Video Screencast Help

Non detection of trojan's

Created: 08 Apr 2009 • Updated: 22 May 2010 | 4 comments

Just installed SEP after my computer took a nose dive from some nasty viruses and had to reformat my computer. I thought that they were all cleaned out, but keep getting error messages on startup. afisicx.exe, mabidwe.exe, sopidkc.exe keep reappering on my system even though I've gone and deleted them from my hard drive and the registry. SEP keeps saying there are no threats detected when I run a full scan of the computer or those files. Any ideas?

Comments 4 CommentsJump to latest comment

pbogu's picture

you have probably deleted them from the harddrive but there are probably few places that are referencing them like shorcuts or registry entries. check the system with Autoruns from sysinternal/microsoft

tekkid's picture

Re-format and restore from backup.  No AV product advertises clean up after-the-installation of AV with 100 percent assuridity.   It's just not worth your time getting back to a "clean" state.

Jason1222's picture

Most executables on their own, pose little threat, unless they have been coded in such a way as to be independant.  Sometimes, those same executables rely on DLL files to point to certain locations or for referencing of comands.  It is possible, that although the registry entry and the executables have been removed the entries in said DLLs still exist.

What about "run" or "runonce" in the registry?  Did you clean those aswell?
Not all files will be identifed by their exact name in the registry, some can be identified by a string {abcde-fghijkl-12345-...} and thus not removed/found when manunally cleaning the registry.

Try opening up Microsoft's System configuration utility (msconfig) and in the "startup tab" look for or identify any "missing entries".  An entry with no name, pointing to a registry entry nonetheless, chances are that's your culprit. 

Other times, some of these buggers load up into a higher level of memory and rewrite themselves.  Those are harder to get rid of. 

You said, you identified them as Trojans, could they actually be malware?  Have you tried a malware scanner or registry cleaner?

Symantec World's picture

If you found and suspicious files so you have to submit to Symantec Security Response Team for Creating a new Definition.

Regards, M.R