Today my CIS scheduled scan scanned and popped up with the following file with ‘high’ critical rating ;
c:\program files\Common Files\ESRI\is08211.dll as backdoor.win32.pcclient.ngo[at]134351760
Instead of disinfecting (deleting) the file I quarantined it because I thought I had CIS for long and no untoward thing is observed till date.
After quarantining, I wanted to search web to see what is08211.dll stands for and whether it is such a dangerous file. I clicked Firefox and a message popped up that firefox cannot initialize due to ‘lack of permission’. Okay, fine, something went wrong and I clicked IE… oh… I can’t open IE. I got a bit frantic and checked the programs in task manager. No new programs were seen, but I thought while quarantining the file, the ‘dangerous’ file did something drastic.
So, now I clicked MS Word to check whether that is working… no way… MS Word can’t open. Everything was fine just 20-30 minutes ago when the ‘scan’ started. So I thought let the dangerous thing remain, I need to save my computer first then ‘handcuff’ the dangerous file and I restored the ‘iso8211.dll’ file. But, in vain. Before my eyes I was losing access to each of my resources. Anything that I open once, will lose the access if I try the second time. I opened My Computer to try to open firefox through that, but when I clicked it again, I had no access and My Computer would not start. The programs under Start-All programs had vanished and the C and D drive could also not be seen.
In short, except CIS (thank God), I could not open anything. Using CIS - active process (task manager was gone by then), I isolated ctfmon.exe, googleupdate.exe and desktop calendar.exe…
Cutting short, after isolating the above three applications and also restoring the iso8211.dll I rebooted and yes, I could get my applications back. I opened firefox and firefox started as if it is starting for the first time and I had to reconfigure each of my add ons and the firefox options itself.
I shall be obliged if you can check whether this is caused by this file, because except quarantining this file I wasn’t doing any work at that time. Whatever else like stoppage of all programs culminated after that.
If you require the file, please send me a PM. Is this such a critical file to cause such a havoc in my machine and if yes, it need to be fixed immediately.
XP SP3, CIS 5.0, CSC-3.0. No other security software