Trojan.patched.bd
Hi,
I need urgent help please! I've got a trojan called Trojan.Patched.BD in my registry and BitDefender couldn't delete the registry key. I then manually entered the registry and deleted it, but BitDefender shows that it's still infected, even though the key has been deleted.
It's a DLL file called "sens.dll" which is infected by this trojan. I had other trojans with the same filename in my System32 folder, which BD removed successfully. Please help, as I use Internet Banking a lot and I don't want a virus/trojan to steal my private data!
Comments
-
Hi,
I need urgent help please! I've got a trojan called Trojan.Patched.BD in my registry and BitDefender couldn't delete the registry key. I then manually entered the registry and deleted it, but BitDefender shows that it's still infected, even though the key has been deleted.
It's a DLL file called "sens.dll" which is infected by this trojan. I had other trojans with the same filename in my System32 folder, which BD removed successfully. Please help, as I use Internet Banking a lot and I don't want a virus/trojan to steal my private data!
It helps if you could post the scan log.0 -
It seems to becoming a common problem: http://forum.bitdefender.com/index.php?showtopic=4665
0 -
Attached is the latest scan log. The registry key doesn't show up here, since I manually deleted it. But now it found the file in my System32 folder again, even after disinfection on the first scan. Is this virus reproducing itself?
/applications/core/interface/file/attachment.php?id=1610" data-fileid="1610" rel="">Log.xml
0 -
I have the same file / Virus in system32/sens.dll , it appeared yeasterday
0 -
Where are the techies at?
0 -
hello there , well I have the same problem Trojan.Patched. BD in windows\system32\sens.dll, well what next ? I mean did anyone find a solution?
0 -
Hi there!
@Greatbigmouth: To get ride of the first virus, simply deactivate System restore, and then reactivate it. You can view this topic for additional information.
Regarding TrojanPatched.BD, please, one of you, place the file in an archive, protected with the password "infected" and attach it to a new post. We`ll take a look at it and give you further advices.
Cheers!0 -
Hoops, i posted in the wrong thread - same as before.
/applications/core/interface/file/attachment.php?id=1612" data-fileid="1612" rel="">sens.zip
0 -
Hi there!
@Greatbigmouth: To get ride of the first virus, simply deactivate System restore, and then reactivate it. You can view this topic for additional information.
Regarding TrojanPatched.BD, please, one of you, place the file in an archive, protected with the password "infected" and attach it to a new post. We`ll take a look at it and give you further advices.
Cheers!
Ok thanks for the advice but I when I tried to do so I was denied access to file so what can I do?0 -
Also, why is the virus on our computers when BitDefender supposedly "blocks" them. Whenever that popup appears, every time I do a scan the virus is still on my PC, even though it was "blocked".
0 -
Would anyone please tell me how to access this file windows\system 32\sens.dll inorder to post it becasue I'm denied access to it.
0 -
Attached is the latest scan log. The registry key doesn't show up here, since I manually deleted it. But now it found the file in my System32 folder again, even after disinfection on the first scan. Is this virus reproducing itself?
The attachments could be downloaded only by virus researchers and mods. They seem to be attending the problem.
I recommend not to delete anything until there is more clearance about sens.dll, as sens.dll is legit MS file.0 -
OK so what should we do now? We have trojans on our PC's, and the techs keep quiet.....
0 -
OK so what should we do now? We have trojans on our PC's, and the techs keep quiet.....
It seems we just have to sit and wait to see who will be the first to make the big step, the Trojan or the techs there!! I'm having the same problem as you, I really understand what you are going through.0 -
It seems we just have to sit and wait to see who will be the first to make the big step, the Trojan or the techs there!! I'm having the same problem as you, I really understand what you are going through.
The file sens.dll detected by BD is a MS legit file. You don't want to delete that until there is clearance about that on the part of BD. If the file is a false positive (so to say: it is detected as Trojan but it is a legit file) the detection would be removed by updating BD and the problem is solved. If the file is a Trojan, still it is blocked by BD and you should not worry as long as you have the real time protection on.
BTW it would help to spot the infection, if there is any, if someone post a hijackthis log, not as attachment but just copy and paste into the reply. With the information is given so far nobody can do anything except the virus researchers who can examine the attached file.0 -
you don't want to delete that until there is clearance about that on the part of BD.
I moved the file to quarantine. Guess what? After a system reboot, it reproduced itself and was back in the System32 folder.If the file is a Trojan, still it is blocked by BD and you should not worry as long as you have the real time protection on.
So it is not actively harming my PC as we speak? Even though it is on my system, BD blocks it? Can I still do my Internet Banking with that Trojan on my PC, or is it unsafe?post a hijackthis log, not as attachment but just copy and paste into the reply.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:58 PM, on 3/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\iBurstDashboard\TrayLauncher.exe
C:\Program Files\iBurst Terminal\iBurst_Terminal_UTL.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\FlashFXP\FlashFXP.exe
C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.fsinsider.com/downloads/Pages/F...rvicePack1.aspx
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [soundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - Global Startup: iBurst Launcher.lnk = ?
O4 - Global Startup: iBurst_Terminal UTL.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{F7BD4C48-293D-48D4-A784-922328DF21DB}: NameServer = 208.67.222.222 208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
--
End of file - 6934 bytes0 -
The file sens.dll detected by BD is a MS legit file. You don't want to delete that until there is clearance about that on the part of BD. If the file is a false positive (so to say: it is detected as Trojan but it is a legit file) the detection would be removed by updating BD and the problem is solved. If the file is a Trojan, still it is blocked by BD and you should not worry as long as you have the real time protection on.
BTW it would help to spot the infection, if there is any, if someone post a hijackthis log, not as attachment but just copy and paste into the reply. With the information is given so far nobody can do anything except the virus researchers who can examine the attached file.
I really did understand and I didn't delete it I moved it to quarantine this but guess what? SOmething went to quarantine and another it didnothng to it. This is my final LogFile scan result:
Log date : 21:17:39 05/03/2008
Remaining issues:Object Name Threat Name Final Status
[system]=]HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\SENS\PARAMETERS\ServiceDll=]C:\WINDOWS\SYSTEM32\SENS.DLL Trojan.Patched.BD No action was possible
Resolved issues:Object Name Threat Name Final Status
C:\WINDOWS\system32\sens.dll Trojan.Patched.BD Moved to Quarantine
what is going on???0 -
10.19% of systems are infected with Trojan.Patched.BD according to Real-time Virus Reporting - Last 24 hours.
Only Bitdefender and Counter Spy detected it yesterday. Just wait until they research it more, because it's likely to be a false positive.
But for now locate:
C:\WINDOWS\SYSTEM32\SENS.DLL
Right click on it, and click properties. If the date of creation is new, then the file is most likely infected.0 -
Created and modified on Tuesday, February 28, 2006, 2:00:00 PM
Hmm. That's strange, since I moved it to quarantine countless times, but it would just reappear again.0 -
Dear Greatbigmouth,
The legit sens.dll should have a description when you hold mouse cursor on it System Event Notification Service. But in this case yoru sens.dll could be modified. Go to start,run,type regedit press enter now expand this registry key hkey_local_machine,system,currentcontrolset,services,sens,Parameters now take a look at the right side and double click on "ServiceDll" and see what the path is it should be %SystemRoot%\system32\sens.dll check also the default key that should be empty. That should be the only registry keys that should be located. Reboot your pc into safe mode by pressing several times on the F8 button before the windows loading screen select safe mode press enter. Log in with your account. Go to start,right click on my computer choose properties,system restore check the option disable system restore on all stations confirm the message wait till systemrestore is disabled. After that uncheck the option to disable system restore and press on apply and ok. Reboot your pc perform an update with BitDefender and let BitDefender scan it. It would also be nice if you upload your sens.dll so the virus researchers can check it.
