Need help getting rid of WinLoginHook

OK....so I've searched for help, and this forum keeps popping up. I've gathered so far that I needed to download the Hijackthis program after running Spy Sweeper and all that stuff. Obviously, I'm sure ya'll are aware that WLH won't go away whenever you quarantine it and try to delete it. I'm not computer savvy, but I'm not computer ignorant. Anyway....here's what I got from running HiJackThis:






--------------

What do I need to check to get rid of this stupid trojan?

 

Hi puddingtime!
Welcome to MajorGeeks!

HijackThis unfortunately doesn't give us enough information to work with to solve most malware problems. We ask people who come here for help to work through the READ & RUN ME FIRST and attach the requested logs when you finish. We'll look at them for you and see what still needs to be done.

Thanks.
abri

 

Sweet. I'll find all the stuff I need to get to you guys and hopefully we can figure this thing out. Lemme check out the link and see what you guys need to know from me.

 

OK...so i went to the Special Removal Procedures link and found the WinLoginHook page.

I followed those steps, as I have been using Spy Sweeper, and of course, the trojan is still popping up. So I'm downloading Ewido now.....but I'm on dial-up...which I'm sure you all find hilarious so....I guess I'll attach it here in a bit, whenever it finishes downloading.

 

Hi Puddingtime,
You may want to just run Combofix and the other main scans before trying the special removal procedures, although I don't really want to interrupt you. My sympathies on the dialup. Be assured that you have company in the dialup world.
abri

 

Funny you just posted that. Ewido JUST finished downloading as I got a sound saying I had e-mail....which was you responding to the thread of course. I have AOL....but I browse on Firefox. Anyway...I was at a buddies house, logged on to my Myspace account, well his computer was already messed up. Somebody phished my account from there, so when I logged on at home on my comp....the rest is history. Anyway....that may give you an idea of the backstory here.....let me run this Ewido and attach the subsequent info. Running the HijackThis and analyzing it did get rid of a few of the persistent pop ups I was getting. Hopefully this gets rid of the remainder.

 

Apparantly that pesky Virtumonde is on here too as well as trojans Qhost.abh and Agent.eeu. That according to Ewido. Anyway....I click on the browse button to add the log files as attachments, but nothing pops up. Not sure if the button is broken (doubtful) or my comp's so screwed up it doesn't work (highly likely)

 

Hi Pudding Time,
It's a problem of the website that it doesn't take people's attachments sometimes. You can usually solve this by making sure to check the Remember Me button when you log on and use a different browswer or clear the browser cache. This usually makes it work.
Sorry for the difficulty.
abri

 

Well....I actually got rid of the WinLogin myself. I found a program called WinLogon.exe that wasn't in the system files folder....it was hiding amongst a bunch of other files. I did a little research, and discovered that while yes, there is a winlogon file that you're supposed to have on your computer, the file size and location of this one indicated that this one was not that one, and was the virus I was trying to get rid of. Hooray for that.

However, I do have 2 adware problems. A yellow triangle w/an exclamation point on my taskbar at the bottom of the screen is there and consistently pops up w/"Windows Antivirus. Windows has detected spyware infection! It is recomended to use special antispyware tools to prevent date loss....blah blah blah"

I'm certain this one is common and you know what I'm talking about. If I knew what it was called, I'd look around here to see what to do....but I've got nothing.

The second is a pop up in the middle of the screen that says "Windows Security Alert. Warning Potential Spyware Operation. Your computer is making unauthorized copies of your system and internet files. Run full scan now to prevent any unauthorized access to your files. Click here to download spyware remover. Yes/No"

I know they're both adware pop ups....how do I get rid of 'em?

 

Hi PuddingTime,
I advise using the tool called Removing Zlob aka SmitFraud, SpySheriff, Infections which will produce two logs. Attach the first log before you run the cleaning procedure so you don't overwrite the second one which has the same name. After that, please work through the instructions in the READ & RUN ME FIRST and attach the requested logs.
abri