Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question About Sdfix


  • Please log in to reply
3 replies to this topic

#1 Bengt

Bengt

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 27 August 2008 - 03:20 AM

Hi

yesterday I had a problem with winupdate.exe, for instance causing a message "Windows cannot find c:\windows\system32\windupdate.exe." whenever the computer was turned on. There was also some freezing e.g. of the mouse cursor. Googlng indicated that this indeed was connected with malware.

Simultaneously, Avast Antivir refused to open. So, I had to find some other way. Eventually I found something called SDFix, installed it, and used it in the Safe Mode. According to this tree trojan files, sysvxd.exe, winupdate.exe and wscmp.dll was found, and deleted.

Since I still was unable to use Avast, I simply uninstalled this, and installed Avira Antivir Personal on the computer. Scanning with Avira gave 7 positives. My question concerns two of them, found in SDFix\backups\backups.zip, backups/winupdate.exe and backups/wscmp.dll

Is this normal after scanning with SDFix? Can anyone explain why the trojan files detected (and removed) by SDFix, turn up in the "backups" of SDFix on an Avira scan??

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:25 AM

Posted 27 August 2008 - 07:59 AM

When SDFix and other specialized tools (like vundofix) remove infected files they place them in backup folders where they no longer pose a threat to your system. This is similar to when an anti-virus quarantines a file by moving it into a virus vault. That file is essentially disabled and prevented from causing any harm to your system. Thus, the quarantined file is safely held there and no longer a threat until you take action to delete it. However, if these files are left in quarantine or in your case, SDFix\backups, other scanning programs and security tools may flag them while in the quarantined area. Delete the SDFix folder and empty your recycle bin.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Bengt

Bengt
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:25 AM

Posted 28 August 2008 - 02:42 AM

Delete the SDFix folder and empty your recycle bin.


Thank you for your answer. Just one question. What do you mean by "deleting the folder?". Do you mean the entire SDFix folder, or just some "backup" part of it? Should one make a fresh download of SDFix everytime it is needed?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:25 AM

Posted 28 August 2008 - 07:40 AM

You can delete the entire folder or as an alternative do this.

Please download OTCleanIt.exe and save to your Desktop.
  • Connect to the Internet and double-click on the file to launch the program.
  • Click on the green CleanUp! button.
  • If you get a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the Internet, please allow the connection.
  • When it has finished, OTCleanIt will ask you to reboot so it can remove itself.
-- Note: Doing this will remove any specialized tools (including this one) downloaded and used.

SDFix is frequently updated. If you have a malware issue in the future and need to use it again, then download the most current version.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users