Best regards
Niels0 -
These files (although originally legitimate MS dll's) have been modified by the given malware (they contain extra code injected by the malware). They should be restored from the original Windows install CD.
Best regards.0 -
They should be restored from the original Windows install CD
How do I do that?0 -
Dear Greatbigmouth,
Put in your windows installation cd-rom. Press the windows button together with r now type cmd press enter. After that type sfc /scannow and press on enter.
Best regards
Niels0 -
I did as you said, but the file is still there. It didn't replace it.
0 -
About your HJT log:
- I found no suspicious/infected entries.
- When you do a lot of Internet banking you need more protection. Besides BD you need a couple of antispyware programs to make sure you are relatively safe.
- when you right click sens.dll and select properties: 1. Are the date of creation and modification the same? 2. What is the size and the version of the file? 3. Update BD, what happens when you right click sens.dll and select BD from context menu to scan the file?
0 -
Besides BD you need a couple of antispyware programs to make sure you are relatively safe.
Any good programs that you can recommend?Are the date of creation and modification the same?
Yes, they are exactly the same.Update BD, what happens when you right click sens.dll and select BD from context menu to scan the file?
It detects the Trojan.Patched.BD variant.0 -
Any good programs that you can recommend?
Yes, they are exactly the same.
It detects the Trojan.Patched.BD variant.0 -
It went so fast and I could not add anything to my reply:
Any good programs that you can recommend?- I recomend AVG atispyware (not antivirus), after 30 days trial it becomes automatically a free version without real time protection which you can update and scan your system from time to time.
Spybot search & destroy can also be an addition, it handles many old adware/spyware stuff.
Many people use also the free version of Super AntiSpyware. - It is though weired if the creation and the modification date is the same. What is the version and the size?
- You asked in the other post if it is safe to use Internet banking. To be on the safe side avoid that until you replace the dll and you scan your system with those programs I mentioned.
- Using Internet explorer empty your Internet cache, cookies and history. Using disk cleanup empty all temp folders.
- The BD real time protection has blocked access to the dll. That is why you can't replace it. So you can make a copy of the dll from i386 folder on your install CD and save it somewhere on your computer. Then turn of the real time protection and remove the infected dll. Then without rebooting copy the original one to its folder (C:\WINDOWS\SYSTEM32).
If the file is in use you should try it in safe mode. - I am not sure if it works but you may try it if everything failed: click start - type sfc \scannow in the run box, and press Enter. It checks the integrity of windows system files and if needed replaces them. You need your windows install CD. It may take about 20 minutes. The real time protection should be turned off. After that you have to scan the dll with BD.
- Then empty your system volume information to get rid of recreation of infection by windows recovery. To do that: go to start-right click My Computer-select properties- under system restore tab- check turn off system restore on all drives. Click apply. By doing this you loose all your restore points. Reboot and don't forget to uncheck "turn off system restore on all drives" to create a clean restore point.
0 - I recomend AVG atispyware (not antivirus), after 30 days trial it becomes automatically a free version without real time protection which you can update and scan your system from time to time.
-
About your HJT log:
- I found no suspicious/infected entries.
- When you do a lot of Internet banking you need more protection. Besides BD you need a couple of antispyware programs to make sure you are relatively safe.
- when you right click sens.dll and select properties: 1. Are the date of creation and modification the same? 2. What is the size and the version of the file? 3. Update BD, what happens when you right click sens.dll and select BD from context menu to scan the file?
Since I'm having exacty the same proplem as Greatbigmouth, I'll answer for these questions also.
1. Date of creation: Dec. 2004
Date Modified : Aug. 2004
So strange it was modified before it was created!!
Its size is 38 KB and the by version I didn't understand what you meant but for type it has as: Application extension. My operating system is WinXP SP 2.
2. BD was updated everal time and when I scanned this file always the same result: Trojan.Patched.BD
I hope you can help us solve this issue.0 -
Since I'm having exacty the same proplem as Greatbigmouth, I'll answer for these questions also.
1. Date of creation: Dec. 2004
Date Modified : Aug. 2004
So strange it was modified before it was created!!
