A friendly forum to get help and support
 
PortalPortal  HomeHome  GalleryGallery  FAQFAQ  SearchSearch  RegisterRegister  Log in  

Share | 
 

 Sophos Scan/ Found

View previous topic View next topic Go down 
AuthorMessage
wcturner
Royal Geek
Royal Geek


Number of posts : 1165
Location : Ky.
Humor : Yes
Registration date : 2009-10-26

PostSubject: Sophos Scan/ Found   2/9/2013, 14:16

Repa do I delete these hidden files found in Sophos & how do you know what to do with "Found Items"?



Edit @ 12:21PM Screen shot with more info, these all say the same thing basicly.



I didn't see that I could hilite before i made the first screen shot. They all 4 say removable but not recommended. So, what's this mean?
Back to top Go down
View user profile
Repa
Site Administrator
Site Administrator
avatar

Number of posts : 2378
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

PostSubject: Re: Sophos Scan/ Found   2/9/2013, 16:01

BLF files are associated with the Advanced Computer Architecture. They can be created by the Common Log File System and certain ones can also cause problems with Windows Update if they become unstable. These are normally hidden files because they can contain important user and system-level information, such as user passwords, account settings, and application settings.

I don't know what created the ones you show and cannot find any BLF files that begin as yours do, hence it could be why Sophos cannot identify them. They can also be trojans, but I don't know that from here. Have you done anything recently like a Windows Update, or installed new software or downloaded anything from the internet?

Run ccleaner (always run ccleaner first before doing any malware scans) run all your other scans including an Avast Bootscan, and then rerun Sophos. If none of your other scans detects these files or finds any problems, and sophos detects those files again, you have 3 options here, as I see it:

1. If you aren't experiencing any problems, and none of your other malware scans flag them, including an Avast bootscan, then leave them be for the time being and watch for any unusual behavior.

or,

2. Set a new restore point and then go into the location where the files are (you must have "show hidden folders and files" checked in Folder Options, and "hide file extensions" unchecked) and rename the file by adding .old at the end of the file name so if you experience problems after doing that, you can remove that added .old extension.

or,

3. If none of your other scans detect them, including an Avast Bootscan, and you are experiencing unusual behavior, or even if you aren't experiencing unusual behavior but you are worried about these detections, set a new restore point and name it something like "Before deleting BLF files" so you can easily come back to it if you need to, and then let Sophos remove them. If you experience any problems after doing that, you can always do the restore back to before you deleted them.

If option 1 above is true, I'd go with that for the time being, but one of the other 2 would be ok to do too if you are concerned. I've given them in the order of preference. None are very high risk if you have the new restore point created before you begin, and they are given in the order of least to most risk involved in the case where the files are not a threat.

Sophos sometimes flags things that are ok, and you get that message about an unidentified hidden file that can be removed but recommends that you don't. It is best not to run sophos unless you are experiencing problems, slowdowns, etc and you suspect that something is not right with your computer and none of your other scans find anything, because it can give false positives when nothing is wrong and you need to know how to discover if the warning is a false positive or not. It's difficult to explain that process without being there, and all the more difficult when I can't find anything about those particular named files on the internet.

_________________
Repa
Back to top Go down
View user profile
wcturner
Royal Geek
Royal Geek


Number of posts : 1165
Location : Ky.
Humor : Yes
Registration date : 2009-10-26

PostSubject: Re: Sophos Scan/ Found   2/9/2013, 19:12

1. Repa: It is best not to run sophos unless you are experiencing problems

2. I run weekly scans on Saturday, & did today. I ran Superantispyware, Malwarebytes, Spybot, Avast Boottime scan, Defrag, in this order. And, last I ran the Sophos. The other scans all came up "Clean", nothing found. I also, ran my daily Windows Defender scan & it also found nothing unwanted, & Clean.

3. I did a windows defender update Friday, yesterday, the usual one KB 515597 I think it is.


4. In light of what I said above in #2, should I just do what you said in your #1 above? 1. If you aren't experiencing any problems, and none of your other malware scans flag them, including an Avast bootscan, then leave them be for the time being and watch for any unusual behavior.

5. Or, should I do this anyway?? Run ccleaner (always run ccleaner first before doing any malware scans) run all your other scans including an Avast Bootscan, and then rerun Sophos. If none of your other scans detects these files or finds any problems, and sophos detects those files again, you have 3 options here, as I see it:

6. The only odd behavior I can report is last nite & right now is trying to make posts on this board. I came just now to edit, & make my post in green & one whole sentence was deleted. And, last nite, I was trying to put a space between 2 words & the letters kept deleting themselves. Other than that nothing wrong.

7. Edit: When I ran all my scans today(this morning) I didn't run Ccleaner before I did the scans, as I did not know I was supposed to run ccleaner first. Hope this helps. Thanks...
Back to top Go down
View user profile
Repa
Site Administrator
Site Administrator
avatar

Number of posts : 2378
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

PostSubject: Re: Sophos Scan/ Found   2/9/2013, 20:52

wcturner wrote:
5. Or, should I do this anyway?? Run ccleaner (always run ccleaner first before doing any malware scans) run all your other scans including an Avast Bootscan, and then rerun Sophos. If none of your other scans detects these files or finds any problems, and sophos detects those files again, you have 3 options here, as I see it:

6. The only odd behavior I can report is last nite & right now is trying to make posts on this board. I came just now to edit, & make my post in green & one whole sentence was deleted. And, last nite, I was trying to put a space between 2 words & the letters kept deleting themselves. Other than that nothing wrong.


You can try running ccleaner and then run sophos again. If those files appear again, I'm not really thinking that they could be causing your problems on this site as I have had trouble with typing posts here as well on occasion. You could either wait and look for problems or do options 2 or 3, making sure you have a new restore point before starting that you can come back to if you observe any problems that weren't there before. I've looked on 2 machines and don't find those files, they aren't mentioned on the internet, so I don't know what they are or what they contain. BLF files that contain trojans are usually named differently, so just not sure if they are a threat or not. You could right-click on one of them, select Properties > Details tab, and post a screenshot to let me see the info contained there, if sophos flags them again.

_________________
Repa
Back to top Go down
View user profile
Repa
Site Administrator
Site Administrator
avatar

Number of posts : 2378
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

PostSubject: Re: Sophos Scan/ Found   2/9/2013, 21:43

Repa wrote:
wcturner wrote:
5. Or, should I do this anyway?? Run ccleaner (always run ccleaner first before doing any malware scans) run all your other scans including an Avast Bootscan, and then rerun Sophos. If none of your other scans detects these files or finds any problems, and sophos detects those files again, you have 3 options here, as I see it:

6. The only odd behavior I can report is last nite & right now is trying to make posts on this board. I came just now to edit, & make my post in green & one whole sentence was deleted. And, last nite, I was trying to put a space between 2 words & the letters kept deleting themselves. Other than that nothing wrong.


You can try running ccleaner and then run sophos again. If those files appear again, I'm not really thinking that they could be causing your problems on this site as I have had trouble with typing posts here as well on occasion. You could either wait and look for problems or do options 2 or 3, making sure you have a new restore point before starting that you can come back to if you observe any problems that weren't there before.

Personally, I'd wait a few days and then run the scans again as Windows dynamically creates temporary regtrans and blf files until the settings changes are written permanently to the NTuser.dat file. Running a System Restore also generates these files. So, these files could have been generated by Windows legitimately and Sophos just doesn't recognize them. Deleting these files is not particularly desirable if they are valid files because of their normal Windows function.

I've looked on 2 machines and don't find those files with those names as they appear in the { }, they aren't mentioned on the internet, so I don't know what they are or what they contain. BLF files that contain trojans are usually named differently, so just can't be sure if they are a threat or not - more likely not than are.

You could right-click on one of them, select Properties > Details tab, and post a screenshot to let me see the info contained there, if sophos flags them again.

_________________
Repa
Back to top Go down
View user profile
wcturner
Royal Geek
Royal Geek


Number of posts : 1165
Location : Ky.
Humor : Yes
Registration date : 2009-10-26

PostSubject: Re: Sophos Scan/ Found   2/10/2013, 00:29

Repa: You can try running ccleaner and then run sophos again I'll try this now & see.....
Back to top Go down
View user profile
wcturner
Royal Geek
Royal Geek


Number of posts : 1165
Location : Ky.
Humor : Yes
Registration date : 2009-10-26

PostSubject: Re: Sophos Scan/ Found   2/10/2013, 01:14

Repa: Good News, Take a gander!



Wonder why they did not show again?

I'll only run sophos when something is wrong from now on. Such as......what to look for, to use sophos?

Thanks......
Back to top Go down
View user profile
Repa
Site Administrator
Site Administrator
avatar

Number of posts : 2378
Location : North Carolina
Humor : Age: Older than Dirt!
Registration date : 2008-09-19

PostSubject: Re: Sophos Scan/ Found   2/10/2013, 02:19

wcturner wrote:
Repa: Good News, Take a gander!

Wonder why they did not show again?

As I said before, "Windows dynamically creates temporary regtrans and blf files until the settings changes are written permanently to the NTuser.dat file."

I'll only run sophos when something is wrong from now on. Such as......what to look for, to use sophos?

As I said before, "Sophos sometimes flags things that are ok, and you get that message about an unidentified hidden file that can be removed but recommends that you don't. It is best (for you) not to run sophos unless you are experiencing problems, slowdowns, etc., and you suspect that something is not right with your computer and none of your other scans find anything, because it (sophos) can give false positives when nothing is wrong and you need to know how to discover if the warning is a false positive or not."

In other words, keep from getting yourself stressed out when it could be over nothing, just as it was this time.

_________________
Repa
Back to top Go down
View user profile
Sponsored content




PostSubject: Re: Sophos Scan/ Found   

Back to top Go down
 
Sophos Scan/ Found
View previous topic View next topic Back to top 
Page 1 of 1
 Similar topics
-
» Snow White is so glad she found you!!!
» two headed Arowana found ....
» I Found the Whole Attila Movie On Youtube!
» Found this in the 9C1
» Two More Lost Episodes Found!

Permissions in this forum:You cannot reply to topics in this forum
Geeks, Geeks and More Geeks :: Windows Computer Help :: Computer Security-
Jump to: