Hitman Pro Removed My WinLogin and Explorer.
When I saw that, I was wondering whether it was a good idea.
Without WinLogin and without explorer, how does one login?
And my suspicion was right. My PC kept rebooting, on and on.
I don't know XP internal enough to recover from that problem myself and ended up having to reinstall.
It's like throwing the baby out with the bath water. Bad idea!
Don't trust the amateurs.
Hitman Pro should never remove system files that are vital to system. Hitman Pro consults the WFP
and it also has a list of vital system files embedded in the executable. Winlogon and Explorer are in that list.
When a system file is infected, Hitman Pro searches the hard disks for a white listed replacement file (the Hitman Pro executable has an embedded white list of all Windows files from 2000/XP/Vista/7, including service packs). If Hitman Pro cannot find a replacement on the system it requests for the Windows CD and searches there for a replacement. If still no replacement is found then it changes the state of the item to Do Not Delete and the file will be left untouched by the removal process.
My guess is that Hitman Pro did find a replacement and it tried to replace the infected system file. Though I cannot explain how the two files got deleted as system files are to be replaced instead of deleted.
A couple of questions trying to figure out what took place:
- Did you see the Winlogon.exe / Explorer.exe being deleted during startup (Hitman Pro's boot time deleter)
- Did you try other tools before or at the same time of using Hitman Pro?
- Did you run Hitman Pro in Safe Mode?
In any case you should be able to restore the two system files using the Recovery Console from the XP CD by simply copying them. If that doesn't work I suspect the infection to be still active.Suspected threat
: A new variant of Bamital.
Edited by erikloman, 19 August 2010 - 04:07 AM.