| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 83682 | 2007-10-09 20:17:00 | Trojan Remover scan question | JonB (1885) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 599679 | 2007-10-09 20:17:00 | Can one of you experts please advise me on this? During the Trojan Remover scan on startup, it advises me of two suspect files one called khfcdde.dll and one called winpsa.dll but says these files were not located. The two registry entries referred to do exist, both similar, namely HKLM\Software\Microsoft\WindowsNT\Current Version\Winlogon\Notify\khfcdde.dll and the same for winpsa.dll. Running a HJT finds these processes but reports "file missing" in each case. I suspect this is a "left-over" from a previous trojan removal and the files are indeed gone. My question is in view of the forgoing description will it be safe to simply delete the two registry entries or is it safer to leave well alone? Thanks JonB |
JonB (1885) | ||
| 599680 | 2007-10-09 20:29:00 | It should be safe to remove them. Get trojan remover to remove their reference from the registry. Then reboot. |
Speedy Gonzales (78) | ||
| 599681 | 2007-10-09 22:09:00 | Speedy, thanks for your reply. The TR Fast Scan on startup pops up an alert on both these keys, yet running TR Remover even when Options is set to show alert on missing files does not alert and no option is given to remove. The log in the section WINLOGON\NOTIFY reports "file not found to scan" I would like to remove the registry entries to keep things tidy. Do you have any other suggestions? TIA JonB |
JonB (1885) | ||
| 599682 | 2007-10-09 22:12:00 | Well when it pops up again with those 2 files, select remove reference from registry. Then they wont come up again. | Speedy Gonzales (78) | ||
| 599683 | 2007-10-09 22:27:00 | Speedy, maybe I'm missing something here. Fast Scan gives an alert for both of the references but in that scan there are no options for removal, it just suggests running Trojan Remover next. When I run TR, I don't get any alert it just reports no problems. So Fast Scan suggests possible problems, TR does not report them. It seems my only other option is to edit the registry manually or just ignore. JonB |
JonB (1885) | ||
| 599684 | 2007-10-09 22:34:00 | Well go to whatever entry in the registry and delete the file entries manually. Or do a search in regedit for those files and delete their entries. Or use ccleaner, select the registry option / scan for issues, delete whatever entries come up. |
Speedy Gonzales (78) | ||
| 599685 | 2007-10-09 22:54:00 | Thanks Speedy. CCleaner didn't find anything about those entries but it did find some other bits and leftovers. I've manually edited the keys off and all seems OK. JonB |
JonB (1885) | ||
| 599686 | 2007-10-10 00:35:00 | If they are there this will remove them for you . Copy all the text from the quote box below to notepad . Save it as fixreg . reg to your desktop . Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry . REGEDIT4 [-HKLM\Software\Microsoft\WindowsNT\Current Version\Winlogon\Notify\khfcdde . dll] [-HKLM\Software\Microsoft\WindowsNT\Current Version\Winlogon\Notify\winpsa . dll] |
Pancake (6359) | ||
| 599687 | 2007-10-10 02:40:00 | Pancake The entries were there and I removed them using Regedit, but thanks for your input, I have made a note of your method for future reference. JonB |
JonB (1885) | ||
| 1 | |||||