Member Panel

Nathan

I accidently opened a malicious exe and I had a ton of spyware and viruses installed. I got rid of a lot of them, but I think a trojan or something is still around. My winlogon.exe file is using about 70%+ of cpu and I can't figure out how to fix it. Here's my HJT log:

joe5

Hya Nathan , first please run an Ewido scan first and post the log from that. Then run a Panda active scan here and post the log from that aswell

http://www.pandasoftware.com/product...ACHEHINT=Guest

Also uninstall Red Swoosh in add/remove programs if present and then post a new hjt log please.

Also windows isn't updated but you should now wait with that untill youre clean.

Nathan

Ok, my ewido and panda logs are attached.

I uninstalled "red swoosh" too and attached a new HJT log. What is red swoosh anyway? I don't remember installing it...

joe5

Here is some info on red swoosh:
http://www.auditmypc.com/process/rsednclient.asp

First run ccleaner , and then click on Start->Settings->Control Panel->Java Plug-in and click on the Cache tab. Then click on the Clear button and hit OK.
If you have Java 1.5, do this instead. Start->Control Panel->Java->Settings->Delete Files and click OK and OK.

And then post a new hjt log from normal mode , the f2/f3 entry's are messed up somehow from this one. Did you edit the log?

Nathan

Ok, I cleaned up those java problems. I rebooted into normal mode and winlogon.exe wasn't using any cpu, so I think it's fixed. I didn't the edit original log though. Just in case there are any more problems here's the log from normal mode:

joe5

And now the f2/f3 entry's are gone from the log completly..:icon_scra wierd..

and do you know why Whatpulse is running on youre pc?

http://whatpulse.org/whatis/

And can you upload this file:

O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\symsvcsa.exe

to this site and report back the result:

http://www.virustotal.com/flash/index_en.html

Nathan

I'm aware that whatpulse is running, I'm recording my keys and clicks count.

Here's the result:

Antivirus Version Update Result
AntiVir 6.33.0.77 01.15.2006 no virus found
Avast 4.6.695.0 01.15.2006 no virus found
AVG 718 01.14.2006 Klone
Avira 6.33.0.77 01.15.2006 no virus found
BitDefender 7.2 01.15.2006 GenPack:Trojan.Galapoper.E
CAT-QuickHeal 8.00 01.14.2006 (Suspicious) - DNAScan
ClamAV devel-20051123 01.15.2006 no virus found
DrWeb 4.33 01.15.2006 Trojan.Galapoper
eTrust-Iris 7.1.194.0 01.15.2006 no virus found
eTrust-Vet 12.4.1.0 01.13.2006 Win32/Sinteri
Ewido 3.5 01.15.2006 Trojan.Small
Fortinet 2.54.0.0 01.15.2006 W32/KlonePacked.B-tr
F-Prot 3.16c 01.13.2006 could be infected with an unknown virus
Ikarus 0.2.59.0 01.13.2006 no virus found
Kaspersky 4.0.2.24 01.16.2006 Packed.Win32.Klone.b
McAfee 4674 01.13.2006 Galapoper
NOD32v2 1.1366 01.15.2006 probably a variant of Win32/TrojanProxy.Lager.F
Norman 5.70.10 01.13.2006 no virus found
Panda 9.0.0.4 01.15.2006 Suspicious file
Sophos 4.01.0 01.15.2006 no virus found
Symantec 8.0 01.16.2006 no virus found
TheHacker 5.9.2.074 01.14.2006 no virus found
UNA 1.83 01.13.2006 Win32.CRYPT.virus
VBA32 3.10.5 01.15.2006 Trojan.Galapoper