Geeks, Geeks and More Geeks
Would you like to react to this message? Create an account in a few clicks or log in to continue.


THIS FORUM IS NO LONGER ACTIVE. SORRY! DO NOT ATTEMPT TO REGISTER; YOUR REQUEST WILL NOT BE ACCEPTED.
 
PortalPortal  HomeHome  GalleryGallery  Latest imagesLatest images  SearchSearch  RegisterRegister  Log in  

 

 Sophos Scan/ Found

Go down 
2 posters
AuthorMessage
wcturner
Royal Geek
Royal Geek



Number of posts : 1165
Location : Ky.
Humor : Yes
Registration date : 2009-10-26

Sophos Scan/ Found Empty
PostSubject: Sophos Scan/ Found   Sophos Scan/ Found Empty2/9/2013, 14:16

Repa do I delete these hidden files found in Sophos & how do you know what to do with "Found Items"?

Sophos Scan/ Found Sophos10

Edit @ 12:21PM Screen shot with more info, these all say the same thing basicly.

Sophos Scan/ Found Sophos11

I didn't see that I could hilite before i made the first screen shot. They all 4 say removable but not recommended. So, what's this mean?
Back to top Go down
Repa
Site Administrator
Site Administrator
Repa


Number of posts : 2378
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

Sophos Scan/ Found Empty
PostSubject: Re: Sophos Scan/ Found   Sophos Scan/ Found Empty2/9/2013, 16:01

BLF files are associated with the Advanced Computer Architecture. They can be created by the Common Log File System and certain ones can also cause problems with Windows Update if they become unstable. These are normally hidden files because they can contain important user and system-level information, such as user passwords, account settings, and application settings.

I don't know what created the ones you show and cannot find any BLF files that begin as yours do, hence it could be why Sophos cannot identify them. They can also be trojans, but I don't know that from here. Have you done anything recently like a Windows Update, or installed new software or downloaded anything from the internet?

Run ccleaner (always run ccleaner first before doing any malware scans) run all your other scans including an Avast Bootscan, and then rerun Sophos. If none of your other scans detects these files or finds any problems, and sophos detects those files again, you have 3 options here, as I see it:

1. If you aren't experiencing any problems, and none of your other malware scans flag them, including an Avast bootscan, then leave them be for the time being and watch for any unusual behavior.

or,

2. Set a new restore point and then go into the location where the files are (you must have "show hidden folders and files" checked in Folder Options, and "hide file extensions" unchecked) and rename the file by adding .old at the end of the file name so if you experience problems after doing that, you can remove that added .old extension.

or,

3. If none of your other scans detect them, including an Avast Bootscan, and you are experiencing unusual behavior, or even if you aren't experiencing unusual behavior but you are worried about these detections, set a new restore point and name it something like "Before deleting BLF files" so you can easily come back to it if you need to, and then let Sophos remove them. If you experience any problems after doing that, you can always do the restore back to before you deleted them.

If option 1 above is true, I'd go with that for the time being, but one of the other 2 would be ok to do too if you are concerned. I've given them in the order of preference. None are very high risk if you have the new restore point created before you begin, and they are given in the order of least to most risk involved in the case where the files are not a threat.

Sophos sometimes flags things that are ok, and you get that message about an unidentified hidden file that can be removed but recommends that you don't. It is best not to run sophos unless you are experiencing problems, slowdowns, etc and you suspect that something is not right with your computer and none of your other scans find anything, because it can give false positives when nothing is wrong and you need to know how to discover if the warning is a false positive or not. It's difficult to explain that process without being there, and all the more difficult when I can't find anything about those particular named files on the internet.
Back to top Go down
wcturner
Royal Geek
Royal Geek



Number of posts : 1165
Location : Ky.
Humor : Yes
Registration date : 2009-10-26

Sophos Scan/ Found Empty
PostSubject: Re: Sophos Scan/ Found   Sophos Scan/ Found Empty2/9/2013, 19:12

1. Repa: It is best not to run sophos unless you are experiencing problems

2. I run weekly scans on Saturday, & did today. I ran Superantispyware, Malwarebytes, Spybot, Avast Boottime scan, Defrag, in this order. And, last I ran the Sophos. The other scans all came up "Clean", nothing found. I also, ran my daily Windows Defender scan & it also found nothing unwanted, & Clean.

3. I did a windows defender update Friday, yesterday, the usual one KB 515597 I think it is.


4. In light of what I said above in #2, should I just do what you said in your #1 above? 1. If you aren't experiencing any problems, and none of your other malware scans flag them, including an Avast bootscan, then leave them be for the time being and watch for any unusual behavior.

5. Or, should I do this anyway?? Run ccleaner (always run ccleaner first before doing any malware scans) run all your other scans including an Avast Bootscan, and then rerun Sophos. If none of your other scans detects these files or finds any problems, and sophos detects those files again, you have 3 options here, as I see it:

6. The only odd behavior I can report is last nite & right now is trying to make posts on this board. I came just now to edit, & make my post in green & one whole sentence was deleted. And, last nite, I was trying to put a space between 2 words & the letters kept deleting themselves. Other than that nothing wrong.

