Virus this morning - do I have a problem?

Join us now!

Username
Password
Verification
	Stay logged in

Forgot Your Password? Forgot your Username? Haven't received registration validation E-mail?

User Control Panel Log out

Forums
Posts

Latest Posts

Active Posts

Recently Visited

Search Results

View More
Blog

Recent Blog Posts

View More
Photos

Recent Photos

My Favorites

View More Photo Galleries
PMs

Unread PMs

Inbox

Send New PM View More
Page Extras
Menu
- Forum Themes

Cakewalk
- Products
- Support

Mark Thread UnreadFlat Reading Mode ❐

Virus this morning - do I have a problem?

Page: 1 2 > Showing page 1 of 2

Author Post Essentials Only Full Version
jamesg1213 Max Output Level: 0 dBFS Total Posts : 21760 Joined: 2006/04/18 14:42:48 Location: SW Scotland Status: offline 2012/07/09 14:05:06 (permalink) Virus this morning - do I have a problem? Ad-Aware caught a Trojan for me this morning, but this machine has been unstable since. Just had a BSOD, and on boot-up I get this message; '' winlogon.exe - unable to locate component. X This application has failed to start because sfc.os.dll was not found. Re-installing the application may fix this problem '' Any clues? I'm somewhat of a 'puter dunce I'm afraid.. Jyemz Thrombold's Patented Brisk Weather Pantaloonettes with Inclementometer #1 34 Replies Related Threads
Jonbouy Max Output Level: 0 dBFS Total Posts : 22562 Joined: 2008/04/14 13:47:39 Location: England's Sunshine South Coast Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 14:11:02 (permalink) jamesg1213 Ad-Aware caught a Trojan for me this morning, but this machine has been unstable since. Just had a BSOD, and on boot-up I get this message; '' winlogon.exe - unable to locate component. X This application has failed to start because sfc.os.dll was not found. Re-installing the application may fix this problem '' Any clues? I'm somewhat of a 'puter dunce I'm afraid.. SFC relates to the system virus checker but this startup entry could be a spoof and may have been introduced by the malware that has been removed by AdAware. If you use CCleaner you will be able to remove any unwanted start-up entries you may have that were written by the malware thereby supressing the message. Also this may help in the case of the sfc.os.dll http://pcsupport.about.co...ound-missing-error.htm Run a full virus check on the computer as well being as AdAware is only a spam/malware checker, not a full AV program. post edited by Jonbouy - 2012/07/09 14:14:07 "We can't do anything to change the world until capitalism crumbles. In the meantime we should all go shopping to console ourselves" - Banksy #2
jamesg1213 Max Output Level: 0 dBFS Total Posts : 21760 Joined: 2006/04/18 14:42:48 Location: SW Scotland Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 14:13:54 (permalink) Thanks JB, that was quick! I'll run CCleaner, re-start, and see what happens. Jyemz Thrombold's Patented Brisk Weather Pantaloonettes with Inclementometer #3
Jonbouy Max Output Level: 0 dBFS Total Posts : 22562 Joined: 2008/04/14 13:47:39 Location: England's Sunshine South Coast Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 14:14:54 (permalink) jamesg1213 Thanks JB, that was quick! I'll run CCleaner, re-start, and see what happens. Too quick, I hadn't finished...lol. "We can't do anything to change the world until capitalism crumbles. In the meantime we should all go shopping to console ourselves" - Banksy #4
jamesg1213 Max Output Level: 0 dBFS Total Posts : 21760 Joined: 2006/04/18 14:42:48 Location: SW Scotland Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 14:24:40 (permalink) Ha! I'm back, CCleaner didn't do the job, I'll check that link now, thanks. I run AVG and Malwarebytes in addition to AdAware, neither of them have found anything since this morning. Jyemz Thrombold's Patented Brisk Weather Pantaloonettes with Inclementometer #5
Jonbouy Max Output Level: 0 dBFS Total Posts : 22562 Joined: 2008/04/14 13:47:39 Location: England's Sunshine South Coast Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 14:29:59 (permalink) jamesg1213 Ha! I'm back, CCleaner didn't do the job, I'll check that link now, thanks. I run AVG and Malwarebytes in addition to AdAware, neither of them have found anything since this morning. What windows version are you on? Copy the spare sfc_os.dll file from the dllcache folder into system32 if you are on XP. And you should be good to go. "We can't do anything to change the world until capitalism crumbles. In the meantime we should all go shopping to console ourselves" - Banksy #6
