Tech Support Forum banner
Cancel

winlogon.exe issue

Jump to Latest Follow
Status
Not open for further replies.
1 - 4 of 4 Posts
D

· Registered
Joined
·
16 Posts
Discussion Starter · #1 ·
A couple of days ago my computer was infected with a trojan. Since someone else was using it when this happened i dont know how it happened and why AVG or Prevx1 was not able to detect/terminate it. What the trojan did to my computer was disable the normal booting process. The computer would start up the windows xp screen with the bar loads and after a few seconds the computer restarts. I ran an AVG scan(both the old and the new 7.5 version) and found out i got infected with Trojan horse flooder.AKE(old AVG version) and the new version showed i had Downloader.Agent.bc. The path of the Trojan horse was C: WINNIT\system32\winlogon.exe. In an attempt to manually fix the problem the winlogon.exe was renamed and the .exe was deleted, so it ended up as winlogon.
Now XP doesnt load at all. I can get to the safe mode screen but i cant load the system. Should i abandon all hope of ever restoring the computer or saving the files that were on it?
Appreciate any help.
 
Glaswegian

· Premium Member
Joined
·
39,718 Posts
#2 ·
Hi

The location you quoted was the legit location for that file. However, you can replace the file from your XP CD. But you will have to use the Recovery Console. I'm no expert with the RC, but this MS Article should cover all you need to know.
 
D

· Registered
Joined
·
16 Posts
Discussion Starter · #3 ·
Thanks for the reply Glaswegian. After i replace the file i should be able to start the computer again in safe mode? I know the trojan is still going to be there. Another thing when i scanned the winlogon.exe application with AVG it showed that the trojan was there.
 
Glaswegian

· Premium Member
Joined
·
39,718 Posts
#4 ·
You said you already renamed and deleted the file, so the one from the CD should just be a straight replacement. If you get your system working again, I suggest you download HijackThis - this program will help us determine if there is any spyware/malware on your computer.
  • Create a folder at C:\HJT and move HijackThis.exe there.
  • Make sure you close down EVERY open window and close ALL browser windows. The only thing that should be open is the HijackThis program.
  • Run a scan and save the log file.
  • Copy the text file (Ctrl+A then Ctrl+C) and paste it (Ctrl+V) in a new thread in the HJT Forum (do not attach it or post it here).
  • Do not fix any entries in HijackThis since they may be harmless.
    [*]Make sure to include the System information at the top of the log as well.

There may be other items that require attention and it would be best to give your system a complete clean up.
 
1 - 4 of 4 Posts
Status
Not open for further replies.
About this Discussion
3 Replies
2 Participants
Last post:
Glaswegian
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top