Jump to content


Photo
- - - - -

winlogon.exe infected. help!


  • This topic is locked This topic is locked
70 replies to this topic

#21 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 12 March 2009 - 03:50 PM

I think you best decision would be to clean install
Problem is, your External harddrives, flashdrives also probably have infected files on them that can reinfect you

If you do decide to Format and clean install>>{Do not Repair or install over the top}
Don't plug any external flashdrives, harddrives into the computer until you disabled Autorun on the drives and scan them with an updated Virus scanner

Do you want to go this route, it is the best
Do you have many files/folders to backup?

Also, I'm hoping your other computer is not infected!
Can you post a Hijackthis log from that computer

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#22 tonez

tonez

    Journeyman

  • Members
  • PipPip
  • 41 posts

Posted 12 March 2009 - 05:11 PM

Okay, I guess the best option is to do clean install. I will copy my documents to my external harddrive first and disconnect it before I do clean install, then rescan it for viruses. I only have about 1 gig or less worth of files saving.

I'll post an HJT log for this laptop after I've completely fixed my other one.

#23 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 12 March 2009 - 05:41 PM

Here's the typical warning for this one

Backup all your documents and important items (personal data, work documents, etc) only. DO NOT backup any executable files (softwares) and screensavers (*.scr). It attempts to infect any accessed .exe or .scr files by appending itself to the executable.

Also, avoid backing up compressed files (zip/cab/rar) files that have .exe or .scr files inside them. Virut can penetrate and infect .exe files inside compressed files too.

Recent variants also modify htm, html, asp and php files.

Do not back up to another machine, as it may become compromised. Burn to DVD/CD, or to an external drive which has nothing else on it, and which you can format should it happen to become infected from the backups.


I see your running XP Home edition SP2
you may want to update to Service pack 3 while your at it
In addition, take a look at the following link
Talks about disabling Autoplay feature
http://www.microsoft...;displaylang=en

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#24 tonez

tonez

    Journeyman

  • Members
  • PipPip
  • 41 posts

Posted 12 March 2009 - 05:46 PM

Okay, I guess the best option is to do clean install. I will copy my documents to my external harddrive first and disconnect it before I do clean install, then rescan it for viruses. I only have about 1 gig or less worth of files saving.

I'll post an HJT log for this laptop after I've completely fixed my other one.

#25 tonez

tonez

    Journeyman

  • Members
  • PipPip
  • 41 posts

Posted 13 March 2009 - 01:33 PM

Okay I've backed up my files. Quick question, do I need the disc for this to work? I thought we didnt need them anymore for XP? I don't know where to go and format my pc. It's not on F8 startup.

#26 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 13 March 2009 - 02:43 PM

You may need the XP CD
What is the Exact Make and model of your computer?

Did you get the XP install CD or Recovery CD's with your computer?
Do you have a Restore partition on your computer?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#27 tonez

tonez

    Journeyman

  • Members
  • PipPip
  • 41 posts

Posted 13 March 2009 - 03:00 PM

I'm trying to find out if I could acquire the disc in a Best Buy store so I wont have to go thru compaq support and wait for it in the mail.

make and model:
Compaq Presario 061
dw257a-aba sr1050n na510

I don't remember if this came with an install disc back in 04, but theres a D: drive that says Presario_RP and it has files like Recovery with a "yellow lock" icon.

#28 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 13 March 2009 - 03:24 PM

Well, you may be in luck, there is no guarantee that Virut has infected the Recovery partition, but chances are that it may not be able to write to it

I'm still not quite sure what Model you have, it should be labelled clearer than that on the side of the box
or in the back
But for now, Here's instructions for a Recovery
http://h10025.www1.h...323#bph07145_cp

Follow the steps Outlined in

Recovering during startup

Ensure to do the Destructive Recovery

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#29 tonez

tonez

    Journeyman

  • Members
  • PipPip
  • 41 posts

Posted 13 March 2009 - 05:02 PM

I've pressed F10 then it takes me to Recovery thru MS-DOS where I could go to C:/Windows and type "Format C:" if I wanted to. I dont see an option to do destructive recovery.

After trying it the second time, it took me to a screen that says "COMPAQ" in red font followed by a blue screen that says
STOP: d000000d Unknown Hard Error
Uknown Hard Error

----
Is this the Make you were talking about:

sr1050nx

#30 tonez

tonez

    Journeyman

  • Members
  • PipPip
  • 41 posts

Posted 13 March 2009 - 09:32 PM

Just an update: I have found a recovery disc for my Sony Vaio laptop which is also a Microsoft Xp Home Edition. I was wondering if I could use it for my Compaq Presario desktop? So I dont have to call compaq support.

#31 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 14 March 2009 - 05:41 AM

Nope, you can't use the discs designed specifically for the Vaio laptop
You have to have the proper discs for that make/model computer

Is that the Exact error message your getting?
It sounds like the first time you entered the Recovery Console
and not accessing the Recovery partition
I like having the discs, but the hidden recovery partition should work
If you must get the discs, you can order them from HP for a small fee if there available
Sometimes, they leave it up to the owner to create the discs

What happens when you try running the Destructive recovery from within Windows
The link I posted earlier gives you all instructions

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#32 tonez

tonez

    Journeyman

  • Members
  • PipPip
  • 41 posts

Posted 14 March 2009 - 10:22 AM

I got it working finally. I was probably pressing f10 too many times. Problem now is I forgot to do Destructive, so I will have to do it again once regular recovery is done just to be safe.

#33 tonez

tonez

    Journeyman

  • Members
  • PipPip
  • 41 posts

Posted 14 March 2009 - 12:09 PM

Advanced INF Installer
INF Install failure. Reason: No Signature was present in the subject.

Agere Win Modem

And RealTek

has not passed Windows Logo testing to verify its compatibility with windows XP




These are the main things that were not installed, but I'm not sure how to get my sound back.
The only hardware I have had installed was a video card (Radeon 9800) back in 04.
I'll try and update everything for now.

#34 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 14 March 2009 - 12:25 PM

From the model you listed earlier, you can find your sound drivers here
http://h10025.www1.h...;product=405454

Your video driver is here
http://support.amd.c...mp;lang=English

You only really need the Display driver and not the Full package, up to you

Don't forget about Windows Updates
Maybe before you get Windows Updates you can post a fresh Hijackthis log and we can see what you need installed
With the fresh Hijackthis log
Do the following
supply an uninstall list from Hijackthis
Open Hijackthis>>Open MISC TOOLS SECTION>>Open UNINSTALL MANAGER
Click the SAVE LIST... button
Save the list to your desktop then copy>>Paste back here the Whole contents

Sometimes, a Recovery will add a bunch of junk to the computer you don't need installed, we can deal with some of it, before you get XP SP3 installed

Edit>>Remember, don't insert those Flash drives and external Harddrive back to the computer till we have you an updated Virus scanner and disable Autorun

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#35 tonez

tonez

    Journeyman

  • Members
  • PipPip
  • 41 posts

Posted 14 March 2009 - 02:27 PM

Before I do all that, I'm having a difficult time connecting the desktop to the internet.
I've called time warner cable but hasnt been able to help, they told me to contact Compaq and update my drivers under Device Manager my Network Adapters has
1394 Net Adapter and
Ethernet Controller with an exclamation point on the icon.

And I was told to call them to get help updating it.

I'm also using Linksys Router for my wireles laptop right now, but the desktop just isnt working. I keep getting this page cannot be displayed.

#36 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 14 March 2009 - 02:37 PM

Did you get a Drivers disk with your computer?
Have you scanned your Flash drive for infection yet?

I don't want you putting it in your laptop if it's infected
Do you have any blank CD's you can use to burn drivers too from your laptop?

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#37 tonez

tonez

    Journeyman

  • Members
  • PipPip
  • 41 posts

Posted 14 March 2009 - 02:55 PM

I guess I'll have to use the flash drive to transfer files. My flash drive only has txt, and docs anyway. They cant possibly be infected

#38 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 14 March 2009 - 03:06 PM

Just to be sure, as some files may be hidden
download Flash_Disinfector and save it to your desktop on the laptop
  • Double click on Flash_Disinfector.exe to run it. If you receive a prompt, please allow it.
  • You will be prompted to plug in your flash drive. Plug it in. If you have more than one, plug them in
  • Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
  • When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
  • Click on File > New Task (Run...). Type in explorer.exe and press Enter. Your desktop should now appear.

Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
Scan the flash drive with an updated virus scanner, you have one on your laptop right
Simply go to MyComputer and right click on the Flash drive and choose to scan it

Then go to the following link
http://h10025.www1.h...r...5454&os=228

From there, download
sp26266.exe and save it to the flash drive
Transfer that file to the Desktop of the "Desktop" computer

Run the installer, reboot afterwards, see if that get's you online
Check device manager and see if you still have yellow exclamation for Ethernet
If your not online yet, come back here and we'll try some other steps

EDIT>>Not sure if you viewed the directions for installing the driver
But here they are, just in case

1. Download the driver package.

2. Double-click on the icon for the driver package downloaded in step 1, and then click NEXT.

3. Accept the terms in the HP license agreement, and then click NEXT.

4. Click OK to continue. The original drivers are now stored in the C:\HP\Drivers\LAN folder.

5. If Device Manager does not start automatically, use the following steps. Otherwise go to step 6:

a. Click Start.

b. Right-click My Computer, and then select Properties.

c. Click the Hardware tab, and then click the Device Manager button.

6. Click the + (plus) sign next to "Network adapters" or "Other devices".

7. Right-click the device you want to update, and then select Update Driver.

8. Click NEXT to install the software automatically

9. Click FINISHED to complete the installation.


In your case, you found Ethernet Controller with exclamation mark, that's the device your after

Edited by guestolo, 14 March 2009 - 03:25 PM.

Do you want to post your own logs from FRST?
Follow the instructions posted Click Here


#39 tonez

tonez

    Journeyman

  • Members
  • PipPip
  • 41 posts

Posted 14 March 2009 - 03:26 PM

I can't get back online. I went back on device manager and theres till an exclamation point on Ethernet Controller. I right clicked and tried to update it but I got this error:

Hardware Installation
The software you are installing for this hardware:
NVIDIA nForce MCP Networking Controller has not passed windows logo testing to verify its compatibility with windows XP

Continuing your installation of this software my impair or destabilize the correct operation of your system either immediately or in the future. Microsoft strongly recommends that you stop this installation now andcontact the hardware vendor for software that has passed windows logo testing.

[Continue ANyway] [ STOP Installation]


#40 guestolo

guestolo

    Site Donator

  • Admin
  • PipPipPipPipPipPipPip
  • 16,247 posts

Posted 14 March 2009 - 03:30 PM

I'm sure I'm directing you to your model of computer
Follow my instructions in my last post from #6