Un-deleteable Virus

Discussion in 'Computer Games and General Discussion' started by [M]artin, Jun 25, 2009.

  1. [M]artin
    OP

    [M]artin .

    Member
    3,660
    276
    Nov 7, 2006
    United States
    Hey gang, I've run into a big problem. This morning I booted up my PC and ESET greeted me with this:

    [​IMG]
    So, both "Quarantine" and "Remove" are ticked in the Advanced Options underneath. "Submit File for Analysis" is grayed out, though.

    So I hit "Remove" and then this pops up:
    [​IMG]

    I hit "Retry" and eventually get stuck with this:
    [​IMG]
    I have no choice but to click "Cancel" at this point.

    The Threat Box has popped up a number of times already and I always get stuck with the same messages.

    Whatever the threat is, it's been messing with my internet, causing pages to load a bit sluggish and even cutting it out for a few minutes at a time (about 1 or 2).

    Any suggestions on what I should do about this? [​IMG]
     
  2. moodswinger

    moodswinger GBAtemp Regular

    Member
    237
    0
    Sep 6, 2008
    Not sure if you should delete it or not, but you can try gmer.
     
  3. david432111

    david432111 GBAtemp Advanced Fan

    Member
    859
    0
    Jul 17, 2008
    Denmark
  4. zidane_genome

    zidane_genome My sword has a +2 bleeding... wanna test it out?

    Member
    2,320
    0
    May 21, 2006
    United States
    Yea, pretty sure if you delete winlogon.exe your gonna have to reinstall Windows (2000 by the looks of it!)

    Kill it in your task manager, then you can try...
     
  5. [M]artin
    OP

    [M]artin .

    Member
    3,660
    276
    Nov 7, 2006
    United States
    Thanks a bunch, I'll be trying this out shortly.

    lilsypha suggested that I run Autoruns to find to file, and while the program was seeking it out, a new threat popped up note the comment and how it points to the new program I was using to seek it out):
    [​IMG]
    lilsypha suggests that the virus is attaching itself to every .exe I try to run. A number of people in IRC also suggest that a full format is the way to go, but I only want to do so as a last resort.

    Shit. Think it was from a (working) IPS patcher from a link posted here. Not 100% sure, though.

    EDIT: And another Threat message just popped up telling me that the Threat has returned back to winlogin.exe... [​IMG]
     
  6. Golfman560

    Golfman560 TheRapist.com

    Member
    1,099
    0
    Dec 29, 2008
    Living with seals
    It poped up because ESET checks files as programs use them, so if you were in eplorer.exe and went into the system32 folder I would bet quite a few virus alerts would pop up. The comment would then say it was found when running the application explorer.exe.
     
  7. Law

    Law rip ninjacat that zarcon made me

    Member
    4,132
    217
    Aug 14, 2007
    ‭jerkland
    I had something similar recently, I had to reformat two of my drives (backed up most of the stuff I wanted to keep that weren't exes on a different drive).
     
  8. xcalibur

    xcalibur Gbatemp's Chocolate Bear

    Member
    3,166
    4
    Jun 2, 2007
    Sacred Heart
    Hijackthis, Malware antibytes, Ad-Aware, Spybot S&D etc etc.
    If all else fails, run in safe mode and delete them manually.
     
  9. OSW

    OSW Wii King

    Former Staff
    4,796
    6
    Oct 30, 2006
    My PC is stuffed up on numerous levels... I believe part of it is from when i tried to install a cracked antivirus program...

    I'm going to backup everything and start from scratch since I haven't been able to remove these viruses after numerous attempts.
     
  10. outgum

    outgum Pokemanz Master

    Member
    1,993
    27
    Sep 22, 2009
    New Zealand
    Hamilton, New Zealand
    Do a system restore, back about a week maybe...
    Its a chance, and if it works, better than doing a Full Format.
    You cant delete it because its a system32 File
    You could try boot command prompt and go chkdsk

    Might help
     
  11. blitzer320

    blitzer320 GBAtemp Fan

    Member
    370
    0
    Sep 29, 2008
    United States
    NYC
    no load in linux or safe mode and copy the winlogon.exe from your i386 folder on linux live cd this is straight forward but on safe mode you have to kill the winlogon process first winlogon is the program that runs when you first load windows and it asks you for your password so yeah you need it to load windows
     
  12. cobleman

    cobleman GBAtemp Maniac

    Member
    1,458
    19
    Jun 23, 2009
    Australia
    System restore wont help if its a WORM it will attach its self to your restore point and infect it as well.
    Save what you can to a seperate drive, format and reinstall windows get antivirus on rite away then connect your other drive backup and scan before you open it. You could spend upto 20 hours trying to remove it only to find its infected everything you have opened!
     
  13. funem

    funem Retro Powered..

    Member
    1,161
    52
    Nov 4, 2006
    United Kingdom
    out of nowhere....
    Get a fresh copy of the file from another PC with the same level of OS as yours, boot into recovery console, rename infected file, copy over the replacement one, reboot PC... If there is a problem go back to recovery console and put the old infected file back until you have another fix to try...
     
  14. Elritha

    Elritha GBAtemp Addict

    Member
    2,037
    1
    Jan 24, 2006
    Canada
    You'll probably need to remove the infection manually. Combofix and HijackThis should be run to find out more, they should create a log file each. I'd advise going to a forum that specialises in virus removal with both logs from those programs. Combofixer requires you to disable your antivirus temporarily to run also.
     
  15. raulpica

    raulpica With your drill, thrust to the sky!

    Supervisor
    11,036
    7,349
    Oct 23, 2007
    Italy
    PowerLevel: 9001
    Why bump a thread from the 26th JUNE 2009?
     
  16. .Chris

    .Chris Clueless

    Member
    2,197
    65
    Feb 20, 2009
    United States
    United States
  17. Elritha

    Elritha GBAtemp Addict

    Member
    2,037
    1
    Jan 24, 2006
    Canada
    I didn't even notice the date... lol. [​IMG]
     
  18. funem

    funem Retro Powered..

    Member
    1,161
    52
    Nov 4, 2006
    United Kingdom
    out of nowhere....
    Same....... [​IMG] just saw a reply and thought it was under discussion......
     
  19. .Chris

    .Chris Clueless

    Member
    2,197
    65
    Feb 20, 2009
    United States
    United States
    WHOA. its from June 26 2009?? Same here funem...
     
  20. jalaneme

    jalaneme Female Gamer

    Member
    6,248
    195
    Nov 27, 2006
    London
    kaspersky, end of problem!