jamesg1213 Max Output Level: 0 dBFS Total Posts : 21760 Joined: 2006/04/18 14:42:48 Location: SW Scotland Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 14:37:22 (permalink) Yep, XP SP 2 - yer a star JB, I'll try that next. Jyemz Thrombold's Patented Brisk Weather Pantaloonettes with Inclementometer #7
Jonbouy Max Output Level: 0 dBFS Total Posts : 22562 Joined: 2008/04/14 13:47:39 Location: England's Sunshine South Coast Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 14:40:33 (permalink) It is common for malware to attack the Window File Protection mechanism of which sfc_os.dll is a part. The trojan may have been spoofing this file when AdAware deleted it will have been unable to delete it during that session so would quarantine it until next reboot therefore Windows would not have detected it had gone missing and replaced it from the dllcache as it would if it had been accidentally deleted. Therefore you'll have to copy it manually from the dllcache folder or if that one got zapped too then you'll have to locate it from your Windows CD. Once you have it back again you can from a command prompt type SFC /scannow (have your Windows CD ready) and it will replace any nobbled system files with verified good ones. Of course you can't do that until you have SFC working properly again with a good version of sfc_os.dll back in place. post edited by Jonbouy - 2012/07/09 14:41:46 "We can't do anything to change the world until capitalism crumbles. In the meantime we should all go shopping to console ourselves" - Banksy #8
Jonbouy Max Output Level: 0 dBFS Total Posts : 22562 Joined: 2008/04/14 13:47:39 Location: England's Sunshine South Coast Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 14:52:54 (permalink) I've got a good one from my XP partition if you cannot locate one, only thing is my XP version is SP3 Drop me an email if you need it. "We can't do anything to change the world until capitalism crumbles. In the meantime we should all go shopping to console ourselves" - Banksy #9
Beepster Max Output Level: 0 dBFS Total Posts : 18001 Joined: 2012/05/11 19:11:24 Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 14:57:27 (permalink) You can try HiJackThis (downloadable free from CNET) but be careful with it. You can accidentally delete something important if you don't know what you are doing. If you know the exact name of what you want to get rid of though it should be easy. If not you can submit your log to the HiJack this forums and let the smart dudes there help you figure it out. Also if you haven't tried to remove it using the methods you have already described in safe mode, shut down, boot up in safe mode and try again. Sometimes that will get rid of particularly stubborn computer critters. Cheers. #10
Jonbouy Max Output Level: 0 dBFS Total Posts : 22562 Joined: 2008/04/14 13:47:39 Location: England's Sunshine South Coast Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 15:09:29 (permalink) Here's one which is basically saying the same thing as I did. http://answers.microsoft....4a8e-9171-3d735dc5efde copy c:\windows\system32\dllcache\sfc_os.dll c:\windows\system32 "We can't do anything to change the world until capitalism crumbles. In the meantime we should all go shopping to console ourselves" - Banksy #11
jamesg1213 Max Output Level: 0 dBFS Total Posts : 21760 Joined: 2006/04/18 14:42:48 Location: SW Scotland Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 15:17:33 (permalink) Nope the sfc_os.dll is missing from system32 and the dllcache. I'll have a search for my disc, if not I'll take you up on that kind offer JB, thanks a lot for that. Jyemz Thrombold's Patented Brisk Weather Pantaloonettes with Inclementometer #12
jamesg1213 Max Output Level: 0 dBFS Total Posts : 21760 Joined: 2006/04/18 14:42:48 Location: SW Scotland Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 15:19:36 (permalink) Thanks Beepster You can accidentally delete something important if you don't know what you are doing. ..might be best to leave that alone in my case..;-) Jyemz Thrombold's Patented Brisk Weather Pantaloonettes with Inclementometer #13
