BleepingComputer.com: infected winlogon.exe and explorer.exe (windows xp sp3)

Hi all,

I consider myself somewhat knowledgeable when it comes to repairing minor things on my system, but over the last two weeks, a nasty virus has backed me into a corner. I realize that I'm no malware/spyware expert per se, so please bear with me as I explain my issues. I did use Combofix about a month ago (it worked WONDERS!), but since then other people have used my machine and even combofix seems lacking. If worse comes to worse, I can use my recovery partition and wipe everything, but I hate to let this beat me.

The first time I used Combofix, I had an infected ATAPI.SYS file, which was deleted and restored no problem, and did followup scans to remove any remnants of the infection. I was in awe of how it worked. Though, a few weeks later (I share PC with a couple of roommates who are clueless) someone downloaded a .torrent file, and started to notice more redirects and firewall hogging the CPU, and after scanning with AVAST and ISOBit Security360, decided to try combofix again. That's when I noted the infected winlogon.exe and explorer.exe files. Combofix successfully completes, but the system reboots normally while the Combofix log is being generated (instead of waiting for the log to finish, then loading everything).

I know how anyone who responds to this will say that I didnt consult a helper first, but I'm sure many have fallen into the trap of thinking they can fix it themselves. As far as advice and info, I am at your mercy. I just ask that you don't remind me of my folly while providing a solution hehe. I can post my log if needed.

Thank you =)

My suggestion would be to post your log, after reading the below instructions...at BC Virus, Trojan, Spyware, and Malware Removal Logs - http://www.bleepingcomputer.com/forums/forum22.html.

Preparation Guide, Before Using Malware Removal Tools and Requesting Help - http://www.bleepingcomputer.com/forums/topic34773.html.

This is the XP forum and most of us aren't qualified to deal with malware issues , so we need to get you into the correct forum.

Louis

I'm sorry to post in the wrong place =( didnt realize this was just the general XP forum

No problem, it happens often. The important thing is to get your situation to the correct forum .

Louis

ty for guiding me to the right place

Hello,

I'm deleting your new topic as you neglected to post the logs we need there.

Please follow the instructions in ==>This Guide<== starting at step 6.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Since you have run ComboFix, please include the ComboFix log in the new topic. Please be sure to include a description of your computer issues and what you have done to try to resolve them.


If you cannot produce any of the other logs, then please create the new topic anyway, include the information that you were unable to produce the other logs and why and include the ComboFix log along with a description of your computer issues.

Orange Blossom