Its size is 38 KB and the by version I didn't understand what you meant but for type it has as: Application extension. My operating system is WinXP SP 2.
2. BD was updated everal time and when I scanned this file always the same result: Trojan.Patched.BD
I hope you can help us solve this issue.
It happens sometimes that the dat of creation and modification get reversed. The date of modification is not recent and that really strange.
About the version: when you right click the dll and select properties under general tab you read the size and under version tab you can read the version.
The sens.dll with the size of 38 KB (38.912 bytes) should be 5.1.2600.2180.0 -
I would like to say thank you to Farbar and Niels for helping me in this sticky situation. After disabling BD Real Time Protection, I was able to replace the infected file using my Windows XP Installation disc.
My system now appears virus-free. Thank you once again.
EDIT: It seems to have created a sens.dll.tmp file which is still infected. While the original sens.dll file is now clean. I can't delete that tmp file. Tried turning RT protection off. It didn't work.0 -
I would like to say thank you to Farbar and Niels for helping me in this sticky situation. After disabling BD Real Time Protection, I was able to replace the infected file using my Windows XP Installation disc.
My system now appears virus-free. Thank you once again.
EDIT: It seems to have created a sens.dll.tmp file which is still infected. While the original sens.dll file is now clean. I can't delete that tmp file. Tried turning RT protection off. It didn't work.
I am glad we could help you and you are most welcome.
Could you please specify the path to sens.dll.tmp?0 -
No need to. After a system reboot, the file was gone. I did a full scan with BD, and my system came up clean. Thanks again. It's much appreciated.
0 -
No need to. After a system reboot, the file was gone. I did a full scan with BD, and my system came up clean. Thanks again. It's much appreciated.
You are welcome.0 -
You are welcome.
I'm so glad you solved the issue for our friend but I just got mixed up. Can you please tell me what to do inorder to finish with this thing? By the way I don't have a windows installation CD bec it was preinstalled I have the recovery tool. I would be grateful if you can help me since I'm not that expert in computer.0 -
I'm so glad you solved the issue for our friend but I just got mixed up. Can you please tell me what to do in order to finish with this thing? By the way I don't have a windows installation CD bec it was preinstalled I have the recovery tool. I would be grateful if you can help me since I'm not that expert in computer.
This is what you should do:- You need a clean sens.dll anyway. It can be copied from a windows install CD, or another computer.
- If you can find a CD you just put the CD into CD/DVD-ROM. Click start - My Computer - open the CD/DVD-ROM drive. Navigate to i386 Folder and find sens.dll then right click and select copy from the context menu (or select and Ctrl+C), go to a folder like My Documents set the cursor there - right click and select paste from the context menu.
- If you copy the sens.dll from another computer:right click start - select explorer from the context menu - Go to C:\Windows\system32 in that folder copy the sens.dll and paste it to a flash driver or send it as attachment with email to your email. Then download from your flash driver or email to My Documents.
- Turn off the BD real time protection (double click BD icon on the system tray -click settings - antivirus -under Shield tab: uncheck enable real-time protection
- Navigate to C:\Windows\system32\sens.dll and dete it. Don't reboot. Copy the clean sens.dll from My Documents and paste it to system32 folder.
- Turn on BD real-time protection a gain.
- Follow other instructions in the earlier post to clean the IE and Temp folder.
- Follow also the instruction to create a new restore point.
0 -
This is what you should do:
- You need a clean sens.dll anyway. It can be copied from a windows install CD, or another computer.
- If you can find a CD you just put the CD into CD/DVD-ROM. Click start - My Computer - open the CD/DVD-ROM drive. Navigate to i386 Folder and find sens.dll then right click and select copy from the context menu (or select and Ctrl+C), go to a folder like My Documents set the cursor there - right click and select paste from the context menu.
- If you copy the sens.dll from another computer:right click start - select explorer from the context menu - Go to C:\Windows\system32 in that folder copy the sens.dll and paste it to a flash driver or send it as attachment with email to your email. Then download from your flash driver or email to My Documents.
- Turn off the BD real time protection (double click BD icon on the system tray -click settings - antivirus -under Shield tab: uncheck enable real-time protection
- Navigate to C:\Windows\system32\sens.dll and dete it. Don't reboot. Copy the clean sens.dll from My Documents and paste it to system32 folder.
- Turn on BD real-time protection a gain.
- Follow other instructions in the earlier post to clean the IE and Temp folder.
- Follow also the instruction to create a new restore point.
Promise to do it first thing in the morning tomorrow and will tell you the results tomorrow.0 -
Hello, recently I've troubled with this "sens.dll" as well in my WINDOWS\system32. My Bitdefender found it a day before or the day of when this thread is created. It was pretty much normal, I choose to wait for further updates from Bitdefender, but until now, everytime the message pops up with the "Trojan.Patched.BD" detected in "sens.dll", my internet disconnected and reconnected. I'm an online gamer, it's quiet annoying when you play in the middle of some games and have to quit which will cause bad reputations to my game account for quitting. I don't want to enable to "Game Mode" because the "sens.dll" would do something while it's not protected.
I've read this entire thread, I checked the sens.dll and here's the informations:
Created date: Wednesday, August 04 2004, 6:00:00 PM
Modified: Wednesday, August 04 2004, 6:00:00 PM
Size: 38,912
Size on disk: 40,960
When my mouse are place over the .dll, the message shows "The date it was created and size". The passed days, it was something else, such as "System Event Notification Service" which was supposed to be with its version. "Properties" of the ".dll" should have some sections or tabs on top of the interface with the version name, but it doesn't have it in my "sens.dll"
Any recommended methods that I used? (any of the method mentioned up there I should try)I only have Bitdefender Total Security 2008 as my security. I'm using a HP Laptop, which means I don't have the installation CD of the Window.
Any recommended antispyware that is strong and effective?
In my mind, I can get:
- SUPERAntispyware professionals
- Webroot Spyweeper
- AVG Antispyware
Those are the famous one, anymore which can helps me on this problem?
I do not want to delete the sens.dll since it's part of Microsoft legitimate windows applications.
Thank you for further helps~0 -
Created date: Wednesday, August 04 2004, 6:00:00 PM
Modified: Wednesday, August 04 2004, 6:00:00 PM
Size: 38,912
Size on disk: 40,960
Hi Madman,
The size is the right size, it is weird BD detects it as malware. What happens if you clear the logs and let the file scanned By BD again?
*Double click BD tray icon - history -click clear log
*Empty the quarantine also: Double click BD tray icon - settings -antivirus -under Quarantine tab select and click on the "-" sign right above the window.Any recommended methods that I used? (any of the method mentioned up there I should try)I only have Bitdefender Total Security 2008 as my security. I'm using a HP Laptop, which means I don't have the installation CD of the Window.
There is a detailed instruction on this in post to Fida.Any recommended antispyware that is strong and effective?
On this one I have already given my recommendation in this thread.
Good luck!0 -
@ farbar: Well, I found out that when I selected the properties of the "sens.dll", I don't find a section that talks about version, and "Summary".
However, I reformated sometimes before, and I still have backups of my "WINDOWS", I checked the "sens.dll" in the old backups WINDOWS files. I found that there's a section of versions and summary...I scanned it too, and doesn't found anything.
Tell me if this could work...I replaced my old sens.dll with the one I'm using now. I just wondering if it would affect the WINDOWS in anyway, because different version uses?0 -
@ farbar: Well, I found out that when I selected the properties of the "sens.dll", I don't find a section that talks about version, and "Summary".
However, I reformated sometimes before, and I still have backups of my "WINDOWS", I checked the "sens.dll" in the old backups WINDOWS files. I found that there's a section of versions and summary...I scanned it too, and doesn't found anything.
Tell me if this could work...I replaced my old sens.dll with the one I'm using now. I just wondering if it would affect the WINDOWS in anyway, because different version uses?
