Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

WINLOGON.EXE / EXPLORER.EXE / SVCHOST.EXE VIRUS


  • This topic is locked This topic is locked
4 replies to this topic

#1 Apple305

Apple305

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:39 AM

Posted 03 February 2012 - 02:32 PM

Hello all,

My home computer (Windows XP) contracted a serious problem two days ago. As a result, I cannot boot my computer: Whether starting it in normal mode or in safe mode, it will always freeze on the Windows welcome screen. In an attempt to resolve this issue, I used an AVG Rescue Disc today to scan the computer's hard drive. The results of this scan informed me that WINLOGON.EXE, EXPLORER.EXE, and SVCHOST.EXE all have viruses.

Obviously, I'm in quite a pickle. I cannot delete these files because they are vital to my computer's operation. I cannot replace these files or restore my system because I simply can't boot my computer. And I cannot repair these files because my computer is quite old, and I no longer have the manufacturer's repair/reinstall discs.

What should I do? Because there are files that I need from this computer, is the only option I have left to take out my hard drive and transfer the files with a USB universal drive adapter? Please advise.

Sincerely,

Apple305

Edited by Apple305, 03 February 2012 - 02:50 PM.


BC AdBot (Login to Remove)

 


#2 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:08:39 AM

Posted 03 February 2012 - 03:00 PM

I have requested assistance for your issue from people who deal with unbootable computers. Please be patient and wait for a response, and in the mean time see if you can get your hands on an operating system disk for Windows XP as it might be needed.

#3 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 04 February 2012 - 07:53 AM

Hello, Apple305.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!



Step 1

First, what virus did AVG detect? Knowing that will be quite critical to removing it.


Next, find a USB flash drive and follow these instructions:

Download http://unetbootin.sourceforge.net/unetbootin-xpud-windows-latest.exe & http://noahdfear.net/downloads/bootable/xPUD/xpud-0.9.2.iso to the desktop of your clean computer
  • Insert your USB drive
  • Press Start > My Computer > right click your USB drive > choose Format > Quick format
  • Double click the unetbootin-xpud-windows-387.exe that you just downloaded
  • Press Run then OK
  • Select the DiskImage option then click the browse button located on the right side of the textbox field.
  • Browse to and select the xpud-0.9.2.iso file you downloaded
  • Verify the correct drive letter is selected for your USB device then click OK
  • It will install a little bootable OS on your USB device
  • Once the files have been written to the device you will be prompted to reboot ~ do not reboot and instead just Exit the UNetbootin interface
  • After it has completed do not choose to reboot the clean computer simply close the installer
  • Next download http://noahdfear.net/downloads/driver.sh to your USB
  • Remove the USB and insert it in the sick computer
  • Boot the Sick computer
  • Press F12 and choose to boot from the USB
  • Follow the prompts
  • A Welcome to xPUD screen will appear
  • Press File
  • Expand mnt
  • sda1,2...usually corresponds to your HDD
  • sdb1 is likely your USB
  • Click on the folder that represents your USB drive (sdb1 ?)
  • Confirm that you see driver.sh that you downloaded there
  • Press Tool at the top
  • Choose Open Terminal
  • Type bash driver.sh
  • Press Enter
  • After it has finished a report will be located on your USB drive named report.txt
  • At this point, Type bash driver.sh -af and press Enter
  • You will be prompted to input a filename.
  • Type the following:

    explorer.exe

  • Press Enter
  • If successful, the script will search this file.
  • When prompted again, type the bold text below to search and press Enter.

    winlogon.exe

  • When prompted again, type the bold text below to end the script.

    exit

  • After it has finished a report will be located in the USB drive as filefind.txt
  • Remove the USB drive and insert back in your working computer and navigate to the two reports to post them here.


Please note - all text entries are case sensitive

Copy and paste the report.txt and filefind.txt for my review

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 10 February 2012 - 06:38 AM

still there?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:39 AM

Posted 13 February 2012 - 06:42 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users