Stylistic\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v7 BC20518\Native\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMHud.exe
file:C:\Documents and Settings\Stylistic\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v7 BC20518\Native\STUBEXE\@WINDIR@\Microsoft.NET\Fram ework\v2.0.50727\csc.exe

Trojan:win32/orsam!rts
Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommendation: Permit this detected item only if you trust the program or the software publisher.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:C:\Documents and Settings\Stylistic\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v7 BC20518\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HoldemManager.exe


Trojan: Win32/Bumat!rts
Category: Trojan

Description: This program is dangerous and executes commands from an attacker.

Recommendation: Permit this detected item only if you trust the program or the software publisher.

Microsoft Security Essentials detected programs that may compromise your privacy or damage your computer. You can still access the files that these programs use without removing them (not recommended). To access these files, select the 'Allow' action and click 'Apply actions'. If this option is not available, log on as administrator or ask the local administrator for help.

Items:
file:C:\Documents and Settings\Stylistic\Local Settings\Application Data\Xenocode\ApplianceCaches\HoldemManager.exe_v7 BC20518\TheApp\STUBEXE\@PROGRAMFILES@\RVG Software\Holdem Manager\HMImport.exe

netsrak
03-27-2010, 06:16 AM
Which HM version are you using?

We had an issue with a false positive alarm in an older version of Holdemmanager (1.09.x). If you are still using this or you had it installed the virus scanner might still find parts of this old version in the appliancecache or in restore points. You can delete this files or ignore them.

Eternal
03-27-2010, 02:26 PM
Which HM version are you using?

We had an issue with a false positive alarm in an older version of Holdemmanager (1.09.x). If you are still using this or you had it installed the virus scanner might still find parts of this old version in the appliancecache or in restore points. You can delete this files or ignore them.

I am using 1.10.02. So these warnings from my anti-virus should be okay?

netsrak
03-28-2010, 07:15 AM
Please delete the files from the error messages. You can delete the given xenocode\appliancecache subfolder.