PDA

View Full Version : Spybot System Startup Problem, HELP!



snowangel
2007-12-11, 05:40
I'm new at using spybot, but I starting looking through the startup list to determine which programs were necessary and which were harmful. I found crypt32chain.dll and SensLogn to be harmful programs, so at first I unchecked them from the list. When I refreshed the list, they were still there, checked. Then I deleted them, but once again when I refreshed the list they were still there, checked to run when I started up my computer. I went to my Settings to look at the list of programs I had blocked, and others were there, but these two programs were not. I tried restarting my computer to see if the change would take place then, but no matter what I do, these programs won't delete from my startup menu. What do I do? Please Help!

md usa spybot fan
2007-12-11, 07:47
If you are running Windows XP and the startup entries for crypt32chain and SensLogn display as System.ini entries in Spybot 1.4 or WinLogon entries in Spybot 1.5, do not try to delete those startup entries. They are valid entries.

snowangel
2007-12-11, 23:42
They are not valid entries, I have run a check on on both of the programs and they came up as trackers/trojan horses. I need to delete them, but it won't let me.

tashi
2007-12-12, 03:34
Hello.

They are not valid entries, I have run a check on on both of the programs and they came up as trackers/trojan horses. I need to delete them, but it won't let me.

Malware can be named anything, however as md usa spybot fan already said, you shouldn't try to delete items which may be legitimate startups.

Please see:
http://forums.spybot.info/showthread.php?t=2314

To produce a log so we can take a look and give you peace of mind:

Switch Spybot S&D to advanced mode
Navigate to tools - view report
Click "view report" to generate a new report
Click "view previous report" to access older / automatically generated reports
Click "export" to save the report to a text file and attach it here

snowangel
2007-12-13, 00:35
I've attached the logs of my system startup and process list. Thanks for helping me out and taking a look at them! I'd be very interested to see how those programs show up as.

md usa spybot fan
2007-12-13, 08:13
snowangel:

re:


Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
crypt32chain and SensLogn are not programs. They are the names of startup entries and are associated with crypt32.dll and WlNotify.dll respectively.

Those two startup entries are stored as subkeys in this registry key:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

The crypt32chain entry (crypt32.dll) is used for encryption:
Internet Connection Security Components
http://msdn2.microsoft.com/en-us/library/ms913705.aspx
Security Considerations for Windows XP Embedded Developers
http://msdn2.microsoft.com/en-us/library/ms838345.aspx

The SensLogn entry (WlNotify.dll) deals with Windows updates:
Error messages that you may receive when you try to download and install updates from the Windows Update Web site, from the Microsoft Update Web site, or from a WSUS server: "0x800704DD," "0x80240020," or both
http://support.microsoft.com/kb/910341
Do not delete them.

snowangel
2007-12-13, 23:41
Thank you!!

md usa spybot fan
2007-12-13, 23:57
snowangel:


Thank you!!
???

So what course of action are you taking?
Are you convinced they are valid entries and are not still attempting to delete them.
--- or ---
Do you still think:


They are not valid entries, … I need to delete them ...

snowangel
2007-12-17, 04:49
Well I'm going to look into it a little bit more, but they seem to be valid entries so I'll allow them. Thanks again