Make sure you try both Adaware and Spybot. One often catches what the other misses. Also make sure they both have the latest updates.
If that doesn't work, have a baseball bat ready.
Printable View
Make sure you try both Adaware and Spybot. One often catches what the other misses. Also make sure they both have the latest updates.
If that doesn't work, have a baseball bat ready.
Ummm yes you'll find backup in C:\WINDOWS\system32\winlogon.exe Hehehe....
There should not be two. The one in C:\WINDOWS\winlogon.exe is most likely part of your problems.
AngelicKnight, its your kinda additude that not only helps spin the hype around alot of malware but also gives peaple like me food on the table. Not to mention it makes *******s like me look smart over nothing and thats just plain sick 'n sad.
From the looks of your log file it looks like ya got the AGOBOT or GAOBOT worm!!! It drops SVVHOST.EXE onto your system. Pretty tricky since SVCHOST.EXE is ok and a Windows system file.Quote:
Originally posted here by komodo_00
Hi I'm new here and have a really annoying problem. I keep getting these 2 messages:
C:\WINDOWS\System32\svvhost.exe
This SVVHOST.EXE is a backdoor...
Check out this link for description and cleaning information.
http://www.sophos.com/virusinfo/anal...2agobothl.html
I would recommend booting into SAFE MODE first and try scanning your system with your antivirus.
Good luck!
If it's AgoBot then clearly the box is worm and backdoor heaven. If thats the case you may also want to checkout C:\WINDOWS\System32\RunDll32.exe
Agobot, adware, welchia/MSblaster? Ahhh man :cool:
There we go. First, I removed all instances of c:\windows\winlogon.exe in my registry. Then I was able to delete the file in safe mode because it was no longer in use. For the other files, I just deleted them. Cleaned up some spyware Ad Aware didn't find and everything seems to be running fine. Oh, I installed PC-Cillin, did a scan and everything looks fine.
Thanks,
Komodo
Just curious, how did you get rid of your peper trojan? PC-cillin won't touch it, nor any other scanner that I am aware of. :confused:
I deleted the decoy winlogon.exe. Since it was in use, I disabled it by removing it from the registry. If you're talking about the svvhost.exe one, I simply cancelled the process and deleted the file.