Page 1 of 4 123 ... LastLast
Results 1 to 10 of 37

Thread: What is scandsys107f_8028?

  1. #1

    Question What is scandsys107f_8028?

    Hello,

    Yesterday I was surfing the Web and was knocked off by Windows Defender. I run Defender with Ad Aware free. A Defender window showed I was infected by five viruses, one of which was of the Win32 variety. I clicked the button to remedy the problem, which downloaded the file in the title. I scanned it with Ad Aware and got nothing, but Defender labeled the file as suspicious, which I thought was odd--so I did not run the file.

    Instead, I downloaded and ran the Win prevalent malware removal tool and did a full scan. Result: 0 files infected. I downloaded and performed a smart scan with Win virus detection tool. Results again 0.

    What's going on? Is the scandsys file legit or is it the virus? Are MS tools reliable? Is there an available 100% reliable online tool to check my pc for viruses? I was browsing on Firefox at the time. Defender has never behaved like this before.

    Thanks.

  2. #2
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi,

    I use Windows Defender a lot, and have had no problems thus far

    I test individual files/folders against Jotti and virustotal:

    https://www.virustotal.com/

    Basically they test a file/folder using most of the latest AV proggies and definitions. That means that you can expect no more than a 40% hit rate, if that.

    I would not worry about what you are seeing myself, until I had run an online scan, and gotten positives.

  3. #3
    Thanks, nihil:

    Has Defender ever knocked you off the web as I describe and given you a list of infections by name and something like scandsys107f_ 8028 for a response, that Microsoft does not recognize? Is it possible I now have malware on my system that nullifies any online or downloaded search tool? What kind of event was that? Surely, something unusual, some kind of attack, yes?

  4. #4
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi there listener,

    No, I have never had that happen, nor had I even heard of it until you posted

    What you experienced sounds very much like the tactics used by "scareware", which appears to have failed.

    I find it very strange that Defender would suddenly discover 5 malwares, if it has up-to-date definitions. I would have expected it to block them before they got to you. Was it warning you that the site you were on contained this malware?

    If you haven't already done so, might I suggest that you run a full scan in safe mode?

    Also download and install Malwarebytes; update it, then reboot into safe mode and run a full scan.

    http://www.malwarebytes.org/

    The on demand scanner is free, and that is the one you want.

    Is it possible I now have malware on my system that nullifies any online or downloaded search tool? What kind of event was that? Surely, something unusual, some kind of attack, yes?
    It is possible, but rather unlikely, particularly if you run your scans in safe mode. Obviously some sort of attack was attempted, but it is hard to tell what...........my guess is still some sort of scareware as that file is not recognised. If you still have it; try submitting it to Virustotal.

    If anything tries to interfere with the Malwarebytes installation that will warn you.

    Otherwise you will need access to a "clean" computer and download:

    http://windows.microsoft.com/en-US/w...fender-offline

    [ creds to Steve for that one]

    It is the stand alone version of Defender that you run from a bootable disk or USB stick.

    I believe that most of the major security suite vendors have something similar; PANDA certainly do:

    http://free.pandasecurity.com/

    I have tried "anti-rootkit", "safeCD", and "Active Scan"

    Hope that helps.
    Last edited by nihil; June 3rd, 2012 at 10:11 AM.

  5. #5
    Thanks again, ninil! Much good info here.

    How would a scareware attack be launched? Would it be 'moored' to a specific site like an old naval mine? Or would it be fired at me like a bullet by someone online in real time?

    This morning when I booted up I found several windows stacked on my desktop, telling me that Ad Aware had been shut down suddenly and had generated an error report. The choices were to send the report or cancel. I have learned from experience that sending the report on each window will allow Ad Aware to open and to turn on normally after a minute or so. Once it turns on and activates, I get no more of these shut down messages while I am online.

    Are these windows the result of someone firing viruses at my computer like bullets, or what?

    Thanks.

  6. #6
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    How would a scareware attack be launched? Would it be 'moored' to a specific site like an old naval mine? Or would it be fired at me like a bullet by someone online in real time?
    Mostly they are "anchored", frequently without the knowledge of the true site owner.

    They want you to buy some totally useless "anti-malware" solution, so they tend to live just within the law, in most legislations. They want money, which can obviously be traced, so they are not outright illegal

    I have never seen the "bullet firing" approach, which means that I have never seen one; not that they don't exist

    This morning when I booted up I found several windows stacked on my desktop, telling me that Ad Aware had been shut down suddenly and had generated an error report.
    I would guess that AdAware is being blocked then?.............It will retry several times, which would explain the numbner of windows?

    I am afraid that suggests that you do have something nasty onboard

    Obviously, it is afraid of AdAware, so why not update that, and run it in safe mode?

    Also, please get this one:

    http://www.emsisoft.com/en/software/antimalware/

    It is a 30 day trial................please run it in safe mode after an update. After a while it reverts to scanner only............ we just want it for a one-off scan

    Good luck mate!

    And keep me informed............ this dawg has never unwillingly given up a bone!

  7. #7
    Thanks again, nihil:

    I checked out scareware and saw screenshots nearly identical to what I saw on my screen and am thus convinced that what happened to me was a scarewar attack, as you said. No harm done because I never opened their file. I deleted it. Ha ha.

    Could not the Ad-Aware attacks come from an external source--some one firing virus bullets at my pc? I'm not certain I want to update Ad-A since the free version seems to be working as is. Also, would I want to add the Emsisoft product to Ad-A, or delete Ad-Aware first? I've heard that if you have too many anti-virus products on your system, viruses can find spaces between them to attack you. More is not always better?

    Thanks for your continued support.

  8. #8
    Friend of Site Staff
    Join Date
    May 2012
    Posts
    389
    Anti virus and Malware programs like Malwarebytes' Anti-Malware can operate together as they look for different things. I have been using the free version and run it weekly or when I think it is needed. And yes, it will run in safe mode and I do have to update it manually. The paid version will update automatically. Fact is I have downloaded and installed it in Safe Mode with networking and updated it there on lots of clients computers.

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Hi listener,

    The general rule of thumb is that you do not have more than one security application doing the same thing interactively, at the same time. Personally, I have never seen or heard of two applications letting malware through, but I have solved many system instability issues by turning off multiple real time security applications.

    On demand installations of Malwarebytes, A-Squared, Spybot S&D and SuperAntiSpyware are not a problem as you run them one at a time, preferably in safe mode. That way you avoid any potential conflicts.

    I have managed to locate a machine with Windows Defender and Ad-Aware installed. I updated the Ad-Aware (free) application, including the engine etc. It booted and ran just fine afterwards. That makes me think that you might have some sort of installation corruption on your machine. I would recommend uninstalling the current AAW and downloading and doing a fresh install of the latest free version. I advise a clean install, as an update might preserve your problem?

    BTW the OS was Windows 7 Home Premium.

    I noticed that you are using FireFox, and would suggest you get the NoScript and AdBlockPlus plugins, if you haven't already got them.

    I don't think that your Ad-Aware problem is the result of a targeted attack or random malware probes. It still looks like a corruption issue to me. If the re-installation doesn't solve it then you might try cleaning the Registry.

    CCleaner does it at a basic level, and also gets rid of junk files that build up on your system:

    http://www.piriform.com/CCLEANER

    A more comprehensive solution is "Registry Cleaner" by Eusing:

    http://www.eusing.com/Download.htm

    Just click the "skip" button on the begging pop-up, then run the analysis option (top left) .............it makes a backup first, even though it doesn't tell you it does.

    After those, try the clean installation of AAW again.

    Please let us know how you get on.

  10. #10
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    I'd like to pop in on this real quick, because I want to point out something I think is fairly important:

    First off, Nihil kind of brought this up already, but I want to elaborate a little on this:

    Anti Virus Programs USED to be a pretty good idea to add to your Computer, running Windows, because once upon a time, they matter a LOT more.

    The problem comes from the fact that the days of having to actually open an Email, download an attachment, and THEN you got infected, are LONG gone. Today, you aren't really going to see very many "JUST" Anti Virus Products on the Shelf of wherever you go to buy software.

    When I first started getting into Computers you could walk into Best Buy, and see Norton Anti Virus, McAfee Anti Virus, and a few more on the Shelf, and buy them, take them home, and install them.

    It was JUST Anti Virus though. Today, go into the same place, and, it's ALL Security Suites. Now don't get me wrong, we had those back then too, but they were generally bundled Anti Virus and Firewall Combos.

    Today, the same thing is an Anti Virus program, a program to watch for Malware and Spyware, AND the Firewall. The price of this **** has gone up too. I remember buying a version of Norton for like 30 dollars or so.

    The problem is, you don't have many Viruses running around now, because most problems and infections, are usually Tracking Cookies, and web sites loaded up with Spyware or Malware or something else.

    Also of concern is the fact that Anti Virus software doesn't exactly help THAT much. I mean, Nihil was saying 40%, and though I don't know off hand what the hit rate is of any given product, I'd say he's probably being generous as well. You'd be lucky if an off the shelf Anti Virus program managed to find even 25% of the **** in the Wild.

    Anyway, I just wanted to weigh in on that. I wouldn't bother wasting my money on this stuff.

    I have multiple Computers on my Network, but only ONE of them even has a single Windows Partition. And that is THIS Computer. It came with Windows 7, and I left it on there, even though I shrank the HD size in half, and, even right now, I haven't booted into Windows in a while.

    I use mainly Linux and BSD.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •