Page 1 of 4 123 ... LastLast
Results 1 to 10 of 37

Thread: What is scandsys107f_8028?

Hybrid View

  1. #1

    Question What is scandsys107f_8028?

    Hello,

    Yesterday I was surfing the Web and was knocked off by Windows Defender. I run Defender with Ad Aware free. A Defender window showed I was infected by five viruses, one of which was of the Win32 variety. I clicked the button to remedy the problem, which downloaded the file in the title. I scanned it with Ad Aware and got nothing, but Defender labeled the file as suspicious, which I thought was odd--so I did not run the file.

    Instead, I downloaded and ran the Win prevalent malware removal tool and did a full scan. Result: 0 files infected. I downloaded and performed a smart scan with Win virus detection tool. Results again 0.

    What's going on? Is the scandsys file legit or is it the virus? Are MS tools reliable? Is there an available 100% reliable online tool to check my pc for viruses? I was browsing on Firefox at the time. Defender has never behaved like this before.

    Thanks.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi,

    I use Windows Defender a lot, and have had no problems thus far

    I test individual files/folders against Jotti and virustotal:

    https://www.virustotal.com/

    Basically they test a file/folder using most of the latest AV proggies and definitions. That means that you can expect no more than a 40% hit rate, if that.

    I would not worry about what you are seeing myself, until I had run an online scan, and gotten positives.

  3. #3
    Junior Member
    Join Date
    Jun 2012
    Posts
    1
    Quote Originally Posted by nihil View Post
    Hi,

    I use Windows Defender a lot, and have had no problems thus far

    I test individual files/folders against Jotti and virustotal:

    https://www.virustotal.com/

    Basically they test a file/folder using most of the latest AV proggies and definitions. That means that you can expect no more than a 40% hit rate, if that.

    I would not worry about what you are seeing myself, until I had run an online scan, and gotten positives.
    Thats dont help for me... ;/ Dammet.

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Well, it ought to be helpful, as virustotal runs quite a few malware detectors, so if you get positives you should be very wary of the file.

    At the same time submit the file name to Google or other search engine and see what other people have to say about it........no hits looks like random naming, which would be unusual for legitimate software.

    There are a number of sites that specialise in giving information on what product files belong to and whether they are considered safe.

    As well as that, note the size of file and its location, if installed. The sites I mention will usually tell you the sizes and locations of legitimate copies.......if it's anywhere else or a different size then it is probably malware.


  5. #5
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Nihil; Do you remember back when there was an Email going around that you'd get from a real family member or friend telling you that a "New Virus" was going around, and that the way you could tell if you had it, was to go to a certain area, and if you saw a file named a certain name with a Teddy Bear Icon, you were infected.... LOL.

    I still remember that, and how many people would delete that, thinking it was a Virus, when, really, I considered it a really clever scam. When you can make people do the same thing you would maybe want a virus to do, that's kind of neat.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Yeah, I do remember there were a whole raft of pranks and hoaxes designed to make fools of the recipients IIRC?

    In the context of the OP's post, the modern equivalent is the Scareware that he seems to have encountered, only the objective now is to rip off the recipient

    Talking of pranks (and this was NOT deliberate), a mate of mine desperately wanted to borrow an HDD a few days ago. He didn't want PATA, so the best I could do was the 320GB SATA II drive I had just tested my Core i7 2600K rig on.

    Couple of days later he calls me and says he's been working on it two days and it won't load Windows7.......all he gets is a blinking cursor. He had also tried the 32bit Windows8 Release Preview DVD that I had given him, and that did the same.

    He'd run an HDD test and checked the boot sequence in his BIOS, but still no joy. OK at least that meant his box was booting BIOS, and the problem had to be detecting an OS. As the disk check worked it could obviously get into DOS, so why not a bootable Windows medium?

    I went round to have a look and a and found that it would install the loader for Windows Vista 32bit, but not much else after that. It gave a message about "GTP" which finally caught me on.

    The Intel box had defaulted to the more modern GTP partitioning, whilst his older AMD rig and BIOS were looking for an MBR setup.

    Strange that Windows7 & 8 didn't just load from the DVD and report the problem, when the older crappier Vista did?

    The quick solution was to wipe the drive with DBAN then it worked just fine. I know you can get utilities to do conversions, but he had a dead box with an unusable drive.

    It gave me a good laugh though........couldn't have done better if I'd tried

  7. #7
    Thanks, nihil:

    Has Defender ever knocked you off the web as I describe and given you a list of infections by name and something like scandsys107f_ 8028 for a response, that Microsoft does not recognize? Is it possible I now have malware on my system that nullifies any online or downloaded search tool? What kind of event was that? Surely, something unusual, some kind of attack, yes?

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi there listener,

    No, I have never had that happen, nor had I even heard of it until you posted

    What you experienced sounds very much like the tactics used by "scareware", which appears to have failed.

    I find it very strange that Defender would suddenly discover 5 malwares, if it has up-to-date definitions. I would have expected it to block them before they got to you. Was it warning you that the site you were on contained this malware?

    If you haven't already done so, might I suggest that you run a full scan in safe mode?

    Also download and install Malwarebytes; update it, then reboot into safe mode and run a full scan.

    http://www.malwarebytes.org/

    The on demand scanner is free, and that is the one you want.

    Is it possible I now have malware on my system that nullifies any online or downloaded search tool? What kind of event was that? Surely, something unusual, some kind of attack, yes?
    It is possible, but rather unlikely, particularly if you run your scans in safe mode. Obviously some sort of attack was attempted, but it is hard to tell what...........my guess is still some sort of scareware as that file is not recognised. If you still have it; try submitting it to Virustotal.

    If anything tries to interfere with the Malwarebytes installation that will warn you.

    Otherwise you will need access to a "clean" computer and download:

    http://windows.microsoft.com/en-US/w...fender-offline

    [ creds to Steve for that one]

    It is the stand alone version of Defender that you run from a bootable disk or USB stick.

    I believe that most of the major security suite vendors have something similar; PANDA certainly do:

    http://free.pandasecurity.com/

    I have tried "anti-rootkit", "safeCD", and "Active Scan"

    Hope that helps.
    Last edited by nihil; June 3rd, 2012 at 10:11 AM.

  9. #9
    Thanks again, ninil! Much good info here.

    How would a scareware attack be launched? Would it be 'moored' to a specific site like an old naval mine? Or would it be fired at me like a bullet by someone online in real time?

    This morning when I booted up I found several windows stacked on my desktop, telling me that Ad Aware had been shut down suddenly and had generated an error report. The choices were to send the report or cancel. I have learned from experience that sending the report on each window will allow Ad Aware to open and to turn on normally after a minute or so. Once it turns on and activates, I get no more of these shut down messages while I am online.

    Are these windows the result of someone firing viruses at my computer like bullets, or what?

    Thanks.

  10. #10
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    How would a scareware attack be launched? Would it be 'moored' to a specific site like an old naval mine? Or would it be fired at me like a bullet by someone online in real time?
    Mostly they are "anchored", frequently without the knowledge of the true site owner.

    They want you to buy some totally useless "anti-malware" solution, so they tend to live just within the law, in most legislations. They want money, which can obviously be traced, so they are not outright illegal

    I have never seen the "bullet firing" approach, which means that I have never seen one; not that they don't exist

    This morning when I booted up I found several windows stacked on my desktop, telling me that Ad Aware had been shut down suddenly and had generated an error report.
    I would guess that AdAware is being blocked then?.............It will retry several times, which would explain the numbner of windows?

    I am afraid that suggests that you do have something nasty onboard

    Obviously, it is afraid of AdAware, so why not update that, and run it in safe mode?

    Also, please get this one:

    http://www.emsisoft.com/en/software/antimalware/

    It is a 30 day trial................please run it in safe mode after an update. After a while it reverts to scanner only............ we just want it for a one-off scan

    Good luck mate!

    And keep me informed............ this dawg has never unwillingly given up a bone!

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •