Trojan.patched.bd

Greatbigmouth
Greatbigmouth
in Malware talk

Hi,


I need urgent help please! I've got a trojan called Trojan.Patched.BD in my registry and BitDefender couldn't delete the registry key. I then manually entered the registry and deleted it, but BitDefender shows that it's still infected, even though the key has been deleted.


It's a DLL file called "sens.dll" which is infected by this trojan. I had other trojans with the same filename in my System32 folder, which BD removed successfully. Please help, as I use Internet Banking a lot and I don't want a virus/trojan to steal my private data! :ph34r:

«1

Comments

  • farbar
    farbar
    Hi,


    I need urgent help please! I've got a trojan called Trojan.Patched.BD in my registry and BitDefender couldn't delete the registry key. I then manually entered the registry and deleted it, but BitDefender shows that it's still infected, even though the key has been deleted.


    It's a DLL file called "sens.dll" which is infected by this trojan. I had other trojans with the same filename in my System32 folder, which BD removed successfully. Please help, as I use Internet Banking a lot and I don't want a virus/trojan to steal my private data! :ph34r:


    It helps if you could post the scan log.

  • farbar
    farbar
    edited March 2008

    It seems to becoming a common problem: http://forum.bitdefender.com/index.php?showtopic=4665

  • Greatbigmouth
    Greatbigmouth

    Attached is the latest scan log. The registry key doesn't show up here, since I manually deleted it. But now it found the file in my System32 folder again, even after disinfection on the first scan. Is this virus reproducing itself? :huh:

    /applications/core/interface/file/attachment.php?id=1610" data-fileid="1610" rel="">Log.xml

  • Anarchy
    Anarchy
    edited March 2008

    I have the same file / Virus in system32/sens.dll , it appeared yeasterday

  • Greatbigmouth
    Greatbigmouth

    Where are the techies at? <_<:unsure:

  • Fida
    Fida

    hello there , well I have the same problem Trojan.Patched. BD in windows\system32\sens.dll, well what next ? I mean did anyone find a solution? :unsure:

  • AndreiASM
    AndreiASM

    Hi there!


    @Greatbigmouth: To get ride of the first virus, simply deactivate System restore, and then reactivate it. You can view this topic for additional information.


    Regarding TrojanPatched.BD, please, one of you, place the file in an archive, protected with the password "infected" and attach it to a new post. We`ll take a look at it and give you further advices.


    Cheers!

  • Anarchy
    Anarchy
    edited March 2008

    Hoops, i posted in the wrong thread - same as before.

    /applications/core/interface/file/attachment.php?id=1612" data-fileid="1612" rel="">sens.zip

  • Fida
    Fida
    Hi there!


    @Greatbigmouth: To get ride of the first virus, simply deactivate System restore, and then reactivate it. You can view this topic for additional information.


    Regarding TrojanPatched.BD, please, one of you, place the file in an archive, protected with the password "infected" and attach it to a new post. We`ll take a look at it and give you further advices.


    Cheers!


    Ok thanks for the advice but I when I tried to do so I was denied access to file so what can I do?

  • Greatbigmouth
    Greatbigmouth

    Also, why is the virus on our computers when BitDefender supposedly "blocks" them. Whenever that popup appears, every time I do a scan the virus is still on my PC, even though it was "blocked".

  • Fida
    Fida

    Would anyone please tell me how to access this file windows\system 32\sens.dll inorder to post it becasue I'm denied access to it. :mellow:

  • farbar
    farbar
    Attached is the latest scan log. The registry key doesn't show up here, since I manually deleted it. But now it found the file in my System32 folder again, even after disinfection on the first scan. Is this virus reproducing itself? :huh:


    The attachments could be downloaded only by virus researchers and mods. They seem to be attending the problem.


    I recommend not to delete anything until there is more clearance about sens.dll, as sens.dll is legit MS file.

  • Greatbigmouth
    Greatbigmouth

    OK so what should we do now? We have trojans on our PC's, and the techs keep quiet..... <_<

  • Fida
    Fida
    OK so what should we do now? We have trojans on our PC's, and the techs keep quiet..... <_<


    It seems we just have to sit and wait to see who will be the first to make the big step, the Trojan or the techs there!! I'm having the same problem as you, I really understand what you are going through.

  • farbar
    farbar
    It seems we just have to sit and wait to see who will be the first to make the big step, the Trojan or the techs there!! I'm having the same problem as you, I really understand what you are going through.


    The file sens.dll detected by BD is a MS legit file. You don't want to delete that until there is clearance about that on the part of BD. If the file is a false positive (so to say: it is detected as Trojan but it is a legit file) the detection would be removed by updating BD and the problem is solved. If the file is a Trojan, still it is blocked by BD and you should not worry as long as you have the real time protection on.


    BTW it would help to spot the infection, if there is any, if someone post a hijackthis log, not as attachment but just copy and paste into the reply. With the information is given so far nobody can do anything except the virus researchers who can examine the attached file.

  • Greatbigmouth
    Greatbigmouth
    you don't want to delete that until there is clearance about that on the part of BD.


    I moved the file to quarantine. Guess what? After a system reboot, it reproduced itself and was back in the System32 folder. :blink:


    If the file is a Trojan, still it is blocked by BD and you should not worry as long as you have the real time protection on.


    So it is not actively harming my PC as we speak? Even though it is on my system, BD blocks it? Can I still do my Internet Banking with that Trojan on my PC, or is it unsafe?


    post a hijackthis log, not as attachment but just copy and paste into the reply.


    Logfile of Trend Micro HijackThis v2.0.2


    Scan saved at 8:29:58 PM, on 3/5/2008


    Platform: Windows XP SP2 (WinNT 5.01.2600)


    MSIE: Internet Explorer v7.00 (7.00.6000.16608)


    Boot mode: Normal


    Running processes:


    C:\WINDOWS\System32\smss.exe


    C:\WINDOWS\system32\winlogon.exe


    C:\WINDOWS\system32\services.exe


    C:\WINDOWS\system32\lsass.exe


    C:\WINDOWS\system32\svchost.exe


    C:\WINDOWS\System32\svchost.exe


    C:\WINDOWS\system32\spoolsv.exe


    C:\WINDOWS\Explorer.EXE


    C:\WINDOWS\system32\RUNDLL32.EXE


    C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe


    C:\Program Files\Analog Devices\Core\smax4pnp.exe


    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe


    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe


    C:\WINDOWS\system32\ctfmon.exe


    C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe


    C:\Program Files\iBurstDashboard\TrayLauncher.exe


    C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.EXE


    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe


    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe


    C:\WINDOWS\system32\nvsvc32.exe


    C:\WINDOWS\system32\svchost.exe


    C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


    C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Program Files\mIRC\mirc.exe


    C:\Program Files\FlashFXP\FlashFXP.exe


    C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


    C:\WINDOWS\System32\svchost.exe


    C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    C:\Program Files\Mozilla Firefox\firefox.exe


    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896


    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157


    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fsinsider.com/downloads/Pages/F...rvicePack1.aspx


    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)


    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll


    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL


    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll


    O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll


    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll


    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup


    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install


    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit


    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe


    O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"


    O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"


    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe


    O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe


    O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray


    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"


    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"


    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"


    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background


    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"


    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe


    O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020


    O4 - Global Startup: iBurst Launcher.lnk = ?


    O4 - Global Startup: iBurst_Terminal UTL.lnk = ?


    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL


    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe


    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    O17 - HKLM\System\CCS\Services\Tcpip\..\{F7BD4C48-293D-48D4-A784-922328DF21DB}: NameServer = 208.67.222.222 208.67.220.220


    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL


    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe


    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe


    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe


    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe


    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe


    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe


    O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe


    O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe


    --


    End of file - 6934 bytes

  • Fida
    Fida
    The file sens.dll detected by BD is a MS legit file. You don't want to delete that until there is clearance about that on the part of BD. If the file is a false positive (so to say: it is detected as Trojan but it is a legit file) the detection would be removed by updating BD and the problem is solved. If the file is a Trojan, still it is blocked by BD and you should not worry as long as you have the real time protection on.


    BTW it would help to spot the infection, if there is any, if someone post a hijackthis log, not as attachment but just copy and paste into the reply. With the information is given so far nobody can do anything except the virus researchers who can examine the attached file.


    I really did understand and I didn't delete it I moved it to quarantine this but guess what? SOmething went to quarantine and another it didnothng to it. This is my final LogFile scan result:


    Log date : 21:17:39 05/03/2008


    Remaining issues:Object Name Threat Name Final Status


    [system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SENS\PARAMETERS\ServiceDll=]C:\WINDOWS\SYSTEM32\SENS.DLL Trojan.Patched.BD No action was possible


    Resolved issues:Object Name Threat Name Final Status


    C:\WINDOWS\system32\sens.dll Trojan.Patched.BD Moved to Quarantine


    what is going on???

  • Chesda
    Chesda
    edited March 2008

    10.19% of systems are infected with Trojan.Patched.BD according to Real-time Virus Reporting - Last 24 hours.


    Only Bitdefender and Counter Spy detected it yesterday. Just wait until they research it more, because it's likely to be a false positive.


    But for now locate:


    C:\WINDOWS\SYSTEM32\SENS.DLL


    Right click on it, and click properties. If the date of creation is new, then the file is most likely infected.

  • Greatbigmouth
    Greatbigmouth

    Created and modified on Tuesday, February 28, 2006, 2:00:00 PM


    Hmm. That's strange, since I moved it to quarantine countless times, but it would just reappear again. :huh:

  • Niels
    Niels

    Dear Greatbigmouth,


    The legit sens.dll should have a description when you hold mouse cursor on it System Event Notification Service. But in this case yoru sens.dll could be modified. Go to start,run,type regedit press enter now expand this registry key hkey_local_machine,system,currentcontrolset,services,sens,Parameters now take a look at the right side and double click on "ServiceDll" and see what the path is it should be %SystemRoot%\system32\sens.dll check also the default key that should be empty. That should be the only registry keys that should be located. Reboot your pc into safe mode by pressing several times on the F8 button before the windows loading screen select safe mode press enter. Log in with your account. Go to start,right click on my computer choose properties,system restore check the option disable system restore on all stations confirm the message wait till systemrestore is disabled. After that uncheck the option to disable system restore and press on apply and ok. Reboot your pc perform an update with BitDefender and let BitDefender scan it. It would also be nice if you upload your sens.dll so the virus researchers can check it.


    Best regards


    Niels

  • Cd-MaN
    Cd-MaN

    These files (although originally legitimate MS dll's) have been modified by the given malware (they contain extra code injected by the malware). They should be restored from the original Windows install CD.


    Best regards.

  • Greatbigmouth
    Greatbigmouth
    They should be restored from the original Windows install CD


    How do I do that?

  • Niels
    Niels

    Dear Greatbigmouth,


    Put in your windows installation cd-rom. Press the windows button together with r now type cmd press enter. After that type sfc /scannow and press on enter.


    Best regards


    Niels

  • Greatbigmouth
    Greatbigmouth

    I did as you said, but the file is still there. It didn't replace it.

  • farbar
    farbar

    About your HJT log:

    1. I found no suspicious/infected entries.
    2. When you do a lot of Internet banking you need more protection. Besides BD you need a couple of antispyware programs to make sure you are relatively safe.
    3. when you right click sens.dll and select properties: 1. Are the date of creation and modification the same? 2. What is the size and the version of the file? 3. Update BD, what happens when you right click sens.dll and select BD from context menu to scan the file?
  • Greatbigmouth
    Greatbigmouth
    Besides BD you need a couple of antispyware programs to make sure you are relatively safe.


    Any good programs that you can recommend?


    Are the date of creation and modification the same?


    Yes, they are exactly the same.


    Update BD, what happens when you right click sens.dll and select BD from context menu to scan the file?


    It detects the Trojan.Patched.BD variant. :ph34r:

  • farbar
    farbar
    Any good programs that you can recommend?


    Yes, they are exactly the same.


    It detects the Trojan.Patched.BD variant. :ph34r:

  • farbar
    farbar

    It went so fast and I could not add anything to my reply:


    Any good programs that you can recommend?


    :ph34r:


    1. I recomend AVG atispyware (not antivirus), after 30 days trial it becomes automatically a free version without real time protection which you can update and scan your system from time to time.


      Spybot search & destroy can also be an addition, it handles many old adware/spyware stuff.


      Many people use also the free version of Super AntiSpyware.

    2. It is though weired if the creation and the modification date is the same. What is the version and the size?
    3. You asked in the other post if it is safe to use Internet banking. To be on the safe side avoid that until you replace the dll and you scan your system with those programs I mentioned.
    4. Using Internet explorer empty your Internet cache, cookies and history. Using disk cleanup empty all temp folders.
    5. The BD real time protection has blocked access to the dll. That is why you can't replace it. So you can make a copy of the dll from i386 folder on your install CD and save it somewhere on your computer. Then turn of the real time protection and remove the infected dll. Then without rebooting copy the original one to its folder (C:\WINDOWS\SYSTEM32).


      If the file is in use you should try it in safe mode.

    6. I am not sure if it works but you may try it if everything failed: click start - type sfc \scannow in the run box, and press Enter. It checks the integrity of windows system files and if needed replaces them. You need your windows install CD. It may take about 20 minutes. The real time protection should be turned off. After that you have to scan the dll with BD.
    7. Then empty your system volume information to get rid of recreation of infection by windows recovery. To do that: go to start-right click My Computer-select properties- under system restore tab- check turn off system restore on all drives. Click apply. By doing this you loose all your restore points. Reboot and don't forget to uncheck "turn off system restore on all drives" to create a clean restore point.
  • Fida
    Fida
    edited March 2008
    About your HJT log:
    1. I found no suspicious/infected entries.
    2. When you do a lot of Internet banking you need more protection. Besides BD you need a couple of antispyware programs to make sure you are relatively safe.
    3. when you right click sens.dll and select properties: 1. Are the date of creation and modification the same? 2. What is the size and the version of the file? 3. Update BD, what happens when you right click sens.dll and select BD from context menu to scan the file?


    Since I'm having exacty the same proplem as Greatbigmouth, I'll answer for these questions also.


    1. Date of creation: Dec. 2004


    Date Modified : Aug. 2004


    So strange it was modified before it was created!!


    Its size is 38 KB and the by version I didn't understand what you meant but for type it has as: Application extension. My operating system is WinXP SP 2.


    2. BD was updated everal time and when I scanned this file always the same result: Trojan.Patched.BD


    I hope you can help us solve this issue.

  • farbar
    farbar
    Since I'm having exacty the same proplem as Greatbigmouth, I'll answer for these questions also.


    1. Date of creation: Dec. 2004


    Date Modified : Aug. 2004


    So strange it was modified before it was created!!


    Its size is 38 KB and the by version I didn't understand what you meant but for type it has as: Application extension. My operating system is WinXP SP 2.


    2. BD was updated everal time and when I scanned this file always the same result: Trojan.Patched.BD


    I hope you can help us solve this issue.


    It happens sometimes that the dat of creation and modification get reversed. The date of modification is not recent and that really strange.


    About the version: when you right click the dll and select properties under general tab you read the size and under version tab you can read the version.


    The sens.dll with the size of 38 KB (38.912 bytes) should be 5.1.2600.2180.

  • Greatbigmouth
    Greatbigmouth
    edited March 2008

    I would like to say thank you to Farbar and Niels for helping me in this sticky situation. After disabling BD Real Time Protection, I was able to replace the infected file using my Windows XP Installation disc.


    My system now appears virus-free. Thank you once again. B)


    EDIT: It seems to have created a sens.dll.tmp file which is still infected. While the original sens.dll file is now clean. I can't delete that tmp file. Tried turning RT protection off. It didn't work.

  • farbar
    farbar
    I would like to say thank you to Farbar and Niels for helping me in this sticky situation. After disabling BD Real Time Protection, I was able to replace the infected file using my Windows XP Installation disc.


    My system now appears virus-free. Thank you once again. B)


    EDIT: It seems to have created a sens.dll.tmp file which is still infected. While the original sens.dll file is now clean. I can't delete that tmp file. Tried turning RT protection off. It didn't work.


    I am glad we could help you and you are most welcome.


    Could you please specify the path to sens.dll.tmp?

  • Greatbigmouth
    Greatbigmouth

    No need to. After a system reboot, the file was gone. I did a full scan with BD, and my system came up clean. Thanks again. It's much appreciated. :)

  • farbar
    farbar
    No need to. After a system reboot, the file was gone. I did a full scan with BD, and my system came up clean. Thanks again. It's much appreciated. :)


    You are welcome.

  • Fida
    Fida
    You are welcome.


    I'm so glad you solved the issue for our friend but I just got mixed up. :unsure: Can you please tell me what to do inorder to finish with this thing? By the way I don't have a windows installation CD bec it was preinstalled I have the recovery tool. I would be grateful if you can help me since I'm not that expert in computer. :mellow:

  • farbar
    farbar
    edited March 2008
    I'm so glad you solved the issue for our friend but I just got mixed up. :unsure: Can you please tell me what to do in order to finish with this thing? By the way I don't have a windows installation CD bec it was preinstalled I have the recovery tool. I would be grateful if you can help me since I'm not that expert in computer. :mellow:


    This is what you should do:

    1. You need a clean sens.dll anyway. It can be copied from a windows install CD, or another computer.
    2. If you can find a CD you just put the CD into CD/DVD-ROM. Click start - My Computer - open the CD/DVD-ROM drive. Navigate to i386 Folder and find sens.dll then right click and select copy from the context menu (or select and Ctrl+C), go to a folder like My Documents set the cursor there - right click and select paste from the context menu.
    3. If you copy the sens.dll from another computer:right click start - select explorer from the context menu - Go to C:\Windows\system32 in that folder copy the sens.dll and paste it to a flash driver or send it as attachment with email to your email. Then download from your flash driver or email to My Documents.
    4. Turn off the BD real time protection (double click BD icon on the system tray -click settings - antivirus -under Shield tab: uncheck enable real-time protection
    5. Navigate to C:\Windows\system32\sens.dll and dete it. Don't reboot. Copy the clean sens.dll from My Documents and paste it to system32 folder.
    6. Turn on BD real-time protection a gain.
    7. Follow other instructions in the earlier post to clean the IE and Temp folder.
    8. Follow also the instruction to create a new restore point.
  • Fida
    Fida
    This is what you should do:
    1. You need a clean sens.dll anyway. It can be copied from a windows install CD, or another computer.
    2. If you can find a CD you just put the CD into CD/DVD-ROM. Click start - My Computer - open the CD/DVD-ROM drive. Navigate to i386 Folder and find sens.dll then right click and select copy from the context menu (or select and Ctrl+C), go to a folder like My Documents set the cursor there - right click and select paste from the context menu.
    3. If you copy the sens.dll from another computer:right click start - select explorer from the context menu - Go to C:\Windows\system32 in that folder copy the sens.dll and paste it to a flash driver or send it as attachment with email to your email. Then download from your flash driver or email to My Documents.
    4. Turn off the BD real time protection (double click BD icon on the system tray -click settings - antivirus -under Shield tab: uncheck enable real-time protection
    5. Navigate to C:\Windows\system32\sens.dll and dete it. Don't reboot. Copy the clean sens.dll from My Documents and paste it to system32 folder.
    6. Turn on BD real-time protection a gain.
    7. Follow other instructions in the earlier post to clean the IE and Temp folder.
    8. Follow also the instruction to create a new restore point.


    Promise to do it first thing in the morning tomorrow and will tell you the results tomorrow. :rolleyes:

  • aznboyz
    aznboyz
    edited March 2008

    Hello, recently I've troubled with this "sens.dll" as well in my WINDOWS\system32. My Bitdefender found it a day before or the day of when this thread is created. It was pretty much normal, I choose to wait for further updates from Bitdefender, but until now, everytime the message pops up with the "Trojan.Patched.BD" detected in "sens.dll", my internet disconnected and reconnected. I'm an online gamer, it's quiet annoying when you play in the middle of some games and have to quit which will cause bad reputations to my game account for quitting. I don't want to enable to "Game Mode" because the "sens.dll" would do something while it's not protected.


    I've read this entire thread, I checked the sens.dll and here's the informations:


    Created date: Wednesday, August 04 2004, 6:00:00 PM


    Modified: Wednesday, August 04 2004, 6:00:00 PM


    Size: 38,912


    Size on disk: 40,960


    When my mouse are place over the .dll, the message shows "The date it was created and size". The passed days, it was something else, such as "System Event Notification Service" which was supposed to be with its version. "Properties" of the ".dll" should have some sections or tabs on top of the interface with the version name, but it doesn't have it in my "sens.dll"


    Any recommended methods that I used? (any of the method mentioned up there I should try)I only have Bitdefender Total Security 2008 as my security. I'm using a HP Laptop, which means I don't have the installation CD of the Window.


    Any recommended antispyware that is strong and effective?


    In my mind, I can get:


    - SUPERAntispyware professionals


    - Webroot Spyweeper


    - AVG Antispyware


    Those are the famous one, anymore which can helps me on this problem?


    I do not want to delete the sens.dll since it's part of Microsoft legitimate windows applications.


    Thank you for further helps~

  • farbar
    farbar
    Created date: Wednesday, August 04 2004, 6:00:00 PM


    Modified: Wednesday, August 04 2004, 6:00:00 PM


    Size: 38,912


    Size on disk: 40,960


    Hi Madman,


    The size is the right size, it is weird BD detects it as malware. What happens if you clear the logs and let the file scanned By BD again?


    *Double click BD tray icon - history -click clear log


    *Empty the quarantine also: Double click BD tray icon - settings -antivirus -under Quarantine tab select and click on the "-" sign right above the window.


    Any recommended methods that I used? (any of the method mentioned up there I should try)I only have Bitdefender Total Security 2008 as my security. I'm using a HP Laptop, which means I don't have the installation CD of the Window.


    There is a detailed instruction on this in post to Fida.


    Any recommended antispyware that is strong and effective?


    On this one I have already given my recommendation in this thread.


    Good luck!

  • aznboyz
    aznboyz

    @ farbar: Well, I found out that when I selected the properties of the "sens.dll", I don't find a section that talks about version, and "Summary".


    However, I reformated sometimes before, and I still have backups of my "WINDOWS", I checked the "sens.dll" in the old backups WINDOWS files. I found that there's a section of versions and summary...I scanned it too, and doesn't found anything.


    Tell me if this could work...I replaced my old sens.dll with the one I'm using now. I just wondering if it would affect the WINDOWS in anyway, because different version uses?

  • farbar
    farbar
    @ farbar: Well, I found out that when I selected the properties of the "sens.dll", I don't find a section that talks about version, and "Summary".


    However, I reformated sometimes before, and I still have backups of my "WINDOWS", I checked the "sens.dll" in the old backups WINDOWS files. I found that there's a section of versions and summary...I scanned it too, and doesn't found anything.


    Tell me if this could work...I replaced my old sens.dll with the one I'm using now. I just wondering if it would affect the WINDOWS in anyway, because different version uses?


    No it should not effect the working of windows, and it is your own (original) version. In case the windows needs to update it to another version you will know it when you update windows.

  • aznboyz
    aznboyz
    No it should not effect the working of windows, and it is your own (original) version. In case the windows needs to update it to another version you will know it when you update windows.