Wookiee Rrrrugh arah-ah-woof? Total Posts : 13306 Joined: 2007/01/16 06:19:43 Location: Akahaocwora - Village Yoh Kay Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 15:27:35 (permalink) Once you have the file I would run a boot time scan as well. This should stop anything new appearing, fingers crossed. Wookiee-4077 and The Wookiee Life is not about waiting for the storm to pass, it's about learning to dance in the rain. Karma has a way of finding its own way home. Primary, i7 8700K 16Gigs Ram, 3x500gb SSD's 2TB Backup HHD Saffire Pro 40. Win 10 64Bit Secondary i7 4790K, 32GB Ram, 500Gb SSD OS/Prog's, 1TB Audio, 1TB Samples HHD AudioBox USB, Win 10 64Bit CbB, Adam's A7x's - Event 20/20's, Arturia V6, Korg Digital Legacy, Softube Modular, Arturia Keylab-88, USB-MidiSport 8x8 #14
jamesg1213 Max Output Level: 0 dBFS Total Posts : 21760 Joined: 2006/04/18 14:42:48 Location: SW Scotland Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 15:28:43 (permalink) Just ran a search for the sfc_os.dll, and found one in C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e...whatever that is...should I copy this into the system32 folder? post edited by jamesg1213 - 2012/07/09 15:29:59 Jyemz Thrombold's Patented Brisk Weather Pantaloonettes with Inclementometer #15
Wookiee Rrrrugh arah-ah-woof? Total Posts : 13306 Joined: 2007/01/16 06:19:43 Location: Akahaocwora - Village Yoh Kay Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 15:43:12 (permalink) jamesg1213 Just ran a search for the sfc_os.dll, and found one in C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e...whatever that is...should I copy this into the system32 folder? As long as it of a reasonable date and prior to your infection. Wookiee-4077 and The Wookiee Life is not about waiting for the storm to pass, it's about learning to dance in the rain. Karma has a way of finding its own way home. Primary, i7 8700K 16Gigs Ram, 3x500gb SSD's 2TB Backup HHD Saffire Pro 40. Win 10 64Bit Secondary i7 4790K, 32GB Ram, 500Gb SSD OS/Prog's, 1TB Audio, 1TB Samples HHD AudioBox USB, Win 10 64Bit CbB, Adam's A7x's - Event 20/20's, Arturia V6, Korg Digital Legacy, Softube Modular, Arturia Keylab-88, USB-MidiSport 8x8 #16
jamesg1213 Max Output Level: 0 dBFS Total Posts : 21760 Joined: 2006/04/18 14:42:48 Location: SW Scotland Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 15:43:42 (permalink) Copied the file back into system32, Windows boots up normally now. Thanks again! Jyemz Thrombold's Patented Brisk Weather Pantaloonettes with Inclementometer #17
jamesg1213 Max Output Level: 0 dBFS Total Posts : 21760 Joined: 2006/04/18 14:42:48 Location: SW Scotland Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 15:56:03 (permalink) As long as it of a reasonable date and prior to your infection. Properties shows it originates from 2008 Wook, hopefully that's genuine. Jyemz Thrombold's Patented Brisk Weather Pantaloonettes with Inclementometer #18
Jonbouy Max Output Level: 0 dBFS Total Posts : 22562 Joined: 2008/04/14 13:47:39 Location: England's Sunshine South Coast Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 16:09:01 (permalink) jamesg1213 As long as it of a reasonable date and prior to your infection. Properties shows it originates from 2008 Wook, hopefully that's genuine. yup that's the fella!!! It's from the Service Pack. put a spare back in the dllcache too. Do that SFC /scannow and it will replace it anyhow if it is a wrong 'un. Doing that will also change the system registry back to the defaults for the system files included in the scan also, which may alter some of the customised behaviour you've set up since installation but it will ensure that any malware hasn't made any changes to file pointers to do with the system. post edited by Jonbouy - 2012/07/09 16:12:42 "We can't do anything to change the world until capitalism crumbles. In the meantime we should all go shopping to console ourselves" - Banksy #19
jamesg1213 Max Output Level: 0 dBFS Total Posts : 21760 Joined: 2006/04/18 14:42:48 Location: SW Scotland Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 16:10:09 (permalink) Will do Cap'n Jon, you da man. Jyemz Thrombold's Patented Brisk Weather Pantaloonettes with Inclementometer #20
Crg Max Output Level: 0 dBFS Total Posts : 7719 Joined: 2007/11/15 07:59:17 Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 18:42:53 (permalink) Did you go through the DNS Changer checker from the FBI? Remember the virus has been with us since 2007. Craig DuBuc #21
UbiquitousBubba Max Output Level: 0 dBFS Total Posts : 8912 Joined: 2008/07/09 16:55:12 Location: Everywhere Else Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 18:46:14 (permalink) I've been here longer than that. Oh, you're talking about that computer virus. Never mind... http://ubiquitousbubba.wordpress.com/ http://www.goodreads.com/author/show/6767683.Ubiquitous_Bubba #22
Crg Max Output Level: 0 dBFS Total Posts : 7719 Joined: 2007/11/15 07:59:17 Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 18:54:16 (permalink) Virus...Trojan, it's all the same. Craig DuBuc #23
craigb Max Output Level: 0 dBFS Total Posts : 41704 Joined: 2009/01/28 23:13:04 Location: The Pacific Northwestshire Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 19:05:33 (permalink) Crg Virus...Trojan, it's all the same. Except wearing a virus doesn't protect you against... oh, never mind. Time for all of you to head over to Beyond My DAW! #24
bapu Max Output Level: 0 dBFS Total Posts : 86000 Joined: 2006/11/25 21:23:28 Location: Thousand Oaks, CA Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 21:15:18 (permalink) craigb Crg Virus...Trojan, it's all the same. Except wearing a virus doesn't protect you against... oh, never mind. Me? My name is Ed. I Am still bapu though. My Studio w ww.beyondmydaw.com The Forum Monkeys BJZ BBZ The Coffee House Collaborators Fizzy Pickle The Coffee House Band Stan Dupp and The Jennifer Tillies BAPU #25
Mooch4056 Max Output Level: -0.5 dBFS Total Posts : 7494 Joined: 2005/02/19 17:40:35 Location: Chicago Status: offline Re:Virus this morning - do I have a problem? 2012/07/09 21:57:29 (permalink) bapu craigb Crg Virus...Trojan, it's all the same. Except wearing a virus doesn't protect you against... oh, never mind. Me? Wear a condominium I gotta hound dog From Now On Call Me Conquistador! Donate to the cure Bapu Foundation Email: mooch4056@gmail.com for more info #26
57Gregy Max Output Level: 0 dBFS Total Posts : 14404 Joined: 2004/05/31 17:04:17 Location: Raleigh, North Carolina Status: offline Re:Virus this morning - do I have a problem? 2012/07/10 01:13:38 (permalink) This is a great forum. Greg I am selling my MIM Fender Stratocaster HSS, red and black. PM for more details. Music Creator 2003, MC Pro 24, SONAR Home Studio 6 XL, SONAR X3e, CbB, Focusrite Saffire, not enough space. Everything is better with pie. http://www.soundclick.com/bands/default.cfm?bandID=609446 http://www.reverbnation.com/#!/gregfields #27
jamesg1213 Max Output Level: 0 dBFS Total Posts : 21760 Joined: 2006/04/18 14:42:48 Location: SW Scotland Status: offline Re:Virus this morning - do I have a problem? 2012/07/10 07:23:15 (permalink) It is that Greg. Jyemz Thrombold's Patented Brisk Weather Pantaloonettes with Inclementometer #28
Jonbouy Max Output Level: 0 dBFS Total Posts : 22562 Joined: 2008/04/14 13:47:39 Location: England's Sunshine South Coast Status: offline Re:Virus this morning - do I have a problem? 2012/07/10 07:26:34 (permalink) 57Gregy This is a great forum. 'tis true. I've noticed you don't get an actual Conquistador show up anywhere else. "We can't do anything to change the world until capitalism crumbles. In the meantime we should all go shopping to console ourselves" - Banksy #29
jamesg1213 Max Output Level: 0 dBFS Total Posts : 21760 Joined: 2006/04/18 14:42:48 Location: SW Scotland Status: offline Re:Virus this morning - do I have a problem? 2012/07/13 15:23:10 (permalink) Just a footnote for them that's interested - Ad Aware was gradually crippling my PC, and I couldn't remove it, kept getting BSOD each time. Had to do a system restore in the end. Whether the Trojan forked up Ad Aware, or whether you should steer clear of their latest version, I dunno, but it's just taken me 3 hours to get the machine running again... Jyemz Thrombold's Patented Brisk Weather Pantaloonettes with Inclementometer #30

Page: 1 2 > Showing page 1 of 2

Jump to:

Virus this morning - do I have a problem?

Virus this morning - do I have a problem?

34 Replies Related Threads