Malware attack services.exe and Winlogon.exe

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by nlvraghavendra, Apr 1, 2009.

  1. nlvraghavendra

    nlvraghavendra Private E-2

    I'm having this problem for the past few days..
    First it started with services.exe strangely getting started in the windows startup. I saw my modem flickering always and felt that there is some connection always being active. So i installed NetLimiter to track the connections and found that services.exe sending lots of outgoing connections. I denied connections for services.exe using NetLimiter and the problem got solved temporarily.
    Two days back i found that my task manager getting disabled repeatedly. So i again started working on the processes and found Winlogon.exe sending abundant outgoing connections. Each time when windows starts Spware Doctor does an Intelli Scan and finds worm.sality 66 infections and deletes them. If i enable my taskmanager by restoring windows default settings using other tools its just getting reverted back and gets disabled.
    I hate having these worms and want to clean my system. How to remove these malwares in winlogon.exe and services.exe?
    I've ubuntu

    (oh my god! firefox.exe crashed while typing this and Spyware doctor reported agentSD6! virus :cry)

    i've ubuntu and i manually checked all the drives and it seems to be clean..i'm sure that the viruses are also in the drives other than my OS drive because i formatted my C: drive today morning but unfortunately i again the viruses came back..

    I've removed some considerable amount of viruses myself but not able to remove this one..

    I've attached my HJT log..

    Desperately looking for help!

    ***************************************

    I seem to find lot of new things while typing this post..

    It seems all the important processes are affected..taskmanager.exe, explorer.exe etc are trying to have some outgoing connections...

    HJT is not working.. I'm getting Send error report dialog box coming...will try to reinstall it...services.exe and winlogon.exe still running...

    Looking for a help! Please!

    Regards
    NLV
     

    Attached Files:

    nlvraghavendra, Apr 1, 2009
    #1
  2. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Welcome to Major Geeks!

    Please take time to read our sticky threads at the very top of the Malware Removal Forum.

    Please follow the instructions in the below link and attach the requested logs when you finish these instructions.

    • If you have problems where no tools seem to run, please try following the steps given in the below and then continue on no matter what you find. You only need to try the TDSSserv steps if having problems getting scans in the Read & Run Me First.
    • If something does not run, write down the info to explain to us later but keep on going.
    • Do not assume that because one step does not work that they all will not.
    READ & RUN ME FIRST. Malware Removal Guide

    Notes:

    1. If you run into problems trying to run the READ & RUN ME or any of the scans in normal boot mode. You can run the steps in safe boot mode but make sure you tell us what you did later when you post logs. See the below if you do not know how to boot in safe mode:
    2. If you have problems downloading on the problem PC, download the tools and the manual updates for SUPERAntiSpyware, Malwarebytes and Spybot ( links are given in the READ & RUN ME ) onto another PC and burn to a CD. Then copy them to the problem PC. You will have to skip getting updates if (and only if) your internet connection does not work. Yes, you could use a flash drive too but flash drives are writeable and infections can spread to them.
    3. To avoid additional delay in getting a response, it is advised that after completing the READ & RUN ME you also read this sticky:
    4. Any additional post is a bump which will add more delay. Once you attach the logs, your thread will be in the work queue and as stated our system works the oldest threads FIRST.
     
    dr.moriarty, Apr 4, 2009
    #2
  3. nlvraghavendra

    nlvraghavendra Private E-2

    I apologize for failing to notice the sticky threads and other instructions.
    I've strictly followed the instructions given and i've attached all the necessary lgos. Hope i dint miss anything. :)

    Cheers!

    Regards
    NLV
     

    Attached Files:

    nlvraghavendra, Apr 5, 2009
    #3
  4. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    Welcome to MajorGeeks!

    We are currently reviewing your logs and will get back to you with a set of instructions as soon as possible. Our queue is working the oldest threads first.

    Thanks for your patience.
    dr.m
     
    dr.moriarty, Apr 9, 2009
    #4
  5. nlvraghavendra

    nlvraghavendra Private E-2

    Thank You for your help Dr.Moriaty

    I've removed the virus. I found that virus has infected all the exes present in the entire hard disk. I removed all the setup files, uninstalled all the applications and removed all the exes in all the hard drives and then formatted the C drive. The virus is gone!

    Thanks for you guys! you guys are doing great job here!

    Thanks for your time once again!
    Regards
    NLV
     
    nlvraghavendra, Apr 9, 2009
    #5
  6. dr.moriarty

    dr.moriarty Malware Super Sleuth Staff Member

    :cool

    Thanks for that update, nlvraghavendra!
    I'm glad you've recovered from such an ugly infection!

    Safe surfing! [​IMG]
     
    dr.moriarty, Apr 9, 2009
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds