 Very dangerous virus/trojan attack is present! Beware! |
Muad'Dib 
Andrejnalin
Registration Date: 02-12-2003
Posts: 4,197
Helpfulness rating:
 |
|
Signed by the name of 'Universa Application' or more often under win**.tmp.exe
These exe files cannot be deleted until their process is killed.
Is started by winlogon.exe, the windows user logging application. (note: Winlogon.exe is a default windows process which enables users to log on their Windows machine.)
Any of you has any way to see the list of the files that are started by winlogon.exe? Please, this is crucial to me! How can I access the list of files that are required to be started by winlogon.exe?
Thanx for help 
-Muad'Dib
-2006
__
Thinking about becoming an Image-Line/FL Studio customer? Want a 10% reduction in price? Use this affiliate link:
http://affiliate.image-line.com/BADEBDG473
There is no such thing without its opposite
-Bene Gesserit
|
|
|
25-02-2006 17:25 |
|
|
J. Wells
Cool Tourist
Registration Date: 10-02-2006
Posts: 45
Helpfulness rating:
|
|
Step one: Buy a Macintosh. Problem solved!
BTW, what version of Windows are you using?
__
I only post here when I'm drunk.
|
|
|
25-02-2006 18:28 |
|
|
djfreemc
Sponsor
Registration Date: 25-07-2003
Posts: 1,117
Helpfulness rating:
|
|
|
|
25-02-2006 19:10 |
|
|
TechDiff
Hetty Jakes Pretentious Cheese Wog
Registration Date: 14-06-2005
Posts: 1,028
Helpfulness rating:
|
|
Not quite sure what you mean. But you can see what programs are being started when your computer is switched on if you go to ms config.
Go to run from your start menu. Type in msconfig. Then go to the startup bar.
Sorry if you already knew this, or if its not what you where after. Didnt really understand the question.
|
|
|
25-02-2006 22:10 |
|
|
Glim
Stuck In The Late Nineties
Registration Date: 16-10-2004
Posts: 1,848
Helpfulness rating:
|
|
| quote: |
Originally posted by TechDiff
Not quite sure what you mean. But you can see what programs are being started when your computer is switched on if you go to ms config.
Go to run from your start menu. Type in msconfig. Then go to the startup bar.
Sorry if you already knew this, or if its not what you where after. Didnt really understand the question. |
looking in the msconfig wont help but its the only thing i can think of too..
__
My Sounds
|
|
|
26-02-2006 00:19 |
|
|
Muad'Dib
Andrejnalin
Registration Date: 02-12-2003
Posts: 4,197
Helpfulness rating:
|
|
The thing I needed was to find the list of files/processes that are run by winlogon.exe windows process.
I've found it with spybot, and I recommend you to download and install it, as one of the best spyware software removal tools. Actually, the spybot scanner didn't help me, but there is an option inside spybot to see the start up entries, and there was the f**king spyware/virus/trojan .dll file which was required to be started by winlogon.
To describe the pain I had with this, I will tell you this: winlogon.exe is a standard crucial windows process. You cannot turn it off (you can, but your machine will restart automatically, in a flash, so better not). And whichever process is started by it, is considered part of the winlogon.exe process threads, and thus cannot be turned off.
A BIT ANNOYING, I'D SAY.
The virus set itself to be started by winlogon, and hence I couldn't kill it.
But spybot helped me to find the file, and Unlocker helped me to delete it. Thank you spybot and unlocker.
Because I didn't find anything about this on the internet, I decide to describe here what I have done to remove this piece of shit.
Since I was scanning my computer with various types of spyware removal tools and with my antivirus (NOD32 updated of course) and found nothing, I decided to go little rough.
I downloaded and installed Spybot - Search and Destroy. You can find it here: www.spybot.com
In it, after passing the first few steps of the wizard (registry back up and such) I selected Mode->Advanced Mode.
It gave me extra options.
Then, I went to the Tools submenu, and selected System Startup.
And I found entries there. Several of these were started by the key WinLogon. Bingo! This was the actual list I was searching for.
From this list I've checked every single .dll file which was required to be started by winlogon, by googling it. Simple write the .dll file in google, and see the results. If google doesn't find anything, you got the virus brotha!
Turn it off.
All these .dll files can be found in %windir%\system32\ folder (note: %windir% means c:\windows\ or your default windows directory), but, unless you kill the winlogon.exe process, you cannot delete them. And killing the winlogon.exe process will lead to violent shutdown and restart of the computer, so you won't be able even to get press Shift+Delete on these files.
I was searching for the file named WINXTX.DLL ; But when I tried Shift+Delete, the usual "Cannot delete WINXTX.DLL. File is used by another process" message pops in.
Here I used the unlocker program. Download it here: http://www.softpedia.com/get/System/Syst.../Unlocker.shtml
This program adds a key to the options list that appears when you right-click a file, that says "Unlocker". It unlocks the file, so it can be deleted. I did this, and finally, I did Shift+Delete on that sucker. Gone!
Anyone requesting additional help, write here or pm me.
Peace,
Muad'Dib
__
Thinking about becoming an Image-Line/FL Studio customer? Want a 10% reduction in price? Use this affiliate link:
http://affiliate.image-line.com/BADEBDG473
There is no such thing without its opposite
-Bene Gesserit
|
|
|
26-02-2006 04:32 |
|
|
djfreemc
Sponsor
Registration Date: 25-07-2003
Posts: 1,117
Helpfulness rating:
|
|
Another tool that might help to remove the files is moveonboot. You can find it here. This program can load at startup, before windows starts, and then move or remove files. Can be a good help in deleting things such as spyware or corrupt files.
__
The mysteries of the distorted snare...
Can't win if u don't play
|
|
|
26-02-2006 11:37 |
|
|
Muad'Dib
Andrejnalin
Registration Date: 02-12-2003
Posts: 4,197
Helpfulness rating:
|
|
|
|
26-02-2006 14:00 |
|
|
Muad'Dib
Andrejnalin
Registration Date: 02-12-2003
Posts: 4,197
Helpfulness rating:
|
|
Oh yeah, and I really REALLY don't get why people make viruses. I really can't understand. I understand hacking, entering other computers, the hunger for knowledge about security and all that, but WHY IN THE HELL to make a virus?!
What is the point, what brings good to the damaged computers and the author of the virus?! What?! Money, fame?! He can't tell anyone as he will get busted. I really don't get it.
But of course I know: the antivirus companies make viruses intentionally, so they bring an update of their virus definition files, and you see their program as one able to remove many viruses (because they know how to remove their own virus) and you buy their program. Simple as that. All for $$$.
Stupid fucks.
__
Thinking about becoming an Image-Line/FL Studio customer? Want a 10% reduction in price? Use this affiliate link:
http://affiliate.image-line.com/BADEBDG473
There is no such thing without its opposite
-Bene Gesserit
|
|
|
26-02-2006 14:05 |
|
|
gogule
Newbie
Registration Date: 08-07-2010
Posts: 1
|
|
There are a lot of viruses around us but i am lucky, i guess. I have never had one and my computer works perfect olthought i have installed an older version of kaspersky Maybe it's better then others, that's why i recommend you to use it. Maybe you won't meet such a dangerous trojan 
|
|
|
08-07-2010 10:22 |
|
|
BattleDrone
2161... the future.
Registration Date: 30-12-2005
Posts: 6,413
Helpfulness rating:
|
|
Please take off dust before reopening old threads...
.jpg)
__
 Check my soundcloud (exclusive tracks on there)
|
|
|
08-07-2010 13:13 |
|
|
Muad'Dib
Andrejnalin
Registration Date: 02-12-2003
Posts: 4,197
Helpfulness rating:
|
|
Now, that was refreshing 
__
Thinking about becoming an Image-Line/FL Studio customer? Want a 10% reduction in price? Use this affiliate link:
http://affiliate.image-line.com/BADEBDG473
There is no such thing without its opposite
-Bene Gesserit
|
|
|
08-07-2010 13:23 |
|
|
Crispy Liquids
Liquid Funkateer
Registration Date: 22-05-2005
Posts: 251
Helpfulness rating:
|
|
Well now it's reopened anyway, I could add this VERY IMPORTANT BIT too:
Proces Explorer!
It's a freeware app, a simple single exe, from sysinternal that eventually got picked up by microsoft. You NEED it; because should any virus or other malware get through your scanner, this little app lets you kill not just processes, but handles inside a proces!
Even for simple bugs in windows where you can't delete a folder or file and you're sure nothing's using it, just search for the handle, kill the handle, and you can delete the file/folder without a problem.
It can really rescue your pc from sticky situations, or just remove annoying folders with handles stuck in explorer (and stuck even after restarting!)...
http://technet.microsoft.com/en-us/sysin...s/bb896653.aspx
So let me rephrase this short and simple; you can effectively combat a virus manually with this, and also delete files/folders that seemed to be stuck.
__
Crispy Liquids on Soundcloud Facebook Myspace
|
|
|
09-07-2010 00:36 |
|
|
|
