Posted 06 January 2010 - 12:35 AM
My S&D Teatimer pops up and tells me that there is a Shell Class change in logon.exe in the system32 folder. I deny it and start an S&D scan. The teatimer pops up occasionally and tells different changes with the same file. I deny each one, but did not click remember decision.
In the system32 folder logon.exe and another file called joropule have been created much more recently then all the other files.
joropule returns after a few mins when I delete it, but logon.exe is in use.
I saw that joropule was growing in size, so I made it a "read-only" file so it could not be written to.
after this, S&D found this error, but it may be an unrelated condition.
Microsoft.WindowsSecurityCenter.FirewallBypass: [SBI $D80580B5] Settings (Registry value, fixed)
since Teatimer's detection of the problem, I have had non-porn popups appear occasionaly.
the main issue is whether I can safely turn off the computer without the logon being hijacked.