Tech Support Forum - View Single Post

tetonbob · 04-21-2006, 02:40 PM

Nice work, Jerry -

It seems as though Ewido may have removed a legit file from your CCNA Stuff folder.

D:\Cisco\CCNA Stuff\640-507 Misc Ccna 2.0\Sybex\Boson\GetPass\GetPass!.exe

If it's something you wish to recover, you can do this:

HOW TO RESTORE FILES FROM QUARANTINE:
1. Launch Ewido and click the "quarantine button" on the left.
2. Highlight the file(s) you want to restore.
3. Click "Restore".

---------------------------------------------------------------------------------------------

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):

O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing)

---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

Delete the following Files if they exist:

C:\WINDOWS\system32\msclk.dll

If it resists deletion, boot to safe mode and delete it from there.
---------------------------------------------------------------------------------------------

Run this online scan for a final opinion:

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.

The program will then begin downloading the latest definition files.
Once the files have been downloaded click on NEXT
Locate the Scan Settings button & configure to:
- Scan using the following Anti-Virus database:
  - Extended
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK & have it scan My Computer
Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with results from:

Kaspersky
HJT

How is your system behaving now, please?

04-21-2006, 02:40 PM	#6 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,158 OS: 2000 Pro; XP Pro; XP Home	Nice work, Jerry - It seems as though Ewido may have removed a legit file from your CCNA Stuff folder. D:\Cisco\CCNA Stuff\640-507 Misc Ccna 2.0\Sybex\Boson\GetPass\GetPass!.exe If it's something you wish to recover, you can do this: HOW TO RESTORE FILES FROM QUARANTINE: 1. Launch Ewido and click the "quarantine button" on the left. 2. Highlight the file(s) you want to restore. 3. Click "Restore". --------------------------------------------------------------------------------------------- Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any): O20 - Winlogon Notify: SensSrv - senssrv.dll (file missing) --------------------------------------------------------------------------------------------- Go to My Computer->Tools->Folder Options->View tab: * Under the Hidden files and folders heading, select Show hidden files and folders. * Uncheck the Hide protected operating system files (recommended) option. * Also make sure there is no checkmark beside Hide file extensions for known file types * Click Yes to confirm and then click OK. Delete the following Files if they exist: C:\WINDOWS\system32\msclk.dll If it resists deletion, boot to safe mode and delete it from there. --------------------------------------------------------------------------------------------- Run this online scan for a final opinion: Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner Answer Yes, when prompted to install an ActiveX component. The program will then begin downloading the latest definition files. Once the files have been downloaded click on NEXT Locate the Scan Settings button & configure to: Scan using the following Anti-Virus database: Extended Scan Options: Scan Archives Scan Mail Bases Click OK & have it scan My Computer Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Click the Save as Text button to save the file to your desktop so that you may post it in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan --------------------------------------------------- Run a new HijackThis scan. Save the log file and post it here. --------------------------------------------------------------------------------------------- Please return with results from: Kaspersky HJT How is your system behaving now, please? __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009