Jump to content
Sign in to follow this  
d-money

can't kill winlogon virus

Recommended Posts

i ran the whole barage of tests and i have the winlogon virus. The first thing it told me to do was to kill the running winlogon processes in task manager but i got a prompt that says this is a vital system file that cannot be deleted. What do i do??

Any help would be great.

Share this post


Link to post
Share on other sites

Everything I read says this is pretty easy to defeat.

 

Just run the scan and clean the files. If that doesnt work, then boot to safe made on try that.

 

Let us know how that works.

Share this post


Link to post
Share on other sites

will do but run what scan? I use Ewido and Spybot on my pc but this is my sister's and it's so screwed up that it won't update ewido or spybot. It doesnt detect any servers and says socket error #10061 for spybot and will i click update on ewido it says cancel update right after i push the button but the goes back to start update. It's really weird

Share this post


Link to post
Share on other sites

will do but run what scan? I use Ewido and Spybot on my pc but this is my sister's and it's so screwed up that it won't update ewido or spybot. It doesnt detect any servers and says socket error #10061 for spybot and will i click update on ewido it says cancel update right after i push the button but the goes back to start update. It's really weird

OK.

First, what scan did you use to find the winlogon virus? Shoudld be an Anti virus scan. Run that, and use it to clean the virus. Restart the somputer and keep pressing the f8 key . when a menu appears, choose safe mode and continue to boot.

 

After the machine is running, run your antivirus scan again, and try to clean it.

Share this post


Link to post
Share on other sites

D-Money,

 

Here's the one you want: Stinger

http://vil.nai.com/vil/content/v_101083.htm

 

If you have trouble getting online with that infected computer, you can save Stinger, about 983kb.... onto a floppy.

Copy and paste to C:\Program Files of the infected computer. Run it.

 

The linked page also gives you a good overview of the virus.

 

Best Regards

Edited by dough

Share this post


Link to post
Share on other sites

ok thanks... yeah i think my problem will be keeping the pc running... it shuts off everytime i use it. I even opened it out and cleaned it and the fans are running fine and it's not the monitor or keyboard or anything.

Share this post


Link to post
Share on other sites

Here's the information that may help you determine whether or not this "win logon" is the MS program or a Virus

 

From Answers that Work

http://www.answersthatwork.com/Tasklist_pages/tasklist_w.htm

 

Please notice that the legitimate file appears in <<C:\Windows\System32\Winlogon.exe>>

 

The one that is a Virus appears in <<C:\Windows\Winlogon.exe>>

 

Winlogon (1)

WinLogon.exe

 

(Microsoft)

Windows NT4/2000/XP/2003 Logon application whose full path is either C:\WinNT\System32\Winlogon.exe or C:\Windows\System32\Winlogon.exe. This process manages users’ logons and logoffs on your PC/Server. The window which pops up and prompts you for your username and password, or which allows you to logoff or shutdown, is the WINLOGON process.

 

Recommendation :

An integral part of the operating system, leave alone.

 

Winlogon (2)

WinLogon.exe

 

(???)

If you have Windows NT4/2000/XP/2003 and the full path for this task is C:\WinNT\Winlogon.exe or C:\Windows\Winlogon.exe , then you may have the [email protected] virus, or a newer virus. If you have Windows 95/98/ME then you definitely have either the above virus or a newer virus.

 

Recommendation :

Make sure you have a current, reputable, and recently updated antivirus program and then run a full virus scan of your PC, preferably after having booted it up into Safe Mode.

 

 

Best Regards

Share this post


Link to post
Share on other sites

Wow, I did a Trojan scan on windowssecurity.com and it came up with one spyware in regards to Netscape. I don't believe any of my other virus scans came up with that threat and that spyware was there for over a year. Glad I deleted it.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×
×
  • Create New...