Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wscntfys.exe Virus?


  • Please log in to reply
2 replies to this topic

#1 splackavellie_ca

splackavellie_ca

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 27 November 2005 - 06:02 PM

recently i was going through my processes because my PC was running sluggish and this was running i looked it up wscntfy.exe on here and it said it was a virus..however i ran 2 virus scans as well as the one on trendmicro for free and none of them detected it...how do i go about removing this??i ended the process but it pops back up and starts running again.

Edited by splackavellie_ca, 27 November 2005 - 06:07 PM.


BC AdBot (Login to Remove)

 


#2 acklan

acklan

    Bleepin' cat's meow


  • Members
  • 8,529 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Baton Rouge, La.
  • Local time:07:03 PM

Posted 28 November 2005 - 12:24 AM

Time to run HJT and POST the log. Remeber not to modify the log. Modifing a HJT log without knowing what you are doing could damage your system to the point you will have to reinstall your OS.
Read all of the Pinned Topics in the HJT Forum before doing anything.
Good luck.
"2007 & 2008 Windows Shell/User Award"

#3 stidyup

stidyup

  • Members
  • 641 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:03 PM

Posted 28 November 2005 - 03:53 AM

wscntfy

"wscntfy.exe" is the Windows Security Center, introduced in Service Pack 2. It displays a tray icon indicating the status of updates, virus protection, and firewall.

wscntfy.exe can be disabled by going in to "Services" and disabling Security Center (not recommented).

Note: The wscntfy.exe file is located in the c:\windows\System32 folder. In other cases, wscntfy.exe is a virus, spyware, trojan or worm! Check this with Security Task Manager.



If you think you are infected submit a hijackthis log to the HJT Forum.

How to submit a hijackthis log

Download Hijackthis

Try running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.com

or

DrWeb CureIT

or

KASFX which is powered by the Kaspersky AV engine, you will need internet access to update it. If you haven't got net access in safe mode, update it before you use it.

If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.

Also try installing and running A2 Free and Ewido

I'd also run Spybot(Spybot Tutorial) and Adaware

If your using Win2K/XP run adaware/spybot from "safe mode with command prompt" If your using Win9x just run it from safe mode the command line options aren't needed..

At the C:\ prompt type the following:-

cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe

Scan suspect files at jotti and Virus Total which use multiple AV scan engines.

Edited by stidyup, 28 November 2005 - 03:54 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users