I need help, but I don't know what to do...

Status
Not open for further replies.
Shrike

Shrike

Member
I have 55 virus infected files on my computer, and when I scanned them, what happened is that the damn virus literally has me locked out of my account >_>
I can log in, but I have no privledges. I can't open any exes besides firefox.
It tells me I don't have permissions even though I have ADMINISTRADOR privleddges.
The virus is called winlogon.exe <_<
I'm pretty sure that's a system file, because it shows up in task manager as a system process... but ever since I started getting errors with it everything's been fucked up beyond repair. I've tried going into safe mode and checking the files... My friend sb showed me a really good virus scanning program, but when the program scanned the files, the process was promptly ended. so.. I'm at a loss as to what to do. Everyone's telling me to do a purge and wipe the hard drive completely... but I don't want to do that. Any suggestions or ideas? :(
 
Shrike said:
The virus is called winlogon.exe <_<
Click to expand...

winlogon.exe is not a virus...it's the system startup process. You'll need to locate the real virus before we can help you.
 
I believe the virus infected that process... my antivirus identified all infected files... but I don't know what the origin of the virus is.
 
I had gotten a popup from a website named keys.tk
My system has been fucked up ever since then >_>
Also JTE, despite how helpful your comment was, I had to chuckle at it.
 
Shrike said:
I had gotten a popup from a website named keys.tk
My system has been **** up ever since then >_>
Also JTE, despite how helpful your comment was, I had to chuckle at it.
Click to expand...
What are you using to virus scan?
 
I can't use anything. The processes were killed the minute the popup came up...
My permissions have been denied to delete, copy/paste, or open/edit any applications except Firefox and several game executables.
So...
 
Shrike said:
I can't use anything. The processes were killed the minute the popup came up...
My permissions have been denied to delete, copy/paste, or open/edit any applications except Firefox and several game executables.
So...
Click to expand...
Did logging in other users help?
 
Winlogin IS a system file...

Best thing you can do is this:

1. Download Spybot Searh & Destroy from http://www.spybot.com/. If needed, have a friend do it and give it to you on CD.

2. Boot into Safe Mode (hold down F8 at Windows startup and select Safe Mode).

3. Run that and your antivirus.

4. Clean everything.

5. Restart into Windows.

If that gets nowhere, you can try manually removing the virus' files in Safe Mode or with a Linux LiveCD (find specific instructions for individual viruses you have first). You can also try System Restore from within Safe Mode, and if all else fails, backup your crap, make sure it's clean, and install Win7 RC1 or XP onto another partition.
 
I think I'm going to have to do the last part there...
I can't delete the files because they're all system processes. Spybot wanted to delete them.
 
They aren't necessarily - they may be dummy copies. But if they are actually system files, you need to reinstall :(

Try Windows 7 RC! xD
 
Yeah, a word of advice: don't wipe out your hard drive unless you can't afford to try and fix the problem anymore. The man is smarter than the machine, and this is coming from personal experience trying for many hours in a few days to fix a really tricky problem.



If the virus is winlogon.exe, then it's probable that the virus planted itself onto one of the system folders mimicking the actual program that handles your logins and privileges. This makes sense, considering you're having trouble running exes and the like. Hopefully this is the case, because if it's not the real deal, then I think you should be able to get rid of it in spite of your lack of privileges. I would suggest shutting down the winlogon.exe process in your task manager, finding the mimic exe (search tool may help here if set on the appropriate settings), deleting it, and then trying to run some of the programs. If you can pluck the problem by its source, then all of the little tracking cookies and dlls etc. should be a cinch to clean up with an antivirus program.
 
Blue Warrior said:
Yeah, a word of advice: don't wipe out your hard drive unless you can't afford to try and fix the problem anymore. The man is smarter than the machine, and this is coming from personal experience trying for many hours in a few days to fix a really tricky problem.



If the virus is winlogon.exe, then it's probable that the virus planted itself onto one of the system folders mimicking the actual program that handles your logins and privileges. This makes sense, considering you're having trouble running exes and the like. Hopefully this is the case, because if it's not the real deal, then I think you should be able to get rid of it in spite of your lack of privileges. I would suggest shutting down the winlogon.exe process in your task manager, finding the mimic exe (search tool may help here if set on the appropriate settings), deleting it, and then trying to run some of the programs. If you can pluck the problem by its source, then all of the little tracking cookies and dlls etc. should be a cinch to clean up with an antivirus program.
Click to expand...

Most of this is true except one thing: It's not a clone. It planted itself into the actual exe. And... I can't end the process in the task manager. I get the error: "Error: This is a critical system process. Task manager cannot end this process." And.. I can't find the directory the exe is held in :/
 
Status
Not open for further replies.

Who is viewing this thread (Total: 1, Members: 0, Guests: 1)

Back
Top