    Is there anyway to replace it using Copy and Paste? Because it won't let me access it and you'll know why. It's a message keep poping up saying it's already being used.


    I'm pretty sure this can help, since I used another version of it on the same PC.

  • Fida
    Fida

    Well thanks alot for the help Farbar, everything is ok now. <img class=" />

  • farbar
    farbar
    Well thanks alot for the help Farbar, everything is ok now. <img class=" />


    You are most welcome Fida.

  • farbar
    farbar
    Is there anyway to replace it using Copy and Paste? Because it won't let me access it and you'll know why. It's a message keep poping up saying it's already being used.


    I'm pretty sure this can help, since I used another version of it on the same PC.


    Did you followed the instruction?


    1. Turn off the BD real time protection (double click BD icon on the system tray -click settings - antivirus -under Shield tab: uncheck enable real-time protection
    2. Navigate to C:\Windows\system32\sens.dll and dete it. Don't reboot. Copy the clean sens.dll from My Documents and paste it to system32 folder.
    3. Turn on BD real-time protection a gain.
    4. Follow other instructions in the earlier post to clean the IE and Temp folder.
    5. Follow also the instruction to create a new restore point.
  • aznboyz
    aznboyz
    Did you followed the instruction?


    Ok...


    After I turned the off the real time scanner, I go to properties of the sens.dll of the infected, I select "OK", which means it was modified. Then after that, it doesn't get detect anymore after I turn on the real time scanner of BD. However, I just want to make the system clean, I replaced with the old ones...now BD doesn't detect anymore, I've found that it was a legitimate file, everything is normal now.


    Thanks for your help...because I do not want to reformat windows for a simple .dll nor installing more softwares to fight against problems can make it worse.

  • farbar
    farbar
    Ok...


    After I turned the off the real time scanner, I go to properties of the sens.dll of the infected, I select "OK", which means it was modified. Then after that, it doesn't get detect anymore after I turn on the real time scanner of BD. However, I just want to make the system clean, I replaced with the old ones...now BD doesn't detect anymore, I've found that it was a legitimate file, everything is normal now.


    Thanks for your help...because I do not want to reformat windows for a simple .dll nor installing more softwares to fight against problems can make it worse.


    I am glad everything is worked out.

  • Greatbigmouth
    Greatbigmouth

    Once last question from my side. (Even though my problem is resolved).


    Why do we still have trojans/viruses/worms, etc on our PC's if BitDefender supposedly "Blocks" them. Why do they still get through?

  • pevans_om
    pevans_om

    Thanks for this thread. I also had the the trojan (thought it'd be a false positive), but this thread helped me clean it out. I had to do the following, which may help others:


    1) Disable system restore


    2) Boot into safe mode (sens.dll is in use otherwise and can't be deleted)


    3) Insert Windows XP CD


    4) Open explorer and navigate to c:\windows\system32\


    5) Locate sens.dll and delete it (Shift+del so it doesn't go into trash)


    6) Goto Start/Run -> type "cmd" enter


    7) Navigate to CD's i386 directory ("d:", "cd\i386")


    8) Type: expand SENS.DL_ c:\windows\systems32\sens.dll


    9) Verify new file is in place and version is correct


    10) Reboot computer, enable system restore and create a new restore point.


    That might helps some less technically capable people...

  • farbar
    farbar
    Once last question from my side. (Even though my problem is resolved).


    Why do we still have trojans/viruses/worms, etc on our PC's if BitDefender supposedly "Blocks" them. Why do they still get through?


    This question is asked many times on this forum. As I understand: The perfect antivirus which can catch or prevent all the infections is a wonderful illusion. The virus makers could be intelligent, innovative, skillful and more often consciousless people who invent new techniques and exploit the unknown vulnerabilities in the OS, softwares, programs and even AV we are using. You may also ask with the same analogy the question: why the police force (from any county) can't catch all the bad guys and prevent all the crimes?

All Time Leaders

Categories

Defenders of the month