No it should not effect the working of windows, and it is your own (original) version. In case the windows needs to update it to another version you will know it when you update windows.0 -
No it should not effect the working of windows, and it is your own (original) version. In case the windows needs to update it to another version you will know it when you update windows.
Is there anyway to replace it using Copy and Paste? Because it won't let me access it and you'll know why. It's a message keep poping up saying it's already being used.
I'm pretty sure this can help, since I used another version of it on the same PC.0 -
Well thanks alot for the help Farbar, everything is ok now. " />
0 -
Well thanks alot for the help Farbar, everything is ok now. " />
You are most welcome Fida.0 -
Is there anyway to replace it using Copy and Paste? Because it won't let me access it and you'll know why. It's a message keep poping up saying it's already being used.
I'm pretty sure this can help, since I used another version of it on the same PC.
Did you followed the instruction?- Turn off the BD real time protection (double click BD icon on the system tray -click settings - antivirus -under Shield tab: uncheck enable real-time protection
- Navigate to C:\Windows\system32\sens.dll and dete it. Don't reboot. Copy the clean sens.dll from My Documents and paste it to system32 folder.
- Turn on BD real-time protection a gain.
- Follow other instructions in the earlier post to clean the IE and Temp folder.
- Follow also the instruction to create a new restore point.
0 - Turn off the BD real time protection (double click BD icon on the system tray -click settings - antivirus -under Shield tab: uncheck enable real-time protection
-
Did you followed the instruction?
Ok...
After I turned the off the real time scanner, I go to properties of the sens.dll of the infected, I select "OK", which means it was modified. Then after that, it doesn't get detect anymore after I turn on the real time scanner of BD. However, I just want to make the system clean, I replaced with the old ones...now BD doesn't detect anymore, I've found that it was a legitimate file, everything is normal now.
Thanks for your help...because I do not want to reformat windows for a simple .dll nor installing more softwares to fight against problems can make it worse.0 -
Ok...
After I turned the off the real time scanner, I go to properties of the sens.dll of the infected, I select "OK", which means it was modified. Then after that, it doesn't get detect anymore after I turn on the real time scanner of BD. However, I just want to make the system clean, I replaced with the old ones...now BD doesn't detect anymore, I've found that it was a legitimate file, everything is normal now.
Thanks for your help...because I do not want to reformat windows for a simple .dll nor installing more softwares to fight against problems can make it worse.
I am glad everything is worked out.0 -
Once last question from my side. (Even though my problem is resolved).
Why do we still have trojans/viruses/worms, etc on our PC's if BitDefender supposedly "Blocks" them. Why do they still get through?0 -
Thanks for this thread. I also had the the trojan (thought it'd be a false positive), but this thread helped me clean it out. I had to do the following, which may help others:
1) Disable system restore
2) Boot into safe mode (sens.dll is in use otherwise and can't be deleted)
3) Insert Windows XP CD
4) Open explorer and navigate to c:\windows\system32\
5) Locate sens.dll and delete it (Shift+del so it doesn't go into trash)
6) Goto Start/Run -> type "cmd" enter
7) Navigate to CD's i386 directory ("d:", "cd\i386")
8) Type: expand SENS.DL_ c:\windows\systems32\sens.dll
9) Verify new file is in place and version is correct
10) Reboot computer, enable system restore and create a new restore point.
That might helps some less technically capable people...0 -
Once last question from my side. (Even though my problem is resolved).
Why do we still have trojans/viruses/worms, etc on our PC's if BitDefender supposedly "Blocks" them. Why do they still get through?
This question is asked many times on this forum. As I understand: The perfect antivirus which can catch or prevent all the infections is a wonderful illusion. The virus makers could be intelligent, innovative, skillful and more often consciousless people who invent new techniques and exploit the unknown vulnerabilities in the OS, softwares, programs and even AV we are using. You may also ask with the same analogy the question: why the police force (from any county) can't catch all the bad guys and prevent all the crimes?0