Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


a possible logon virus

  • Please log in to reply
No replies to this topic

#1 yseman


  • Members
  • 2 posts
  • Local time:03:04 PM

Posted 06 January 2010 - 12:35 AM

My S&D Teatimer pops up and tells me that there is a Shell Class change in logon.exe in the system32 folder. I deny it and start an S&D scan. The teatimer pops up occasionally and tells different changes with the same file. I deny each one, but did not click remember decision.

In the system32 folder logon.exe and another file called joropule have been created much more recently then all the other files.
joropule returns after a few mins when I delete it, but logon.exe is in use.

I saw that joropule was growing in size, so I made it a "read-only" file so it could not be written to.

after this, S&D found this error, but it may be an unrelated condition.
Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $D80580B5] Settings (Registry value, fixed)

since Teatimer's detection of the problem, I have had non-porn popups appear occasionaly.

the main issue is whether I can safely turn off the computer without the logon being hijacked.

please help!!!!!

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users