I’ve read about the recent false positive about a Trojan. There’s an ongoing thread here: https://forums.comodo.com/comodo_boclean_antimalware/ieudinitexe_trojan_horse-t11334.0.html however my question is not discussed there so i posted this. What can I expect from my pc since I clicked “yes” on all the prompt to delete the files on which the false positive trojan was connected. I’ve not notice anything untowards yet in my pc. Do I really have to do system restore? What do these files do:C:\WINDOWS\SYSTEM32\IEUDINIT.EXE, C:\WINDOWS\INF\UNREGMP2.EXE, C:\WINDOWS\SYSTEM32\IE4UINIT.EXE, C:\WINDOWS\SYSTEM32\SHMGRATE.EXE, C:\WINDOWS\SYSTEM32\REGSVR32.EXE, C:\WINDOWS\SYSTEM32\RUNDLL32.EXE Those where the files where apparently the Trojan attached…and I’ve deleted it(unfortunately).
As stated in the thread you pointed to:
The files you list are system files.
You can also, if you want to make sure the files are replaced, insert your Windows installation CD, cancel the autorun.
Then go to start/run type in “cmd” (without the quotes) and at the command prompt type (again, no quotes) “sfc /scannow”
This will start the system file checker (SFC) and it will replace any files it finds missing…
LM
i heard that windows will automatically restore the system files… like “lil mac” said, you also could run “system file checker”…
another way to run “system file checker” is to go to “start”/“run” and, in the dialog-box, type “sfc /scannow” (minus quotations) and then click “OK”…
when running “system file checker”, sometimes you will need to have the “windows” cd in the drive when doing that, but not always: sometimes, with “factory-installs” of windows, the factory will put a copy of “windows” on the harddrive and “system file checker” will use that instead of the “windows” cd… if you have reformatted or if you installed windows yourself, then you will need to use the “windows” cd when running “system file checker”…
Hmm, have I done it that way before? Maybe I have; that makes sense. It’s been a while, though; I could forget…
Never done it on a factory-installed OS, though; never had one o’ those… ;D
LM
I did the Run>cmd>sfc/scannow and it goes thru the process of verifying if all Windows files are intact and in its original version but at the end it is asking me to insert the Windows CD. As far as I can remember we never had that cd before when we bought the pc. So I’d say the system file check is never completed. I guess I’l just have to hope that everything’s ok with my Wndows files.
If you bought the PC new from supplier (such as Dell, Gateway, etc) or even a retailer like BestBuy, it very likely had Windows already installed, and came with an “OEM” disk containing what was on the computer. This CD will be marked with the manufacturer’s name (such as Dell), rather than saying “Windows XP Pro” by Microsoft.
Wherever you bought the PC, you should’ve gotten some form of the OS with it, other than just on the computer…
LM
We only have the Microsoft Works 8 cd plus the cd for the printer that we bought together with the cd. Is there chance we could still ask for the Windows cd from the retailer(PC World)?
Dante,
Assuming you’ve rebooted… do a search for the files you think are deleted.
Your first post listed files that should have been replaced after a re-boot.
As ~cat~ indicated, if any files which were system files were trashed as a result of that problem, “system restore” will have replaced them for you auto-magically. If nothing is acting up, and you’re not getting complaints, then the system “self-healed.” My personal apologies as the person who designed BOClean for the problems with that bad update … MY fault.
But you SHOULD be OK as it is … nasties will go away, but Windows knows what belongs to itself.
i should have said that running “system restore” is another option…
you could look in the folders to see if the files have been automatically regenerated, by “windows”…
i don’t have some of the files… maybe that is because i run IE 6, not IE 7… 'don’t know…
I use BOClean and I’m glad a new version is out, but this is exactly why I didn’t install it on my family’s computers. In this case it’s not the fault of BOClean for doing its job (well, maybe a little due to the bad update), but instead I don’t trust the user. I’m not an expert, but I do know enough that these files were system files as soon as I saw them. Anyway, I’ll keep this gem all to myself ;D