Neigbour infected with Winifighter, impossible to remove

View previous topic View next topic Go down

Neigbour infected with Winifighter, impossible to remove

Post by jenc on Sat Aug 01, 2009 11:04 am

Hello - I have tried several anti-malware tools to remove this nasty Winifighter infestation from my neighbour's XP machine to no avail. I have tried XP's system restore facility and it never appears to work, no reason ever given. I have tried SpyBot (which apparently detects and removes one trojan infection but afterwards the Winifighter infection is still there). I tried AdAware (which does not detect anything and winifighter apparently keeps it from updating definition files), Windows Defender (Winifighter apparently prevents it from updating definition files). The most promising thing I have tried so far is Spyware Doctor which does identify several infections on his machine, but you have to pay to get the version that actually removes anything. I don't want to buy anything on my neighbour's behalf not knowing whether it will work or not.

I would like to enlist your help but I am confused about the 'Hijack This!' that I need to run so I can post a log file. It appears to be the same file name as the Malwarebytes Anti-Malware software (winlogon.exe). What is winlogon.exe - is it a diagnostic tool, or an anti-malware program, or both?

Thanks for your help.
JenC


Last edited by jenc on Sat Aug 01, 2009 2:59 pm; edited 1 time in total (Reason for editing : changed 'anti-virus' to 'anti-malware' for pedantic reasons)

jenc
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-07-30
OS OS : XP
Points Points : 26857
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Neigbour infected with Winifighter, impossible to remove

Post by jenc on Sat Aug 01, 2009 12:30 pm

Having read around a bit more on this site, I am really confused about what software tools are available here. Under "Malware Removal Guides" in the post called "How To Remove Winifighter" the link for downloading Malwarebytes Anti-Malware points to a link "http://www.sendspace.com/pro/dl/4jbidh" and the file available to download is "winlogon.exe". (Additionally I am confused by the instructions which say "rename to mbam to winlogon"...Do the instructions mean to say "rename mbam to winlogon"?.. or rename "winlogon to mbam")

(But on some other guides the link for downloading Malwarebytes Anti-Malware points to a file "mbamsetup.exe"... now that makes more sense)

On the "Read this before posting" topic in this focum, the link for downloading "Hijack This" points to [You must be registered and logged in to see this link.] where again the file available to download is "winlogon.exe".

How can both Malwarebytes Anti-Malware and Hijack This be in winlogon.exe? Surely this can't be right?


Last edited by jenc on Sat Aug 01, 2009 12:52 pm; edited 1 time in total (Reason for editing : for clarity.. as if that were even possible any more)

jenc
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-07-30
OS OS : XP
Points Points : 26857
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Neigbour infected with Winifighter, impossible to remove

Post by jenc on Sat Aug 01, 2009 2:43 pm

Well, continuing this fascinating conversation with myself, I thought I would give a little update. I downloaded Malwarebytes Anti-Malware (NOT via the instructions for "How to remove Winifighter" but via the other instructions, which linked to file "mbam-setup.exe"). I installed MBAM, ran it on my neighbour's computer and I'll be damned if it did not rid his computer of Winifighter, as if by magic. And all this for free!??!! I.. am... totally... gobsmacked. Wish I had tried this software first and I would have saved about 8 hours of my life, instead of fooling around with Windows Defender, Ad-Aware, SpyBot S&D...etc. Damn.

jenc
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-07-30
OS OS : XP
Points Points : 26857
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Neigbour infected with Winifighter, impossible to remove

Post by Origin on Sat Aug 01, 2009 6:31 pm

Hello jenc,

Welcome to Geek Police, my name is Origin and I will be helping you today. Please keep the following in mind:

  • If you do not get a reply from me or another helper within 2 days, please reply to your topic with the phrase BUMP
  • If you have any cracked/pirated software in your computer delete them or we will not help you.
  • Only follow advise from Geek Police Staff and not a regular member.
  • Do NOT run any tool without Geek Police supervision as it could hinder your system useless.
Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31473
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Neigbour infected with Winifighter, impossible to remove

Post by jenc on Sun Aug 02, 2009 2:23 am

Thanks very much for your reply... but installing MalwareBytes Anti-Malware (mbamsetup.exe) has actually solved my problem already...!

That is very impressive software, that is!

kind regards
Jenc

jenc
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-07-30
OS OS : XP
Points Points : 26857
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Neigbour infected with Winifighter, impossible to remove

Post by Origin on Sun Aug 02, 2009 6:46 pm

Please post the HijackThis file, while MBAM took care of most of the infections there are still somethings to take care of.


While my help is always free, please consider donating to keep this site alive: [You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Origin
Master
Master

Posts Posts : 2685
Joined Joined : 2009-05-05
Gender Gender : Male
OS OS : Windows Xp Sp3
Points Points : 31473
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Neigbour infected with Winifighter, impossible to remove

Post by jenc on Mon Aug 03, 2009 4:20 am

What sort of things? My neighbour is really quite satisfied that the problem is case closed in his view, and I can't keep messing with his computer for no specific reason.

jenc
Novice
Novice

Posts Posts : 5
Joined Joined : 2009-07-30
OS OS : XP
Points Points : 26857
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Neigbour infected with Winifighter, impossible to remove

Post by Belahzur on Mon Aug 03, 2009 8:30 pm

MBAM will have removed the run values along with some other things which has stopped the malware from loading, but it may not all be gone.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum