Re: Virus Adds Registry Entrys

Just do this:
First, open the "msconfig", checked to "boot", to see if there is sth. (here is the stuff not important for the system, carefully check likes:winlogon.exe or *.com,they are not real system files!)
Then, checked to "Services", make sure that "hide all microsoft services" is true, then check it carefully.
Third, open the "regedit"(register edit), locate to "HKLM\Software\Microsoft\WindowsNT\Winlogon",to check the values followed at the right side:
shell: "Explorer.exe"(without anything else, and be sure that there is no Explorer.exe exist in the system32 folder)
UIHost: "%SystemRoot%\system32\logonui.exe"(without anything else)
Userinit: "C:\WINDOWS\system32\userinit.exe," (without anything else)
if they can't solute the problem, then creat a folder named "winlogon.exe","smss.exe" under the windows folder


"John" <John@xxxxxxxxxxxxxxxxxxxxxxxxx> 写入消息 news:15F165B5-3A1C-4369-8FF6-AEA90E099DAA@xxxxxxxxxxxxxxxx
I have a fully patched XPSP2 system, some virus keeps on adding
c:\windows\winlogon.exe, c:\windows\smss.exe into
HKLM\software\microsoft\currentversion\run. I checked the c:\windows and
those files do not exists in c:\windows. I know they normally live in
system32 folder, and they do exists in system32 folder.

I ran Norton Antivirus, Window Defender and they could not find anything.

This system was previous infected with dsrss.exe, ieredir.exe, smss.exe,
Trojan.Qhosts, and someother ones. The computer user kept on saying "NO" to
popup for Windows Update, until it was too late.

Anybody know of a virus they maybe doing this.



.