Help
Hey!
I'm new here and a friend said you guys are all great so here goes!
On startup I'm getting this error message:
'RUNDLL
Error loading sfsp.cfo
The specified module could not be found.
[OK]'
A simple google search seems to identify this as a trojan horse. I wasn't sure whether to follow the advice of this forum thread: http://www.spywareremovalblog.com/forums/s...hread.php?p=810
I understand it could just be a registry thing but...
Even though the computer is a few years old it's running very slowly, even though there are a limited about of programs installed.
I'm using XP Home Edition Version 2002, Service Pack 3
I have AVG Free 8.5 and the google search also brings up this which could be interesting: http://forums.avg.com/us-en/avg-free-forum...ow&id=42757
I also have Ad-Aware, Spybot-Search and Destroy
I hope this info helps. Thanks a lot in advance.
Burt
sfsp.cfo Error message - trojan? On Startup
Back to top
#2
- Forum Addict
-
- Group: Moderator
- Posts: 31,431
- Joined: 03-September 05
- Gender:Male
- Location:Killeen, TX
Posted 26 November 2009 - 12:34 PM
Getting that message at startup...probably means that there is startup pointer to a missing file. If you have removed such item from your system (regardless of whether or not it was malware), it's quite possible that the pointer (which is harmless) still remains.
The way that I would check: Download/install/run the Autoruns program.
Go to the Logon tab of Autoruns...this tab will list the primary group of startup items which we should be conccerned with. Scan the list of items...if you see a candidate that likely/surely refers to the module defined as missing...disable it.
Reboot the system.
If message no longer appears, you know you disabled the correct item. You may then leave it disabled or remove it (my choice because it has no redeeming value).
If none of this helps, we'll try something else
.
Louis
The way that I would check: Download/install/run the Autoruns program.
Go to the Logon tab of Autoruns...this tab will list the primary group of startup items which we should be conccerned with. Scan the list of items...if you see a candidate that likely/surely refers to the module defined as missing...disable it.
Reboot the system.
If message no longer appears, you know you disabled the correct item. You may then leave it disabled or remove it (my choice because it has no redeeming value).
If none of this helps, we'll try something else
.Louis
#3
- Learning To Bleep
-
- Group: BC Advisor
- Posts: 2,834
- Joined: 06-July 08
- Gender:Not Telling
- Location:127.0.0.1
Posted 26 November 2009 - 12:56 PM
Keeping in mind the possibility of a previous virus or malware infection, you should scan your hard disks and portable disks for virus or malware etc.
Without bashing AVG unnecessarily, I would recommend you to install avast! or Avira free anti-virus instead, update it and perform a full computer scan.
Also BC HJT team no longer recommends Ad-Aware or S & D for the reason that these software are not as effective now as they once were. They now recommend Malwarebyte's Anti-malware (MBAM). So you should install MBAM, update it and perform a full scan.
Without bashing AVG unnecessarily, I would recommend you to install avast! or Avira free anti-virus instead, update it and perform a full computer scan.
Also BC HJT team no longer recommends Ad-Aware or S & D for the reason that these software are not as effective now as they once were. They now recommend Malwarebyte's Anti-malware (MBAM). So you should install MBAM, update it and perform a full scan.
#4
- Member
-
- Group: Members
- Posts: 18
- Joined: 26-November 09
Posted 26 November 2009 - 02:26 PM
Thanks for the quick response!
Will change to Avira Free and Malwarebyte's Anti-malware now and scan with both.
In Autoruns I found 'rundll32.exe'. I also found 'sfsp.cfo' which Image Path says, 'File not found: sfsp.cfo'.
I unticked both.
Having restarted I'm now getting this message:
'sfsp.cfo
Windows cannot find sfsp.cfo. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.
[OK]'
I then right-clicked and deleted both in Autoruns and I now get the same message with 'beforegttav' at the top.
In Autoruns 'beforegttav' is there. Shall I untick/delete this too?
Thanks in advance again!
Will change to Avira Free and Malwarebyte's Anti-malware now and scan with both.
In Autoruns I found 'rundll32.exe'. I also found 'sfsp.cfo' which Image Path says, 'File not found: sfsp.cfo'.
I unticked both.
Having restarted I'm now getting this message:
'sfsp.cfo
Windows cannot find sfsp.cfo. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.
[OK]'
I then right-clicked and deleted both in Autoruns and I now get the same message with 'beforegttav' at the top.
In Autoruns 'beforegttav' is there. Shall I untick/delete this too?
Thanks in advance again!
#5
- Forum Addict
-
- Group: Moderator
- Posts: 31,431
- Joined: 03-September 05
- Gender:Male
- Location:Killeen, TX
Posted 26 November 2009 - 02:45 PM
http://www.superantispyware.com/malwarefiles/SFSP.CFO.html
If you haven't already, I suggest trying SUPERAntiSpyware and Malwarebytes (as suggested by Romeo29) permanently.
Yes, delete that as well...it appears to be linked to the malware item mentioned.
Louis
If you haven't already, I suggest trying SUPERAntiSpyware and Malwarebytes (as suggested by Romeo29) permanently.
Yes, delete that as well...it appears to be linked to the malware item mentioned.
Louis
#6
- Member
-
- Group: Members
- Posts: 18
- Joined: 26-November 09
Posted 27 November 2009 - 11:46 AM
Hey all!
Thanks again for all your help.
I deleted 'beforegttav' from Autoruns and now nothing comes up at startup - yay!
I just finished scanning with SuperAntispyware and it found 2 Adware Tracking Cookes, 1 Trojan Agent/Gen and 3 Trojan Agent/Gen-Droppers.
Hopefully it'll run faster now.
One quick last question: on my other computer (Vista) I've installed Avira Free on your advice. Do I still need Kapersky Internet Security or is Avira sufficient?
Thanks again!
Thanks again for all your help.
I deleted 'beforegttav' from Autoruns and now nothing comes up at startup - yay!
I just finished scanning with SuperAntispyware and it found 2 Adware Tracking Cookes, 1 Trojan Agent/Gen and 3 Trojan Agent/Gen-Droppers.
Hopefully it'll run faster now.
One quick last question: on my other computer (Vista) I've installed Avira Free on your advice. Do I still need Kapersky Internet Security or is Avira sufficient?
Thanks again!
#7
- Forum Addict
-
- Group: Moderator
- Posts: 31,431
- Joined: 03-September 05
- Gender:Male
- Location:Killeen, TX
Posted 27 November 2009 - 01:01 PM
Well...it's a matter of choice.
An Internet Security program...includes both a firewall and an AV program, while Avira AntiVir Personal is an AV program only. I run Avira Free with the Sunbelt Free Firewall (formerly Kerio Free) and I think it's a pretty good combination available to those who want to run a 3d-party firewall (as opposed to the XP/Windows firewall).
Louis
An Internet Security program...includes both a firewall and an AV program, while Avira AntiVir Personal is an AV program only. I run Avira Free with the Sunbelt Free Firewall (formerly Kerio Free) and I think it's a pretty good combination available to those who want to run a 3d-party firewall (as opposed to the XP/Windows firewall).
Louis
#8
- Member
-
- Group: Members
- Posts: 18
- Joined: 26-November 09
Posted 27 November 2009 - 03:29 PM
So this combination is good?
Avira AntiVir Personal
SUPERAntiSpyware
Sunbelt Free Firewall
Avira AntiVir Personal
SUPERAntiSpyware
Sunbelt Free Firewall
#9
- Forum Addict
-
- Group: Moderator
- Posts: 31,431
- Joined: 03-September 05
- Gender:Male
- Location:Killeen, TX
Posted 27 November 2009 - 04:04 PM
I would/do add Malwarebytes to those programs for security...in addition to installation of all XP critical updates.
I don't have a problem with malware, using these steps, thus I assume the same steps will work for anyone.
Louis
I don't have a problem with malware, using these steps, thus I assume the same steps will work for anyone.
Louis
This post has been edited by hamluis: 27 November 2009 - 04:04 PM
#10
- Member
-
- Group: Members
- Posts: 18
- Joined: 26-November 09
Posted 27 November 2009 - 04:44 PM
Great. Thanks Louis.
I've installed Sunbelt and desabled Kapersky - I'm getting Windows Security alerts telling me It's not safe.
Should I have both Windows and Sunbelt firewalls running?
How do I get Windows security centre to recognise Sunbelt is running?
I've installed Sunbelt and desabled Kapersky - I'm getting Windows Security alerts telling me It's not safe.
Should I have both Windows and Sunbelt firewalls running?
How do I get Windows security centre to recognise Sunbelt is running?
#11
- Forum Addict
-
- Group: Moderator
- Posts: 31,431
- Joined: 03-September 05
- Gender:Male
- Location:Killeen, TX
Posted 27 November 2009 - 05:10 PM
Installing the Sunbelt firewall...should have automatically disabled the Windows/XP firewall.
(Yesterday, I installed it on the system (I have two) where I had been running the XP firewall...it disabled the XP firewall and I received no alerts of any type).
You can check the status of the XP firewall by clicking on the Security Center icon at Control Panel. My system also detects the Sunbelt firewall and reflects this in the Control Panel/Security Center window.
Louis
(Yesterday, I installed it on the system (I have two) where I had been running the XP firewall...it disabled the XP firewall and I received no alerts of any type).
You can check the status of the XP firewall by clicking on the Security Center icon at Control Panel. My system also detects the Sunbelt firewall and reflects this in the Control Panel/Security Center window.
Louis
#12
- Member
-
- Group: Members
- Posts: 18
- Joined: 26-November 09
Posted 27 November 2009 - 06:19 PM
I just uninstalled Kapersky and Windows Security Centre recognised Sunbelt. Good good.
Thanks a lot everyone for your help.
Burt
Thanks a lot everyone for your help.
Burt
#13
- Forum Addict
-
- Group: Moderator
- Posts: 31,431
- Joined: 03-September 05
- Gender:Male
- Location:Killeen, TX
Posted 27 November 2009 - 08:39 PM
#14
- Member
-
- Group: Members
- Posts: 18
- Joined: 26-November 09
Posted 29 November 2009 - 05:51 AM
Sorry! One last quick thing...
Windows is blocking MalwareBytes on startup. I've clicked 'Show or Remove Blocked Startup Programs' but next to Malwarebytes it says 'Permitted'
I can click 'Run Blocked Program' each time but I wondered if there's a way to unblock it permanently?
Thanks!
Windows is blocking MalwareBytes on startup. I've clicked 'Show or Remove Blocked Startup Programs' but next to Malwarebytes it says 'Permitted'
I can click 'Run Blocked Program' each time but I wondered if there's a way to unblock it permanently?
Thanks!
#15
- Forum Addict
-
- Group: Moderator
- Posts: 31,431
- Joined: 03-September 05
- Gender:Male
- Location:Killeen, TX
Posted 29 November 2009 - 09:38 AM
<<Windows is blocking MalwareBytes on startup. I've clicked 'Show or Remove Blocked Startup Programs' but next to Malwarebytes it says 'Permitted'>>
I have no idea what you are referring to...when do you get this message, where are you seeing this list of programs?
I've never known Windows XP to block any startups unless directed to do so by user or some program.
What you describe...seems to be a Vista feature, http://www.askvg.com/how-to-remove-windows...-windows-vista/
Louis
I have no idea what you are referring to...when do you get this message, where are you seeing this list of programs?
I've never known Windows XP to block any startups unless directed to do so by user or some program.
What you describe...seems to be a Vista feature, http://www.askvg.com/how-to-remove-windows...-windows-vista/
Louis
