Norton scanned "C:\Windows\system32\lsd_f3.dll", but i can't find that.

So yeah. Followed when Norton free scan scanned my pc again. Came up with clean pc, but scanned few malicious looking files like lsd_f3.dll and winmax.exe. The strange part is, that even though i have put all folders visible, i can’t find those two from anywhere on my pc. Any help? Antivurus&Antimalware programs did not scan those files. So another question; is there a way to put all folders and items visible, that could still be invisible after checking the box “show all folders and files”?

I currently don’t have any knowledge, in my little brain, of making ALL files & folders visible. I know how to show most hidden files & folders (I think you know how to too), I one of the things I can’t see in the page file (but I’m sure there is more than that).

If anyone knows how to show all folders, I’d love ( :-*) them. :BNC

Bracca, if you want this answered you may want to tell us your OS. Mine is Vista Home Premium.

I don’t know if I understood right, so those files weren’t cleaned, so the PC didn’t end up clean, or was Norton uncertain if they were bad or not?

All I know is, if you really have problems about malicious files that don’t let themselves be seen, you should definitely scan for rootkits.

Also back when I quested for Ye fabled IE hidden cache, I found that even Windows hides some files, even if you set the Win Explorer to “show hidden files”; but they can be seen from the command prompt.

The reason these files are hidden is usual because they are part of your OS so they must not be delete.
Example:- System Volume Information.

I’m assuming “Show Hidden Files/Folders” is chosen, but do you also have “Hide Protected Operating System Files” unchecked? (remember, this is NOT recommended).

[attachment deleted by admin]

It was unchecked when I looked at it.

Well the problem was, as far as i remember since i deleted the norton free, that it scanned my PC and also scanned folders and files wich were not there. Is Norton so “sophisticated” then, that it tries to scan some of the serious new things found by the guys at Symantec, even though those files would not exist on our pc’s. Then if it locates that thing really is there, it alerts me when teh scan is ended? But this is not at all fun if they SHOW t during the scan, since this could really, REALLY spook up people (like me), to see a virus scanner scanning folders that do not exist.
So in short, when i looked at the progress, it said: “Now scanning: C:\Windows\system32\lsd_f3.dll”. Still can’t find that from anywhere, but atleast the other (Superantispyware, Ewido, Comodo, AVG, Avira, Malwarebyte’s and exterminate it!) programs don’t scan those folders, or atleast i have not found that out yet.

What ever it scans for is in the form of a signature in the database. It couldn’t have shown it was scanning…C:\windows\system\xxxx.exe if it wasn’t there. Plus, the malware sample wouldn’t have been called “lsd_f3.dll”.

The file “lsd_f3.dll” is a component of a password stealing trojan. Please see

Have you tired searching for and deleting this file in Safe Mode?

Ewen :slight_smile:

I do a scan in safe mode with everything i got on my pc, but they have not found that trojan. Also, the Norton scanned at the same time the keylogger Boss Eye. It is suposed to creata an folder in start men uand add and edit some registry keys. I tried to find those also from my registry but they where not there. exterminate it! was suppsoed to find that keylogger but it found nothing. Should i isntall norton free scan again and take an screenshot if i see anything suspicious?

Yes please

First scan went without any special thing’s popping up in the “Currently scanning” Section. Just the files that other programs scan also that are present on my computer. Will post screenshot’s if something interesting jumps to my eyes.

An idea popped inside my mind. Are there any known rootkits that hide that password stealing trojan AND a keylogger called UAB optiva? If so, Does CIS find them? And if CIS does NOT find them, what program will?

Do you mean the CIS AV or D+?

The AV will find it if it is in the database.

D+ will alert/block rootkit installations.

There are specialized rootkit removal tools like GMER and Hijack This (for experienced users, or post a log).

Hijack This notices rootkit’s also? Hmm. Well then i’ll post the new log soon if i find something else from my system. And yes i mean CIS AV. So is this password stealing trojan and UAB Optiva/Boss Eye included in CIS database? If so, then ithink that something is seriosly wrong with norton if it scans for non existing folders.

It can give clues like if the rootkit runs a new process, it would show in Hijackthis.
Using GMER is better for rootkits.

In the future, you can post a log here.

There is currently no way to tell what is in the database, unless you have the malware file and scan it to see if it is detected.