Sign in with
Sign up | Sign in
Your question

Trend Micro Identified Threat but Cannot Quarantine

Tags:
  • Security
  • Trend Micro
  • Internet Security
  • Apps
Last response: in Antivirus / Security / Privacy
Share
February 9, 2010 3:53:00 PM

Trend Micro Internet Security 2009 identified a potential trojan horse infected file dchn.sco in the system32 folder. It could not quarantine it, and I could only delete using Unlocker. Now that the file is deleted I am getting a RUNDLL error popup upon startup. "The Specified module dchn.sco could not be found"

I have determined that dchn.sco is not a file that belongs on my system to begin with, so good riddance. But now it looks like I have some manual registry clean up to do.

Can anyone tell me how to clean up my loose ends on this one?

Thanks,

Steve

More about : trend micro identified threat quarantine

a b 8 Security
February 9, 2010 6:23:08 PM

run ccleaner its free!
m
0
l
February 9, 2010 9:51:23 PM

Thanks guys. I tried ccleaner and glary utilities with no effect.
Trend Micro just sent a fix. Disk Cleanup, then run their program TwinFix.exe.
I'm going to give that a try with fingers crossed.
m
0
l
a b 8 Security
February 9, 2010 9:56:27 PM

good luck ske,hope it works out!
m
0
l
February 9, 2010 10:24:50 PM

Just tried it. TwinFix removed the offending file, and I still get the rundll error.

I guess it's better than having the virus. More like a hangnail...
m
0
l
February 19, 2010 11:38:31 PM

hijackthis.exe tracked down the offending leftovers.
Great program! I just needed to dig up a guide online to interpret the results.
m
0
l
a b 8 Security
February 20, 2010 12:21:22 AM

great job,glad you got it worked out!
m
0
l
February 20, 2010 1:06:32 AM

Thanks. I have to say the Trend Micro Support is very responsive and helpful.
m
0
l
a b 8 Security
February 20, 2010 1:26:07 AM

cool good to know!
m
0
l
a b 8 Security
February 20, 2010 1:51:19 AM

We use Trend Micro at the bank I work at. It's a good quality product.
m
0
l
February 24, 2010 4:24:41 AM

You could try booting into safe mode first, and then try your usual removal process :)  this should probably fix it.

Failing that, you could try another file shredding tool in safe mode. Which should remove and fix it. Let us know how you go :) 



pc cleaner - http://helpcleaningmypc.info/
m
0
l
February 24, 2010 1:37:49 PM

The dll files needed to be unregistered then deleted.

HJT is definitely a good way to ID the offending start-up items and remove them.

Another good tool is winpatrol by BillP Studios.

Good to hear you solved the problem.

P.S. you can get an automated analysis of your HJT log at:

http://www.hijackthis.de/

You copy and paste the contents or browse for the text file and submit it. It is best to be used as a guide but coupled with researtch is very effective.
m
0
l
March 3, 2010 12:07:12 AM

btk1w1 said:
The dll files needed to be unregistered then deleted.

HJT is definitely a good way to ID the offending start-up items and remove them.

Another good tool is winpatrol by BillP Studios.

Good to hear you solved the problem.

P.S. you can get an automated analysis of your HJT log at:

http://www.hijackthis.de/

You copy and paste the contents or browse for the text file and submit it. It is best to be used as a guide but coupled with researtch is very effective.


Thanks for the link. Hopefully I won't need it!
m
0
l
March 6, 2010 4:32:01 AM

Thanks so much for bringing up this topic and finding a fix, ske!

I got the same message at startup (RUNDLL error, specified module dchn.sco could not be found) after I cleaned up after an AVG scan. Tried HijackThis and it worked.

Since I'm a bit of a novice, I found this to be helpful:

Make sure to backup your files.
Set up a system restore point.
Download and run HijackThis (found it on majorgeeks.com).
If you're having trouble finding the offending registry item, you can make sure to create and save a log before the system does the scan (which for me opened in a Notepad), then do a search for "dchn" in Notepad, then go back to find the item on the scan list, check the box, and remove.
m
0
l
!