Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Osa9.dll and McAfee 8.7i


  • Please log in to reply
5 replies to this topic

#1 Aprendizaje

Aprendizaje

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 11 April 2010 - 06:45 PM

I recently ran a scan (three actually, Malwarebytes, McAfee and Spybot S and D) and all came clean, except the On Demand McAfee scan which came up with three instance of osa9.dll. What are these? I read somewhere it was related to Microsoft Office... but in three locations? This is what the log says:

4/11/2010 2:09:31 PM Delete failed (Clean failed) jandkit ODS c:\Documents and Settings\All Users\monsys32\gaska\osa9.dll Generic PWS.y!cbm (Trojan)
4/11/2010 2:56:23 PM Delete failed (Clean failed) jandkit ODS c:\ProgramData\monsys32\gaska\osa9.dll Generic PWS.y!cbm (Trojan)
4/11/2010 2:59:35 PM Delete failed (Clean failed) jandkit ODS c:\Users\All Users\monsys32\gaska\osa9.dll Generic PWS.y!cbm (Trojan)
4/11/2010 3:48:46 PM Scan Summary JANDKIT-PC\jandkit Scan Summary

Are these really trojans? Why aren't they deletable or cleanable?

Thank you everyone!!

BC AdBot (Login to Remove)

 


#2 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:09:19 PM

Posted 11 April 2010 - 06:51 PM

Get the files checked out at virustotal. http://www.virustotal.com/

#3 Aprendizaje

Aprendizaje
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 12 April 2010 - 06:53 PM

HMMM... I went to go try.. and I can't find the files! LOL! I went in through the browse link, I also went under the My Computer from the desktop.. I am pretty sure I have "view all files" (hidden and regular) selected... weird.....

#4 trollocks

trollocks

  • Members
  • 369 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:09:19 PM

Posted 13 April 2010 - 04:40 AM

I've never heard of scanners flagging files that dont exist lol.

To make sure hidden files are seen check out the following.

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Uncheck "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Uncheck "Hide protected operating system files."
Click Apply, and then click OK.

#5 Aprendizaje

Aprendizaje
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 15 April 2010 - 08:44 PM

OK... so I did that.. and I saw all sorts of ghost files.. but when I found Documents and Settings, it had a little lock over it and wouldn't let me access it. My account is listed as administrative. So I know Windows 7 does this thing to protect you from yourself and doesn't give you 'true' administrator rights, so I added the administrator account (found it somewhere online how to do it). I logged into this account and then attempted the same thing.. to locate the files, made sure there were no hidden files etc... and now... even under the Administrator account, it won't let me open Documents and Settings as well as other files with the lock on it.

What the heck???
:thumbsup:

#6 Aprendizaje

Aprendizaje
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:03:19 PM

Posted 18 April 2010 - 01:02 PM

Solved!!!


The “My Documents and Settings” is not a folder used by Windows Vista. It is what is called a junction point. If you note, the folder itself is shaded out with a shortcut overlay. If you have "Hide protected operating system files" unchecked, then you will see these junction points. It is intended that users have no access to these junction points.



In Windows Vista, the “My Documents and Settings“, has been replaced by "Users". Each user account will then have Documents, Pictures, videos etc. Note the "My" designation is no longer used. These junction points exist to provide backwards compatibility for older programs that are unaware of the new folder structure in Windows Vista. A program that is hardcoded to install files in the old Documents and Settings will be silently redirected to the new location.

Knowing this, I was able to locate the file under the administrative account and delete it. It was something called Spy Shark?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users