GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

winlogon.exe and explorer.exe infected with Trojans

View previous topic View next topic Go down

winlogon.exe and explorer.exe infected with Trojans

Post by moreyag on Thu Dec 30, 2010 6:39 pm

Hi to all,
Win XP Pro SP 3 on a Dell Optiplex.
I am running AVG Free 2011, Spybot S&D, and WIndows defender. I have Malwarebytes AM installed as well and ran it but it did not find a problem.

Here's what happens:
My AVG resident shield opens every 20 or 30 seconds and informs me that a threat was detected in C:\WINDOWS\system32\winlogon.exe and tells me "Trojan horse Patched_c.KAI. Detected on open".

It also does the same thing with C:\WINDOWS\explorer.exe and tells me " Virus identified Win32/Patched.GB"
I cannot seem to get rid of these trojans - help?
Thanks in advance for any and all help, and best regards,

Morey G.

moreyag
Intermediate
Intermediate

Status :
Online
Offline

Posts : 95
Joined : 2009-12-05
OS : windows xp & xp pro
Points : 26849
# Likes : 0

View user profile

Back to top Go down

Re: winlogon.exe and explorer.exe infected with Trojans

Post by Belahzur on Fri Dec 31, 2010 12:53 pm

Hello.

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

Re: winlogon.exe and explorer.exe infected with Trojans

Post by moreyag on Mon Jan 03, 2011 2:11 pm

well, now i did it. it's my work pc and i was away for new years-when i returned avg asked me to reboot and if i wanted to force threat removal, which i stupidly did. now i have no winlogon.exe and i get a blue screen telling me the windows logon process terminated.
i do not have the recovery console installed on the machine, and our office manager can't find where they put the XP Pro CD's. Can i use my from home?
can i download recovery console and install it somehow?
thanks
mg

moreyag
Intermediate
Intermediate

Status :
Online
Offline

Posts : 95
Joined : 2009-12-05
OS : windows xp & xp pro
Points : 26849
# Likes : 0

View user profile

Back to top Go down

Re: winlogon.exe and explorer.exe infected with Trojans

Post by Belahzur on Tue Jan 04, 2011 1:24 am

Hello.

We are going to be using a Windows Recovery Environment to help disinfect the system so it may boot again.

Download the OTLPE Standard REATOGO Windows Recovery Environment.

  • Place a blank CD-R disc in to your CD burning drive.
  • Download [You must be registered and logged in to see this link.] and double-click on it to burn to a CD using ISO Burner.
  • Reboot your system using the boot CD you just created.

    Note : If you do not know how to set your computer to boot from CD follow the steps [You must be registered and logged in to see this link.]
  • Your system should now display a REATOGO-X-PE desktop.
  • Double-click on the OTLPE icon.
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start. Change the following settings

  • Change Drivers to Non-Microsoft
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\_OTL\MovedFiles
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Status :
Online
Offline

Posts : 34916
Joined : 2008-08-03
Gender : Male
OS : XP SP3 Media Centre
Points : 245039
# Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum