The_Comanch3
Posts: 8 +0
Deleted Winlogon.exe
My Moms/sisters computer was recently infected with a virus, "altnet" "IEupdate" just to throw those out there. But I am not here to ask for a fix. (for the virus anyways) But, I did some research and found some running processes that are coorilated with the virus. I couldn't find them, in the task manager like the site said, or in search. and a multitude of spyware removal tools and virus scanners (trusted programs) and they can't stop it. Not norton, not ad-aware, it sucks. The virus causes many pop ups that tell you that you have such and such worm, this and that, and says to get "SUPER SPYWARE REMOVAL" (i made that name up) which you click yes-it sends you to the site(bad), you click no-it doesn't send you to a site(not so bad) or you click the top X- and it doesn't send you to a site(still bad, but most likely not as bad as clicking no)
So I decided, since this thing hides so well. I might be able to locate it with a better advanced task manager. So I found a program called "advanced task manager" which is a clean program (i hope) because I currently have it on my computer, and it hasn't done anything bad.
So I was able to EVERYTHING that was going through the computer. what programs were running, what files were running, what programs were running those files. and so I would wait for a pop-up to show on screen, and would try and see what processes/files/programs were showing up whenever I got the pop-ups. I semi-unprofessionally concluded that it was "SvcHost" quarantined that, nothing really happened.....and conluded to "winlogon.exe" I quarantined that (BAD IDEA!) computer shut off, goes to reboot, gets to the XP load screen, finishes loading, monitor reads "no signal input" then it restarts and does it all over again, and again, and again.
I do not know if the file I ended was actually winlogon.exe it could have been "Winlogon.exe" "Winlogin.exe" "WinIogin.exe" "WinIogon.exe"
anyways, if you have made it this far in my story, is there any possible way to fix this. I feel bad, because I know this is my fault. My mom currently thinks that the virus just went into High gear. I really need to fix this, because my mom LOVES geneology, and has save-files, pictures and data of her geneology research. and seeing as she has probably spent a good 300+ hours with her Hobby, I would never be able to live that down... being the cause of the loss..... The computer is replacable, its some cheap-$150-$300 so either buy a new one or repair it. which the repair is probably expensive and may not even be able to save the harddrive files. unless I can do it myself. I'm thinking along the lines of getting into Command prompt-whichever "F-" button gets you there during startup. give me some input, please help
P.S. WinLogin.exe (or whatver variation I listed) was NOT deleted as I said in the title, and first words of the post. I Quarantined it by the program 'Advanced Task Manager' I only said delete to catch peoples eyes. I just learned this myself. but I'm sure many many people on here now that when they see 'Winlogon.exe' and 'deleted' in the same sentence, they know its bad. sorry for the long post.
My Moms/sisters computer was recently infected with a virus, "altnet" "IEupdate" just to throw those out there. But I am not here to ask for a fix. (for the virus anyways) But, I did some research and found some running processes that are coorilated with the virus. I couldn't find them, in the task manager like the site said, or in search. and a multitude of spyware removal tools and virus scanners (trusted programs) and they can't stop it. Not norton, not ad-aware, it sucks. The virus causes many pop ups that tell you that you have such and such worm, this and that, and says to get "SUPER SPYWARE REMOVAL" (i made that name up) which you click yes-it sends you to the site(bad), you click no-it doesn't send you to a site(not so bad) or you click the top X- and it doesn't send you to a site(still bad, but most likely not as bad as clicking no)
So I decided, since this thing hides so well. I might be able to locate it with a better advanced task manager. So I found a program called "advanced task manager" which is a clean program (i hope) because I currently have it on my computer, and it hasn't done anything bad.
So I was able to EVERYTHING that was going through the computer. what programs were running, what files were running, what programs were running those files. and so I would wait for a pop-up to show on screen, and would try and see what processes/files/programs were showing up whenever I got the pop-ups. I semi-unprofessionally concluded that it was "SvcHost" quarantined that, nothing really happened.....and conluded to "winlogon.exe" I quarantined that (BAD IDEA!) computer shut off, goes to reboot, gets to the XP load screen, finishes loading, monitor reads "no signal input" then it restarts and does it all over again, and again, and again.
I do not know if the file I ended was actually winlogon.exe it could have been "Winlogon.exe" "Winlogin.exe" "WinIogin.exe" "WinIogon.exe"
anyways, if you have made it this far in my story, is there any possible way to fix this. I feel bad, because I know this is my fault. My mom currently thinks that the virus just went into High gear. I really need to fix this, because my mom LOVES geneology, and has save-files, pictures and data of her geneology research. and seeing as she has probably spent a good 300+ hours with her Hobby, I would never be able to live that down... being the cause of the loss..... The computer is replacable, its some cheap-$150-$300 so either buy a new one or repair it. which the repair is probably expensive and may not even be able to save the harddrive files. unless I can do it myself. I'm thinking along the lines of getting into Command prompt-whichever "F-" button gets you there during startup. give me some input, please help
P.S. WinLogin.exe (or whatver variation I listed) was NOT deleted as I said in the title, and first words of the post. I Quarantined it by the program 'Advanced Task Manager' I only said delete to catch peoples eyes. I just learned this myself. but I'm sure many many people on here now that when they see 'Winlogon.exe' and 'deleted' in the same sentence, they know its bad. sorry for the long post.
