I am using Windows XP SP2
Quadcore Q6600
4Gb Ram
Nvidia 8600GTS
After installing Comodo BOClean I would get a pop-up window saying something about a trojan and asking me if I wanted to remove “explorer.exe”. Of course I don’t want to remove explorer.exe or I’ll have no desktop (or for that matter, anything else to work with). After clicking “NO”, my desktop completely dissapeared. I rebooted the computer and ended up getting the same message. I cliked on “NO” again and got the same result…no desktop!
I then hit Ctrl-Alt-Delete and went into my PROCESS tab, clicked on FILE-NEW TASK (RUN) and typed in explorer.exe. This brought my desktop back. I then went to my taskbar and right clicked on the ComodoBOClean icon to bring up the menu. I went to Program Exlcuder and added explorer.exe.
Explorer now stays open but it doesn’t seem like this should have to be done after installing this program? Has anyone else experienced this problem or does Comodo have any ideas as to why this would happen?
The other problem I am getting is since I have installed BOClean the Windows hour glass keeps appearing next to my mouse pointer every 10 seconds? This doesn’t seem to cause any problems but it is annoying to the point that if I can’t stop it I will be uninstalling BOClean. Once again, any ideas and resolutions would be greatly appreciated.
In addition to the above mentioned problems. I am now getting the following message:
BKDR-BANDOK.SAA VARIANT STOPPED BY BOCLEAN
Location of startup:FILE
C:\WINDOWS\SYSTEM32\MSDLL.EXE
This trojan horse program was found on your machine.
It has been shut down but the FILE from which it started still remains and can be started up again.
Do you want the file removed also?
YES NO
This computer is brand new and has virtually nothing installed on it. I am sure that explorer.exe, msdll.exe, etc. are not infected with trojans. It looks like it’s time to uninstall BOClean!
ctdr11233,
First, welcome to the forums!
My first concern would be to determine if the file is in fact infected.
Upload it to VirusTotal for a scan to see what it says and we’ll take it from there.
Msdll.exe is a trojan/backdoor if it’s located in \system32. Like ~cat~ said, try uploading it to <a href="http://www.virustotoal.com>VirusTotal and see if it’s detected.
I guess it’s attached to explorer.exe(thus giving you alerts that explorer.exe is a trojan).
Then it’s indeed a trojan. Explorer.exe was probably identified by BOClean because msdll.exe is attached to it, like I said before.
First of all, you need to disable System Restore as described <a href="http://support.microsoft.com/kb/310405>here. Now boot in safe mode and see if you’re able to remove it. Then do a search for ‘mdsll.exe’ and see if it finds something. Reboot. If it’s gone now, you can enable System Restore again.
Since ClamAV detected it, it should be able to remove it, so try downloading it.
If it doesn’t, download HijackThis and run a scan, might be possible there’s some other malicious file, since msdll.exe is restored, might be worth checking the hidden folder “Dllcache” in system32 for msdll.exe, as Windows copies the files from there in case their deleted from system32.
