Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

sfc_os.dll


  • This topic is locked This topic is locked
70 replies to this topic

#1 totallystumped

totallystumped

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lincolnshire UK
  • Local time:11:01 PM

Posted 20 March 2010 - 11:36 AM

Is this easily removed? I am getting conflicting info.

BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:01 PM

Posted 20 March 2010 - 12:05 PM

Not enough info about your issue.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 totallystumped

totallystumped
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lincolnshire UK
  • Local time:11:01 PM

Posted 20 March 2010 - 01:35 PM

McAfee detects this as a PUP. I cannot rename it,move it, delete it. Some say it's safe, others it's a password stealer. I have re-installed via Acronis True Image. If the backup was corrupt why didn't scans find it when backed up (13/03/2010).
XP Pro. SP2. I am, on a scale of 10, 5 in computer knowledge.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:01 PM

Posted 20 March 2010 - 01:51 PM

Upload the file here: http://www.virustotal.com/ for security check

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:04:01 PM

Posted 20 March 2010 - 02:36 PM

What is the path of this .dll?

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#6 totallystumped

totallystumped
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lincolnshire UK
  • Local time:11:01 PM

Posted 20 March 2010 - 02:37 PM

The name of this PUP is:Patchedsfc: Location C:\WINDOWS\system32\sfc_os.dll

#7 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:01 PM

Posted 20 March 2010 - 02:46 PM

I have that file in that location. The size of mine 137 KB. I am only running SP2 so if you are runnng SP3 and it was modified by that then the size of yours might be different.

#8 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,742 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:04:01 PM

Posted 20 March 2010 - 02:47 PM

What I'm finding on this is, that that is part of System File Checking for XP. However I would also follow Broni's suggestion and submit it.

The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#9 totallystumped

totallystumped
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lincolnshire UK
  • Local time:11:01 PM

Posted 20 March 2010 - 02:54 PM

I uploaded the location is that correct? 3/10 for my knowledge I reckon. Thanks for all your help guys

#10 totallystumped

totallystumped
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lincolnshire UK
  • Local time:11:01 PM

Posted 20 March 2010 - 02:57 PM

It is part of System File Checking in XP. Why hasn't Malwarebytes, & Avast (Free version) found it?

#11 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:01 PM

Posted 20 March 2010 - 03:01 PM

What did VirusTotal say?

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#12 totallystumped

totallystumped
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lincolnshire UK
  • Local time:11:01 PM

Posted 20 March 2010 - 03:08 PM

Still uploading after 35 mins!!!

#13 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,735 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:04:01 PM

Posted 20 March 2010 - 03:23 PM

Try this site at the same time: http://virusscan.jotti.org/en-gb

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#14 totallystumped

totallystumped
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Lincolnshire UK
  • Local time:11:01 PM

Posted 20 March 2010 - 03:24 PM

Stang777 137kb SP2

#15 joseibarra

joseibarra

  • Members
  • 1,257 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:07:01 PM

Posted 20 March 2010 - 07:25 PM

It is a Windows protected file, but could be infected. You can't just delete it even if you wanted to. Windows File Protection might replace it with potentially another infected version (unlikely but possible) so don't take chances and wonder about it.

If it is afflicted, you will need to replace it carefully and with knowledge that it was infected.

I would let MBAM and SAS also have a look if you are even suspicious of malware.

Download, install, update and do a full scan with these free malware detection programs:

Malwarebytes (MBAM): http://malwarebytes.org/
SUPERAntiSpyware: (SAS): http://www.superantispyware.com/

They can be uninstalled later if desired.

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users