7. Edit: When I ran all my scans today(this morning) I didn't run Ccleaner before I did the scans, as I did not know I was supposed to run ccleaner first. Hope this helps. Thanks...
Back to top Go down
Repa
Site Administrator
Site Administrator
Repa


Number of posts : 2378
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

Sophos Scan/ Found Empty
PostSubject: Re: Sophos Scan/ Found   Sophos Scan/ Found Empty2/9/2013, 20:52

wcturner wrote:
5. Or, should I do this anyway?? Run ccleaner (always run ccleaner first before doing any malware scans) run all your other scans including an Avast Bootscan, and then rerun Sophos. If none of your other scans detects these files or finds any problems, and sophos detects those files again, you have 3 options here, as I see it:

6. The only odd behavior I can report is last nite & right now is trying to make posts on this board. I came just now to edit, & make my post in green & one whole sentence was deleted. And, last nite, I was trying to put a space between 2 words & the letters kept deleting themselves. Other than that nothing wrong.


You can try running ccleaner and then run sophos again. If those files appear again, I'm not really thinking that they could be causing your problems on this site as I have had trouble with typing posts here as well on occasion. You could either wait and look for problems or do options 2 or 3, making sure you have a new restore point before starting that you can come back to if you observe any problems that weren't there before. I've looked on 2 machines and don't find those files, they aren't mentioned on the internet, so I don't know what they are or what they contain. BLF files that contain trojans are usually named differently, so just not sure if they are a threat or not. You could right-click on one of them, select Properties > Details tab, and post a screenshot to let me see the info contained there, if sophos flags them again.
Back to top Go down
Repa
Site Administrator
Site Administrator
Repa


Number of posts : 2378
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

Sophos Scan/ Found Empty
PostSubject: Re: Sophos Scan/ Found   Sophos Scan/ Found Empty2/9/2013, 21:43

Repa wrote:
wcturner wrote:
5. Or, should I do this anyway?? Run ccleaner (always run ccleaner first before doing any malware scans) run all your other scans including an Avast Bootscan, and then rerun Sophos. If none of your other scans detects these files or finds any problems, and sophos detects those files again, you have 3 options here, as I see it:

6. The only odd behavior I can report is last nite & right now is trying to make posts on this board. I came just now to edit, & make my post in green & one whole sentence was deleted. And, last nite, I was trying to put a space between 2 words & the letters kept deleting themselves. Other than that nothing wrong.


You can try running ccleaner and then run sophos again. If those files appear again, I'm not really thinking that they could be causing your problems on this site as I have had trouble with typing posts here as well on occasion. You could either wait and look for problems or do options 2 or 3, making sure you have a new restore point before starting that you can come back to if you observe any problems that weren't there before.

Personally, I'd wait a few days and then run the scans again as Windows dynamically creates temporary regtrans and blf files until the settings changes are written permanently to the NTuser.dat file. Running a System Restore also generates these files. So, these files could have been generated by Windows legitimately and Sophos just doesn't recognize them. Deleting these files is not particularly desirable if they are valid files because of their normal Windows function.

I've looked on 2 machines and don't find those files with those names as they appear in the { }, they aren't mentioned on the internet, so I don't know what they are or what they contain. BLF files that contain trojans are usually named differently, so just can't be sure if they are a threat or not - more likely not than are.

You could right-click on one of them, select Properties > Details tab, and post a screenshot to let me see the info contained there, if sophos flags them again.
Back to top Go down
wcturner
Royal Geek
Royal Geek



Number of posts : 1165
Location : Ky.
Humor : Yes
Registration date : 2009-10-26

Sophos Scan/ Found Empty
PostSubject: Re: Sophos Scan/ Found   Sophos Scan/ Found Empty2/10/2013, 00:29

Repa: You can try running ccleaner and then run sophos again I'll try this now & see.....
Back to top Go down
wcturner
Royal Geek
Royal Geek



Number of posts : 1165
Location : Ky.
Humor : Yes
Registration date : 2009-10-26

Sophos Scan/ Found Empty
PostSubject: Re: Sophos Scan/ Found   Sophos Scan/ Found Empty2/10/2013, 01:14

Repa: Good News, Take a gander!

Sophos Scan/ Found Sophos12

Wonder why they did not show again?

I'll only run sophos when something is wrong from now on. Such as......what to look for, to use sophos?

Thanks......
Back to top Go down
Repa
Site Administrator
Site Administrator
Repa


Number of posts : 2378
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

Sophos Scan/ Found Empty
PostSubject: Re: Sophos Scan/ Found   Sophos Scan/ Found Empty2/10/2013, 02:19

wcturner wrote:
Repa: Good News, Take a gander!

Wonder why they did not show again?

As I said before, "Windows dynamically creates temporary regtrans and blf files until the settings changes are written permanently to the NTuser.dat file."

I'll only run sophos when something is wrong from now on. Such as......what to look for, to use sophos?

As I said before, "Sophos sometimes flags things that are ok, and you get that message about an unidentified hidden file that can be removed but recommends that you don't. It is best (for you) not to run sophos unless you are experiencing problems, slowdowns, etc., and you suspect that something is not right with your computer and none of your other scans find anything, because it (sophos) can give false positives when nothing is wrong and you need to know how to discover if the warning is a false positive or not."

In other words, keep from getting yourself stressed out when it could be over nothing, just as it was this time.
Back to top Go down
Sponsored content





Sophos Scan/ Found Empty
PostSubject: Re: Sophos Scan/ Found   Sophos Scan/ Found Empty

Back to top Go down
 
Sophos Scan/ Found
Back to top 
Page 1 of 1
 Similar topics
-
» Sophos Scanning
» Trojan Found
» Spybot found this
» Avast Found This
» Windows Defender Auto Scan

Permissions in this forum:You cannot reply to topics in this forum
Geeks, Geeks and More Geeks :: Windows Computer Help :: Computer Security-
Jump to: