MajorGeeks Support Forums

Go Back   MajorGeeks Support Forums > ----------= PC, Desktop and Laptop Support =---------- > Malware Removal
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal Malware removal forum. Please see the READ ME FIRST thread before you post. Forum is staffed by a small number of volunteers, please be patient.


Reply
 
Thread Tools Display Modes
  #1  
Old 12-21-05, 02:59
BlackR6 BlackR6 is offline
Private E-2
 
Join Date: Dec 2005
Posts: 1
Thanks: 0
Thanked 0 Times in 0 Posts
Default Winlogon.exe acting wierd...!

Hi, im new here!
My pc seems to be infected by - i dont know why! :

2 process run at HIGH - Winlongon.exe and csrss.exe (I can't close this process)

I can't go in c:\System Volume Information (French Windows Version) (It say that i have no right... even if im log under the Admin account)

I've praticly no rights under windows (the virus or spyware is the Admin and i can't do nothing about that)

I've found a lot's of "new" folder in c:\windows - c:\windows\system32

Exemple: C:\WINDOWS\WinSxS
x86_Microsoft.Tools.VisualCPlusPlus.Runtime-Libraries.Resources_6595b64144ccf1df_6.0.0.0_fr-FR_9d8c4a39
x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a
x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a
x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.0.0_x-ww_8d353f13
x86_Microsoft.Windows.Networking.Dxmrtp_6595b64144ccf1df_5.2.2.3_x-ww_468466a7

C:\WINDOWS\srchasst
C:\WINDOWS\SoftwareDistribution
C:\WINDOWS\LastGood
C:\WINDOWS\CSC
C:\WINDOWS\PeerNet
C:\WINDOWS\Provisioning\Schemas (full of .XDR files)
C:\WINDOWS\RegisteredPackages (with 20 folder like {077ACEC7-979C-40AB-9835-435BA1511E0D})
C:\WINDOWS\Registration (3 files : R000000000003.clb - R000000000006.clb - R000000000007.clb and 1 {02D4B3F1-FD88-11D1-960D-00805FC79235}.{7AB38D7A-EA21-40CD-BFDB-98A2E7ED384F}.crmlog
C:\WINDOWS\srchasst\mui\040C (full of .XML files)

etc...

i've formated AND deleted my partitions after a re-install of windows, the virus/spyware is always on my HD!

In Kaspersky Anti-Hacker a lot's of ports is open ....

All creation date are exactly the same for all files on my HD (2005-12-20)

Here my Hijackthis Log:

EDITED By: Shadow_Puter_Dude

Reson Inline HijackThis log removed. Read Me first not run, HijackThis installed incorrectly.

Anybody can tell my what bullshit is on my HD?!: : :

Thanks in advance!!!

Help me please!

Cya
p.s: sorry guys, i'm a french Canadien and im drunk..... But im sure you'll understand!

Last edited by Shadow_Puter_Dude; 12-21-05 at 23:01..
Reply With Quote
Sponsored links
  #2  
Old 12-21-05, 23:02
Shadow_Puter_Dude's Avatar
Shadow_Puter_Dude Shadow_Puter_Dude is offline
MG Authorized Malware Fighter
 
Join Date: Apr 2005
Location: Northern NY
Posts: 8,845
Thanks: 1
Thanked 68 Times in 66 Posts
Default Re: Winlogon.exe acting wierd...!

Welcome to MajorGeeks.com!

Please follow forum guidelines and perform cleaning steps in the sticky thread before posting HijackThis logs.

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
  • Make sure you check version numbers and get all updates.
Quote:
Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

Downloading, Installing, and Running HijackThis
__________________
Kevin Zoll
Emsisoft Team - www.emsisoft.com


"Only those who fail greatly can ever achieve greatly" - Robert F. Kennedy
Microsoft Most Valuable Professional - Consumer Security (2007-2008)
Member - Alliance of Security Analysis Professionals - Since 2006
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -5. The time now is 17:15.

MajorGeeks.Com Menu

MajorGeeks.Com \ All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ NEW! PC Games \ System Tools \ Macintosh \ Demonews.Com \ Top Downloads

MajorGeeks.Com \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds


All content Copyright MajorGeeks.com source code Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger