[lost1979]

Hi Everybody, i've gota bit of a problem with my computer at the moment and i haven't got a clue where to turn so i came here....i'll start at the beginning:

1) a few weeks ago i got broadband...installed everything a-ok runs a treat. Then i started getting windows popping up and then there would be a warning buffer overrun etc. I'd close all the pop-up windows and the buffer overrun warning and everything would be ok

2) I went out today and accidentally left the ol' broadband connected. I came home to a lot of rundll.exe warning boxes on my screen. Everything else had minimised and i was left with nothing but my desktop picture and these warnings. I closed all the warnings and rebooted thinking that would fix the problem

3) After i rebooted i went to login under my username (my computer has two...one for me and one for my wife) and it took ages to login and then a warning came up about the winlogin.exe file (I can't remember the exact wording which sucks as i thought it wasnt important). I hit ok and the computer rebooted. Same thing happened when i tried to get in under my username again. When i login under my wifes username though it's ok to an extent...

Can anybody help? i'm desperate......i can only login under my wifes username as when i login under my own it simply goes to the backdrop photograph that i have there...

Any help is appreciated


Regards

D

[Advertisements]

Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE .

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.

[gerryf]

Please go to the malware forum and follow the instructions at the top....Especially the CLICK HERE .

That will give you several steps that will help you clean up 70 percent of all problems by yourself. If at the end of the process you are still having difficulty--and you may not be-- then post a hijackthis log in THAT forum.

If you are still having problems after getting a clean bill of health from the malware expert, please return to this thread.

[lost1979]

No worries, i will try that, thank you for your help

[gerryf]

I can tell you that almost certainly you have a file called winlogon.exe in your startup folder, as I ran into this trojan the other day and it does almost exactly as you describe.

If you have it, though, you have a lot of other crap, too.

I cannot recall if this thing infects a user profile or all users....you have a STARTUP folder for each profile and one for ALL USERS....check for the existance of winlogon.exe in those folders and remove it ....BUT ONLY THOSE FOLDERS.

winlogon.exe is a legitimate windows file in c:\windows\system32 folder and removing that one will kill your PC

[lost1979]

Thanks Gerryf,

I just did a search for winlogon.exe and found that i have 3 of them so far:

1) WINLOGON.EXE-32C57D49.pf in C:\WINDOWS\Prefetch

2) Winlogon.exe in C:\WINDOWS\SYSTEM32 (This is the one that is supposed to be there)

3) Winlogon.exe in C:\WINDOWS\ServicePackFile\i386

I'm just running through the other recommendations in the Malaware forum at the moment...

Thanks again

D

[gerryf]

all of those are ok--do not remove them

[lost1979]

Just found another:

4) C:\WINDOWS\$NtServicePackUninstall$

that's the last one...

[gerryf]

no, that's OK too...perhaps not the same infection I ran into the other day, but still follow the steps on malware removal and if you get a clean bill of health, report back

[lost1979]

Gerryf, just about to go to bed as it's almost 1am here in Oz.....will leave the scans running over night and report back in the morning. So far everything is clean although Ewido has come up with a few hits....

Thanks for your help thus far

D