PDA

View Full Version : Trojan Remover scan question



JonB
10-10-2007, 09:17 AM
Can one of you experts please advise me on this?
During the Trojan Remover scan on startup, it advises me of two suspect files one called khfcdde.dll and one called winpsa.dll but says these files were not located. The two registry entries referred to do exist, both similar, namely HKLM\Software\Microsoft\WindowsNT\Current Version\Winlogon\Notify\khfcdde.dll and the same for winpsa.dll.
Running a HJT finds these processes but reports "file missing" in each case. I suspect this is a "left-over" from a previous trojan removal and the files are indeed gone. My question is in view of the forgoing description will it be safe to simply delete the two registry entries or is it safer to leave well alone?
Thanks
JonB

Speedy Gonzales
10-10-2007, 09:29 AM
It should be safe to remove them.

Get trojan remover to remove their reference from the registry.

Then reboot.

JonB
10-10-2007, 11:09 AM
Speedy, thanks for your reply.

The TR Fast Scan on startup pops up an alert on both these keys, yet running TR Remover even when Options is set to show alert on missing files does not alert and no option is given to remove. The log in the section WINLOGON\NOTIFY reports "file not found to scan"

I would like to remove the registry entries to keep things tidy. Do you have any other suggestions?

TIA
JonB

Speedy Gonzales
10-10-2007, 11:12 AM
Well when it pops up again with those 2 files, select remove reference from registry. Then they wont come up again.

JonB
10-10-2007, 11:27 AM
Speedy, maybe I'm missing something here. Fast Scan gives an alert for both of the references but in that scan there are no options for removal, it just suggests running Trojan Remover next. When I run TR, I don't get any alert it just reports no problems. So Fast Scan suggests possible problems, TR does not report them. It seems my only other option is to edit the registry manually or just ignore.

JonB

Speedy Gonzales
10-10-2007, 11:34 AM
Well go to whatever entry in the registry and delete the file entries manually.

Or do a search in regedit for those files and delete their entries.

Or use ccleaner, select the registry option / scan for issues, delete whatever entries come up.

JonB
10-10-2007, 11:54 AM
Thanks Speedy.
CCleaner didn't find anything about those entries but it did find some other bits and leftovers. I've manually edited the keys off and all seems OK.
JonB

Pancake
10-10-2007, 01:35 PM
If they are there this will remove them for you.

Copy all the text from the quote box below to notepad. Save it as fixreg.reg to your desktop.
Be sure the "Save as" type is set to "all files"
Once you have saved it double click it and allow it to merge with the registry.





REGEDIT4
[-HKLM\Software\Microsoft\WindowsNT\Current Version\Winlogon\Notify\khfcdde.dll]
[-HKLM\Software\Microsoft\WindowsNT\Current Version\Winlogon\Notify\winpsa.dll]

JonB
10-10-2007, 03:40 PM
Pancake
The entries were there and I removed them using Regedit, but thanks for your input, I have made a note of your method for future reference.
JonB