Malware Problems on PC

[Shotokan101]

I should be able to test the performance this weekend. Someone has given me their machine to fix and it is pretty much the same spec as I'll be going for. Once I finish removing all the spyware, trojans and viruses that is This machine is riddled with badness, it wouldn't even boot when it was given to me. One person who looked at it sucked air through their teeth and said "new HDD required" pfffft shows what you know. So far I've cleared a rootkit that kept giving a BSOD, a few hundred spy/malware and after only 5 minutes of virus scan 80 viruses found. Little wonder the poor thing didn't work.

I think that we should change your forum name to Domestos eMu

[eMuNiX]

126 viruses in total, I'm impressed. One final problem that I haven't found a cure for is winlogon.exe keeps throwing a wobbly so I get a few errors at logon. Second problem is I can't access the windows firewall to enable it and when I turn the machine off winlogon.exe causes a BSOD. A few more hours and I'll get there. Loathed to reinstall windows.

[Shotokan101]

126 viruses in total, I'm impressed. One final problem that I haven't found a cure for is winlogon.exe keeps throwing a wobbly so I get a few errors at logon. Second problem is I can't access the windows firewall to enable it and when I turn the machine off winlogon.exe causes a BSOD. A few more hours and I'll get there. Loathed to reinstall windows.

Any specific error messages eMu ?

[eMuNiX]

http://support.microsoft.com/default.as ... -us;156669

Basically this but it doesn't help me

[Shotokan101]

http://support.microsoft.com/default.as ... -us;156669

Basically this but it doesn't help me

Does the system have windows autoupdates enabled ? if so try disabling them.

What about error message when trying to access/enable windows firewall ?

[eMuNiX]

"Due to an unidentified problem windows cannot display windows firewall settings." Also since connecting this PC to my SART2 the connection keeps failing, just like when you use too many torrents so something is amiss

[Alan]

To be honest emu, with a PC that badly infected I would defenatly re format and start again, no matter how thorough you are you just might be leaving something lurking in the background

[Shotokan101]

To be honest emu, with a PC that badly infected I would defenatly re format and start again, no matter how thorough you are you just might be leaving something lurking in the background

Good advice indeed - however sometimes it's worth persevering to get a better understanding of the causes for future reference before wiping the evidence

[Alan]

I understand what you are saying Jim, but at the end of the day the trick is to not get them on your system in the first place

[eMuNiX]

To be honest emu, with a PC that badly infected I would defenatly re format and start again, no matter how thorough you are you just might be leaving something lurking in the background

Agreed but my XP discs keep BSODing, it is a Slipstreamed SP2 and I think that these don't get on with SATA drives. The Dell rescue discs weren't given to me with the PC. So for this one, fixing it is my only real option. Since running Adaware, SpywareBlaster, Spybot SD, AVG and CCleaner it runs pretty much full speed again. Fixing winlogon.exe will finish things off

[Shotokan101]

I understand what you are saying Jim, but at the end of the day the trick is to not get them on your system in the first place

Absolutely agree Alan - I was really making the point that for a lot of users a full reinstall probably is a major undertaking and if there's a "relatively light" case of infection and this sort of symptom shows up it would be nice to be able to sort it out - also the problem "may" not be malware related (although winlogon is apparently a common target )

@eMu - any luck with the "autoupdate" ?

also have you checked the location and size/date info. for the winlogon.exe with another pc ?

[eMuNiX]

I have now got this thing working. Replacing AVG with McAfee Enterprise 8.0 revealed another 90+ viral infections. AVG AntiSpyware also showed a further 125 spyware/trojans etc that Spybot, SpywareBlaster and Adaware missed. Also Hijackthis showed instcat.dll affecting winlogon, removing this dll and the others cleaning means that it will now reboot without any BSODs

[Shotokan101]

I have now got this thing working. Replacing AVG with McAfee Enterprise 8.0 revealed another 90+ viral infections. AVG AntiSpyware also showed a further 125 spyware/trojans etc that Spybot, SpywareBlaster and Adaware missed. Also Hijackthis showed instcat.dll affecting winlogon, removing this dll and the others cleaning means that it will now reboot without any BSODs

Well done eMu

...must say that I'm surprised that AVG etc. missed as many as you found with McAfee

I currently manage a large McAfee Installation (7000+ clients) with ePO from McAfee and it's "O.K." and the MCAfee home products never seem to rate that highly in comparative reviews that I've seen

EDIT: - is the firewall problem now resolved as well ?

[eMuNiX]

To be fair I think most of the infections would possibly be ones that AVG picked up but might not have dealt with properly. I like McAfee Enterprise, if it is good enough for a thumping great shipping line such as Maersk then I think I am happy to trust it too

Firewall issue fixed by carrying out the fix in this post

Now I just have to curb my excitement until the money for buying the new HDD that expect for me to fit is safely in my hands

[Shotokan101]

Cheers eMu - why not upgrade the Windows Firewall with the Free Comode one (for example) while you wait......