Re: Virus Adds Registry Entrys

From: "John" <John@xxxxxxxxxxxxxxxxxxxxxxxxx>

| I have a fully patched XPSP2 system, some virus keeps on adding
| c:\windows\winlogon.exe, c:\windows\smss.exe into
| HKLM\software\microsoft\currentversion\run. I checked the c:\windows and
| those files do not exists in c:\windows. I know they normally live in
| system32 folder, and they do exists in system32 folder.
|
| I ran Norton Antivirus, Window Defender and they could not find anything.
|
| This system was previous infected with dsrss.exe, ieredir.exe, smss.exe,
| Trojan.Qhosts, and someother ones. The computer user kept on saying "NO" to
| popup for Windows Update, until it was too late.
|
| Anybody know of a virus they maybe doing this.
|


Download and execute HiJack This! (HJT)
http://www.spywareinfo.com/~merijn/files/HijackThis.exe

Create a HJT log file and post it in one of the below locations...

{ Please - Do NOT post the HJT Log here ! }

Forums where you can get expert advice for HiJack This! (HJT) logs.

NOTE: Registration is not required in the below before posting a log
http://www.thespykiller.co.uk/forum/?action=forum


NOTE: Registration is REQUIRED in any of the below before posting a log
http://www.bleepingcomputer.com/forums/forum22.html
http://castlecops.com/forum67.html
http://www.dslreports.com/forum/cleanup
http://www.cybertechhelp.com/forums/forumdisplay.php?f=25
http://www.atribune.org/forums/index.php?showforum=9
http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html
http://gladiator-antivirus.com/forum/index.php?showforum=170
http://forum.networktechs.com/forumdisplay.php?f=130
http://forums.maddoktor2.com/index.php?showforum=17
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.spywareinfo.com/index.php?showforum=18
http://forums.techguy.org/f54-s.html
http://forums.tomcoyote.org/index.php?showforum=27
http://forums.subratam.org/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.malwarebytes.org/forums/index.php?showforum=7
http://makephpbb.com/phpbb/viewforum.php?f=2
http://forums.techguy.org/54-security/
http://forums.security-central.us/forumdisplay.php?f=13


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm


.

Relevant Pages

  • Re: Good and Bad scanner SW
    ... David H. Lipman wrote: ... Download and execute HiJack This! ... Create a HJT log file and post it in one of the below locations... ... Registration is not required in the below before posting a log ...
    (microsoft.public.security)
  • Re: Winlogon.exe corrupt
    ... | While running a virus scan a friend got the message that a virus was found ... Download and execute HiJack This! ... Create a HJT log file and post it in one of the below locations... ... Registration is REQUIRED in any of the below before posting a log ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: Rouge program running in background?
    ... | I run virus scan or adaware, ... Download and execute HiJack This! ... Create a HJT log file and post it in one of the below locations... ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Need help Pls..Is it a virus??
    ... You Cross-Post by putting the names of the multiple News Groups in the address location ... Download and execute HiJack This! ... Create a HJT log file and post it in one of the below locations... ... Registration is REQUIRED in any of the below before posting a log ...
    (microsoft.public.security.virus)
  • Re: what is TIBS C, trojan?
    ... I did search the news group before I posted. ... | virus is still there, and Multi_av doesn't remove it or detect it. ... Download and execute HiJack This! ... Create a HJT log file and post it in one of the below locations... ...
    (microsoft.public.windowsupdate)