Jump to content
Zelmax

rtkhdasetting.zip skipped by Bitdefender system analysis: What sould I do?

Recommended Posts

Hello,

I just started a system analysis with Bitdefender and the report mentions among other information: 153335 ignored files, 4209 password protected files.

I went through the log (which is an .xml file so I cannot insert it in my message) and I saw different weird file paths, here are some example:

 

- D:\Musique\iTunes\iTunes Media\Mobile Applications\Jetpack 1.8.8.ipa=>Payload=>jetpack.app=>assets.zip=>textures/Entities/MysteryCrystal.xml

- C:\Program Files\Realtek\Audio\HDA\rtkhdasetting\103C850B\APO.zip=>APO=>84810527=>84810527.txt

- C:\Windows\System32\drivers\rtkhdasetting.zip=>rtkhdasetting=>103C83C7=>APO.zip=>APO=>83110208=>83110208.txt

- C:\Users\Public\Documents\Wondershare\mobiletrans_full5826.exe=>(Instyler o)=>(Instyler Module 477)=>iTunes_Control/iTunes/iTunes Library.itlp/DBTemp/.status-com.apple.itdprep.command.runPostProcessing

- C:\Program Files (x86)\Wondershare\MobileTransPro\Library\iTunes_Control_ios9.zip=>iTunes_Control/iTunes/iTunesCDB

- C:\Program Files\Realtek\Audio\HDA\rtkhdasetting\103C8490\APO.zip=>APO=>84850109=>84850109.txt

 

I think this is weird that there are so much files about iTunes and Halfbrick apps, mixed with Wondershare (by the way I am currently struggling to uninstall all my Wondershare softwares, for example the uninstaller file for the Wondershare software called "Video Converter Ultimate" does not work and says something like "unins000.msg is missing").

But the most suspect thing in my opinion is the "rtkhdasetting" thing. Through a Google search I found a few topics mentionning this may be about malware... But I did not find help in these topics so I post a new one here.

 

I really hope you can help me, I must admit I am a bit afraid

 

Thank you in advance!

bitdefender_report_suspect-files.png

Share this post


Link to post
Share on other sites

Sorry for the typo in the title, I forgot the "h" in "should", but I do not see any button to let me edit what I wrote...

Share this post


Link to post
Share on other sites

I just did a Threat Scan with Malwarebytes and the log says there is no infection or anything. However the Bitdefender log is still intriguing. By the way sorry for the French screenshot of the log, I am French (and therefore use French versions of softwares 😄 )

Share this post


Link to post
Share on other sites

Hello @Zelmax

 

Please run the following steps and post back the logs as an attachment when ready.

STEP 01

  • If you're already running Malwarebytes then open Malwarebytes and check for updates. Then click on the Scan tab and select Threat Scan and click on Start Scan button.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed click on the View Report button, then the Export button and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Right-click on the program and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Accept the Terms of use.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, please click Clean & Repair.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

 

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a checkmark here.
  • Please attach the Additions.txt log to your reply as well.

 

Thanks

Share this post


Link to post
Share on other sites

Thank you for your reply!

I performed Step 1, I attached the log to this message.

But at Step 2, when the scan is finished, I don't get any "Clean & Repair" option, I only get this screen (see attached screenshot) asking me if I want to place preinstalled softwares in quarantaine or not. I clicked "Cancel", beacause I don't think these software are dangerous.

What should I do now?

AdwCleaner_results_preinstalled-softwares.jpg

MB_log.txt

Share this post


Link to post
Share on other sites

And after I clicked on the "Cancel" button that we can see in the screenshot from my previous message, there is what I got, basically the home screen of the AdwCleaner program I assume: (see attached screenshot)

AdwCleaner_screen-after-clicking-cancel-button.jpg

Share this post


Link to post
Share on other sites

That's okay. The pre-installed software is just recommendation. Go ahead and quit AdwCleaner then restart the computer and run Step 3 and attach both logs please.

Thank you @Zelmax

 

Share this post


Link to post
Share on other sites

Thank you. You have an old version of Java installed. Please go to Control Panel, Programs, Add/Remove and uninstall Java

You also have your System Restore disabled. Please enable it and create a new System Restore Point

ATTENTION: La Restauration système est désactivée (Total:118.01 GB) (Free:14.08 GB) (12%)

When the above has completed please temporarily disable Bitdefender and run the following fix.

 

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.

fixlist.txt

https://www.bitdefender.com/consumer/support/answer/28557/

Once completed, make sure you re-enable Bitdefender

 

 

Share this post


Link to post
Share on other sites

Thank you for your instructions.

However I don't really understand to what extent it's important that I uninstall Java and that I enable the System Restore Point feature. For the System Restore Point feature I think this is a good thing to enable, so I don't have any unwillingness about it. But for Java, I heard this is something useful to many aspects in running programs or loading web pages, so I don't exactly see the point of removing it. Wouldn't it be better to simply update Java instead of removing it (since you said my Java version is not up to date)?

Share this post


Link to post
Share on other sites

Having old compromised versions of Java makes it very easy to infect your computer. Java is needed by almost no one. JavaScript on the other hand is used on most websites. Very few websites actually use Java. If you really have to have Java then make sure you keep it up to date at all times from https://java.com

Your version is very old

 

Share this post


Link to post
Share on other sites

Thank you for your answer, I uninstalled Java. I am about to go ahead and follow your instructions, but I was wondering: When you say "temporarily disable Bitdefender", do you mean disable ALL modules mentionned in the Bitdefender support page you put the link, or only specific ones?

Share this post


Link to post
Share on other sites

Thank you.

I downloaded fixlist.txt and saved it to my Desktop.
But when you say:

On 2/11/2020 at 1:42 AM, AdvancedSetup said:

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

By "FRST or FRST64" you mean the .exe file or the .txt file?

Moreover I saved these two files (the .exe and the .txt ones) in my Downloads directory instead of my Desktop as you previously told me to do at Step 3:

On 2/10/2020 at 7:42 AM, AdvancedSetup said:

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

So in order to have fixlist.txt and "FRST or FRST64" in the same location, should I rather move fixlist.txt to my Downloads directory or move "FRST or FRST64" to my Desktop?

And won't this move affect the efficiency of the fix?

Besides, is it problematic if I install Windows updates between the beginning of the thread and now?

Share this post


Link to post
Share on other sites

It will be okay regardless if ran from your Downloads folder or your desktop. We say to use the Desktop as it's often easier for users to locate the files.

You can make your own temporary file and move FRST64.EXE and FIXLIST.TXT into that folder and run the Fix either way. When done please post back the log

Thanks @Zelmax

 

 

Share this post


Link to post
Share on other sites

By the way, what was the fix supposed to fix? Was there really a problem on my computer?

Share this post


Link to post
Share on other sites

Nothing additional was found. We simply cleared temp files and ran a disk check and general maintenance.

Please go ahead and rescan with Bitdefender and let me know if it still detects anything or not

 

Share this post


Link to post
Share on other sites

I just rescanned my system with Bitdefender, and there are still password protected files that are skipped by the analysis:

 

157104 files were ignored.

3702 were password protected.

(among other information, but I think this is the most interesting)

 

The biggest part of them is iTunes related files, I think this is due to encrypted local backups from my iPad stored in my computer.

But the "rtkhdasetting" things remains... Here are some examples extracted from the Bitdefender log:

C:\Windows\System32\drivers\rtkhdasetting.zip=>rtkhdasetting=>103C850B=>APO.zip=>APO=>84810527=>84810527.txt

C:\Program Files\Realtek\Audio\HDA\rtkhdasetting\103C8312\APO.zip=>APO=>83110208=>83110208.txt

(there are tens of lines in the log similar to these two, the rest is iTunes/Jetpack mainly)

 

Moreover, some elements were skipped by the analysis not because of password protection, but because they "can't be found" (these are the elements that were neither iTunes/Jetpack nor rtkhdasetting related).

 

What should I do? Should I delete the rtkhdasetting.zip file from my Drivers directory? What are your thoughts about that?

Thanks for helping me.

Share this post


Link to post
Share on other sites

And all I just said is related to the "advanced analysis recap" of the scan, however in the "standard" one everything seems alright though.

standard-recap-bitdefender-log.jpg

Share this post


Link to post
Share on other sites

Yes, that is correct. No Antivirus or Security software can scan password protected data. That is normal and to be expected. If it is bothersome you can set those files to be excluded from either Bitdefender or from Malwarebytes

This is a very odd location though for a driver. 

C:\Windows\System32\drivers\rtkhdasetting.zip

C:\Program Files\Realtek\Audio\HDA\rtkhdasetting\103C8312\APO.zip

 

This FOLDER rtkhdasetting   - sure looks like a bogus, fake folder. I can write a script to see what's in it but perhaps you can just view it and let me know.

Let me have you run the following just in case. I doubt it will find anything but best to check.

 

 

Please download the following scanner from Kaspersky and save it to your computer: TDSSkiller

Then watch the following video on how to use the tool and make sure to temporarily disable your security applications before running TDSSkiller.

PC Winvids - How to run Kaspersky TDSSKiller

If any infection is found please make sure to choose SKIP and post back the log in case of a False Positive detection.

Once the tool has completed scanning make sure to re-enable your other security applications.

Thank you

 

 

 

Share this post


Link to post
Share on other sites

But I think it is normal that in the standard recap it is said that no weird element was detected since any potentially weird element might be stored in the skipped files, if there are some.

Share this post


Link to post
Share on other sites

We can do a deeper scan of files but I'd rather do that in Private Message as it would show some potentially private information about you or your name, etc.

 

Share this post


Link to post
Share on other sites

Wow that sounds a bit long/complicated, and I am pretty busy these times. Do you think it is safe for me to postpone these scans to this summer? (So the topic needs not to be closed the meanwhile)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.