Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hitman Pro Removed My WinLogin and Explorer


  • Please log in to reply
4 replies to this topic

#1 wu78754

wu78754

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:20 PM

Posted 18 August 2010 - 11:17 PM

Hitman Pro Removed My WinLogin and Explorer.

When I saw that, I was wondering whether it was a good idea.

Without WinLogin and without explorer, how does one login?

And my suspicion was right. My PC kept rebooting, on and on.

I don't know XP internal enough to recover from that problem myself and ended up having to reinstall.

It's like throwing the baby out with the bath water. Bad idea!

Don't trust the amateurs.

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

Edited by Animal, 19 August 2010 - 12:29 PM.


BC AdBot (Login to Remove)

 


#2 MrBruce1959

MrBruce1959

    My cat Oreo


  • BC Advisor
  • 6,377 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Norwich, Connecticut. in the USA
  • Local time:10:20 PM

Posted 19 August 2010 - 12:10 AM

I would take it you posted this as a warning to others not to put the power of your computer in the hands of another person you don't know, which is the case with programs that make changes to your computer, you just never know what could go wrong in cases like this.

Its is always best to make full back ups of your hard drives, those always seem to get you of any jam. :thumbsup:

Bruce.
Welcome to Bleeping Computer! :welcome:
New Members: Please click here for the Bleeping Computer Forum Board Rules
 
My Career Involves 37 Years as an Electronics Repair Technician, to Which I am Currently Retired From.

I Am Currently Using Windows 10 Home Edition.

As a Volunteer Staff Member of Bleeping Computer, the Help That I Proudly Provide Here To Our BC Forum Board Membership is Free of Charge. :wink:

#3 erikloman

erikloman

    Authorized SurfRight Rep


  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:20 AM

Posted 19 August 2010 - 04:06 AM

Hitman Pro Removed My WinLogin and Explorer.

When I saw that, I was wondering whether it was a good idea.

Without WinLogin and without explorer, how does one login?

And my suspicion was right. My PC kept rebooting, on and on.

I don't know XP internal enough to recover from that problem myself and ended up having to reinstall.

It's like throwing the baby out with the bath water. Bad idea!

Don't trust the amateurs.

Hitman Pro should never remove system files that are vital to system. Hitman Pro consults the WFP and it also has a list of vital system files embedded in the executable. Winlogon and Explorer are in that list.

When a system file is infected, Hitman Pro searches the hard disks for a white listed replacement file (the Hitman Pro executable has an embedded white list of all Windows files from 2000/XP/Vista/7, including service packs). If Hitman Pro cannot find a replacement on the system it requests for the Windows CD and searches there for a replacement. If still no replacement is found then it changes the state of the item to Do Not Delete and the file will be left untouched by the removal process.

My guess is that Hitman Pro did find a replacement and it tried to replace the infected system file. Though I cannot explain how the two files got deleted as system files are to be replaced instead of deleted.

A couple of questions trying to figure out what took place:
  • Did you see the Winlogon.exe / Explorer.exe being deleted during startup (Hitman Pro's boot time deleter)
  • Did you try other tools before or at the same time of using Hitman Pro?
  • Did you run Hitman Pro in Safe Mode?
In any case you should be able to restore the two system files using the Recovery Console from the XP CD by simply copying them. If that doesn't work I suspect the infection to be still active.

Suspected threat: A new variant of Bamital.

Edited by erikloman, 19 August 2010 - 04:07 AM.


#4 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:10:20 PM

Posted 19 August 2010 - 03:25 PM

What makes you think it's Bamital that caused it?

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


#5 erikloman

erikloman

    Authorized SurfRight Rep


  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:20 AM

Posted 19 August 2010 - 05:17 PM

What makes you think it's Bamital that caused it?

Check out this thread. This is definitely a new variant that is causing some problems out there.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users