Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Winlog.exe Infection

  • Please log in to reply
2 replies to this topic

#1 closetgaara


  • Members
  • 1 posts
  • Local time:08:32 PM

Posted 03 June 2006 - 05:43 PM

I just scanned my computer today with McAfee virus scan and it said it found an infected file.

The fie name is C:\WINDOWS\system32\winlog.exe.

The scan information lists it as:

Memory Trojan Name: NewMalware!bot

Iíve scanned and found this infected file before, but McAfee continuously tells me that the file cannot be deleted. Every time, I quarantine the file and I scan again, it keeps showing up unquarantined. I doubt the quarantine is working.

Iím very worried about this infected file and what it could possibly do to my computer, because lately, when I start my computer, an internet explorer box pops up telling me that ďthe webpage Iím trying to view isnít available offlineĒ when I havenít even accessed a file that requires internet service. I click the ĎXí on the box, but the message continues to pop up until I use the internet. Along with this, a large amount of popups have been plaguing me from internet explorer while I use AOL and this has never occured before.

Could this have anything to do with the infected file?

Even if it doesnít, Iíd like to know a way to confirm this is a dangerous file and have it deleted once and for all.

BC AdBot (Login to Remove)


#2 tg1911


    Lord Spam Magnet

  • Members
  • 19,274 posts
  • Gender:Male
  • Location:SW Louisiana
  • Local time:07:32 PM

Posted 03 June 2006 - 10:37 PM

I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.
Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it difficult to properly clean your system.

Read How to post a HijackThis Log.
Please read, and follow, all directions carefully!!!

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, as these people are volunteers. They will help you out, as soon as possible.

Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,749 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:32 PM

Posted 04 June 2006 - 05:44 AM

You should follow tg1911's instructions.

However to address your question:

Iíd like to know a way to confirm this is a dangerous file?

When you encounter a suspicious file you can always do the following:

Go to jotti.org
Browse to the location of the suspicious file and submit [upload] it for scanning/analysis.

In your case, you would lick the "browse" button and locate this file:
Click "Open", then click the "Submit" button.

You can also do the same thing at virustotal.com
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users