Trojan.patched.bd

2»

Comments

  • aznboyz
    edited March 2008
    This question is asked many times on this forum. As I understand: The perfect antivirus which can catch or prevent all the infections is a wonderful illusion. The virus makers could be intelligent, innovative, skillful and more often consciousless people who invent new techniques and exploit the unknown vulnerabilities in the OS, softwares, programs and even AV we are using. You may also ask with the same analogy the question: why the police force (from any county) can't catch all the bad guys and prevent all the crimes?


    Good but now, my sens.dll (I think) in the System Volume Informations, I'm not sure because it's an infected version but in different name. Such as:


    C:\System Volume Informations\_restore{******-******-******-******-******} you know what I mean...


    Then I checked the clean .dll from yesterday I copied from my back up windows from few months ago in my computer. Check "Properties", it says "Created date: Today, March 09, 2008, 9:35:06 AM" in GMT + 10...I do used my computer at that time, but doesn't touch the .dll...


    @pevans_om: Thanks for the method, I'll try it out, but does it still clean out the old infected .dll in System Volume Informations? Beside, I'm using a laptop which I don't have the Windows XP CD.


    EDIT: If the recommended method doesn't work, then I should try my friend's Window XP Professional SP2 (same as mine), could it work on a laptop? I just need some qualified answer before doing it...

  • farbar
    farbar
    edited March 2008
    @pevans_om: Thanks for the method, I'll try it out, but does it still clean out the old infected .dll in System Volume Informations? Beside, I'm using a laptop which I don't have the Windows XP CD.


    Whatever method you use to replace the dll doesn't clean the infected dll in System Volume Information. The only way to empty System Volume Information is to create a new restore point by checking turning off System Restore on all drives as already explained in this thread and then unchecking it to create a clean restore point.


    You may read this also: I Have A Virus In "system Volume Information"

  • Whatever method you use to replace the dll doesn't clean the infected dll in System Volume Information. The only way to empty System Volume Information is to create a new restore point by checking turning off System Restore on all drives as already explained in this thread and then unchecking it to create a clean restore point.


    You may read this also: I Have A Virus In "system Volume Information"


    I think I understand now, it's probably that the System Volume Information found out that my dll were changed, that was probably why the creation date was this morning to me.


    Thanks for the thread, helps me to understand.

  • hey I got this Trojan to, but my antivirus has been changed etc. So I think that ppl who has this virus should reformat. Like I am. I'm on my iPod Touch so I could get some more info on this virus.

  • I was infected by Trojan.Patched.BC and I asked for help here to the techs. However, I still have no reply after a full week!


    The problem was with WINDOWS\SYSTEM32\SENS.DLL (and a corresponding Registry entry in HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SENS\PARAMETERS\ServiceDll=]C:\WINDOWS\SYSTEM32\SENS.DLL). BD kept telling me it had placed it in quarantine and, thus, protected my computer!!! It couldn't, however, disinfect my PC. And when I tried to delete sens.dll manually, I couldn't. -_-


    I got rid of the problem by doing the following:

    1. Moved (by Drag&Drop) the file on my desktop. Windows restored the file in System32 automatically with an un-infected version.
    2. Restarted. BD notified me, again, about the infected file but, this time, it was the one on my desktop and it disappeared because BD placed in into quarantine.
    3. After an aborted reboot which required a boot CD, I rebooted normally and the problem disappeared. I scanned the sens.dll file in System32 with BD, just to make sure, and NO-MORE-PROBLEMS!!!


    I hope it'll solve yours!

  • I was infected by Trojan.Patched.BC and I asked for help here to the techs. However, I still have no reply after a full week!


    The problem was with WINDOWS\SYSTEM32\SENS.DLL (and a corresponding Registry entry in HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SENS\PARAMETERS\ServiceDll=]C:\WINDOWS\SYSTEM32\SENS.DLL). BD kept telling me it had placed it in quarantine and, thus, protected my computer!!! It couldn't, however, disinfect my PC. And when I tried to delete sens.dll manually, I couldn't. -_-


    I got rid of the problem by doing the following:

    1. Moved (by Drag&Drop) the file on my desktop. Windows restored the file in System32 automatically with an un-infected version.
    2. Restarted. BD notified me, again, about the infected file but, this time, it was the one on my desktop and it disappeared because BD placed in into quarantine.
    3. After an aborted reboot which required a boot CD, I rebooted normally and the problem disappeared. I scanned the sens.dll file in System32 with BD, just to make sure, and NO-MORE-PROBLEMS!!!
    I hope it'll solve yours!


    I confirm, did the same thing and the trojan is gone.

  • i found out who to do it.


    first like he said : turn off system restore on all drives


    second : reset ur com and click F8 all the time then choose safe mode then delete trojan then reset pc again


    just 2 simple ways.


    >___< but bit can not delete the trojan...[ disappointed]

  • Hi,


    I need urgent help please! I've got a trojan called Trojan.Patched.BD in my registry and BitDefender couldn't delete the registry key. I then manually entered the registry and deleted it, but BitDefender shows that it's still infected, even though the key has been deleted.


    It's a DLL file called "sens.dll" which is infected by this trojan. I had other trojans with the same filename in my System32 folder, which BD removed successfully. Please help, as I use Internet Banking a lot and I don't want a virus/trojan to steal my private data! :ph34r:


    pevans_om


    Please advise whether this step will help?


    step 8 got problem, please help


    1) Disable system restore


    2) Boot into safe mode (sens.dll is in use otherwise and can't be deleted)


    3) Insert Windows XP CD


    4) Open explorer and navigate to c:\windows\system32\


    5) Locate sens.dll and delete it (Shift+del so it doesn't go into trash)


    6) Goto Start/Run -> type "cmd" enter


    7) Navigate to CD's i386 directory ("d:", "cd\i386")


    8) Type: expand SENS.DL_ c:\windows\systems32\sens.dll


    9) Verify new file is in place and version is correct


    10) Reboot computer, enable system restore and create a new restore point.

    post-11657-1207353436_thumb.jpg

  • Hi,


    I still had this problem unsolve....

  • pevans_om


    Please advise whether this step will help?


    step 8 got problem, please help


    1) Disable system restore


    2) Boot into safe mode (sens.dll is in use otherwise and can't be deleted)


    3) Insert Windows XP CD


    4) Open explorer and navigate to c:\windows\system32\


    5) Locate sens.dll and delete it (Shift+del so it doesn't go into trash)


    6) Goto Start/Run -> type "cmd" enter


    7) Navigate to CD's i386 directory ("d:", "cd\i386")


    8) Type: expand SENS.DL_ c:\windows\systems32\sens.dll


    9) Verify new file is in place and version is correct


    10) Reboot computer, enable system restore and create a new restore point.


    why this happening????


    http://forum.bitdefender.com/index.php?sho...art=#entry25333

  • I have this and it crippled my computer earlier today but now the antivirus has it in check again temporarily.


    I have read this thread and it seems there are at least 3 ways to try to replace the infected file. Am I right about this?


    So my question is: For someone who has no experience working with registry files, which of the ways described in this thread is the safest to use for someone who would not know what do if something goes wrong? And is that way also the most reliable for reaching the objective of replacing the registry file? If one method is safer/easier but another method is more likely to work, please indicate this.


    Thanks very much for any advice. While waiting for any posts, I am going to go through my whole C drive and make sure that everything I must have backed up is in fact backed up.


    I will report what ultimately happens to my computer and my data in the days ahead.