Please can I have your help...
I recently downloaded some files from a friend's website to try and help them remove the problem which was causing Google to ban it. In order to do this I had to download them to my PC with FTP.
However since then Kerio is saying I have an intrusion attempt.
Basically all their html files were infected with a javascript which should not be there occurring once in the header and a script at the end of the closing html tag. I removed them all and their site is working fine. HOWEVER.... my PC is not.
When I downloaded the files AVG quarantined a number of them and I identified the viruses as Psyme (which it healed) and JS/Downloader.Agent (which it said it did not heal) - however when I run AVG it says no threats are identified.
Since that time my Kerio firewall keeps on "identifying and blocking an intrusion attempt of type Code injection" (details pasted below)
Can anyone kindly advise me...
1) Is this a trojan?
2) Is there any fix?
________________________
Intruder: \??C:\\WINDOWS\systme32\winlogon.exe
Technical details about the intrusion attempt:
Injector application: \??\C:\WINDOWS\system32\winlogon.exe
Description: winlogon
File version:
Product name:
Product version:
Created: N/A
Modified: N/A
Accessed: N/A
Target application: C:\WINDOWS\system32\svchost.exe
Description: Generic Host Process for Win32 Services
File version: 5.1.2600.5512 (xpsp.080413-2111)
Product name: Microsoft® Windows® Operating System
Product version: 5.1.2600.5512
Created: 2004/8/4, 10:00:00
Modified: 2008/4/14, 00:12:36
Accessed: 2008/10/16, 08:29:29
Address of injection: 0x026169B6
________________________
Can anyone kindly advise me best course of action?
Best regards
Richard
I recently downloaded some files from a friend's website to try and help them remove the problem which was causing Google to ban it. In order to do this I had to download them to my PC with FTP.
However since then Kerio is saying I have an intrusion attempt.
Basically all their html files were infected with a javascript which should not be there occurring once in the header and a script at the end of the closing html tag. I removed them all and their site is working fine. HOWEVER.... my PC is not.
When I downloaded the files AVG quarantined a number of them and I identified the viruses as Psyme (which it healed) and JS/Downloader.Agent (which it said it did not heal) - however when I run AVG it says no threats are identified.
Since that time my Kerio firewall keeps on "identifying and blocking an intrusion attempt of type Code injection" (details pasted below)
Can anyone kindly advise me...
1) Is this a trojan?
2) Is there any fix?
________________________
Intruder: \??C:\\WINDOWS\systme32\winlogon.exe
Technical details about the intrusion attempt:
Injector application: \??\C:\WINDOWS\system32\winlogon.exe
Description: winlogon
File version:
Product name:
Product version:
Created: N/A
Modified: N/A
Accessed: N/A
Target application: C:\WINDOWS\system32\svchost.exe
Description: Generic Host Process for Win32 Services
File version: 5.1.2600.5512 (xpsp.080413-2111)
Product name: Microsoft® Windows® Operating System
Product version: 5.1.2600.5512
Created: 2004/8/4, 10:00:00
Modified: 2008/4/14, 00:12:36
Accessed: 2008/10/16, 08:29:29
Address of injection: 0x026169B6
________________________
Can anyone kindly advise me best course of action?
Best regards
Richard