I run McAfee, free through Comcast. While in a web site McAfee detected the presence of a trojan. Apparently McAfee was unable to disable it. I kept getting popups (trojanspm lx) warning be of a security issue. I ran a complete virus scan and it detected several unwanted files, however, I was not able to delete the quarantined files (Artemis!). I was not even able to find Folder Options in Control Panel to see if the quarantined files were not being shown because the were hidden. Meanwhile, the popups continued. I tried to get into the register via regedit, but it was not allowed (admin privileges). I rebooted the computer which appeared to open Windows normally bringing me to the user account page. When I login I briefly see the background and then the I am logged out. This happens with all accounts and in all modes, i.e., Safe Mode, etc. I created a boot disk as described in another post and was able to get into the computer. I ran the McAfee and ESET NOD32 Online Scanner and came up with two files which were deleted, neither that looked too suspicous. I downloaded MalwareBytes but was unable to start it receiving a mbam.exe system error - missing MSVBVM60.DLL. I downloaded this file but am unable to extract the .zip file. I recently backed up all important files and can see most files using the boot disk for additional backup. Is there a fix or should I just do a clean reinstall of my operating system and all programs? Thanks!
You might get up and running more quickly if you choose to format/reinstall. However, that wouldn't be any fun It's up to you. if you want to continue, I would recommend booting into a boot cd, and then perhaps running our stinger utility (enable artemis), to see if anything is found.
David - Thanks for the reply! Looks like I just got it. The virus downloaded an executable file, winlogin86.exe, which runs on startup and changed the Userint registry file from "C:\Windows\System32\userinit.exe" to "C:\Windows\System32\winlogon86.exe", as was mentioned in another post. It also disabled the regedit run command. The Secured2K boot disk was a very helpful tool allowing me to get into the system, delete the winlogon86.exe file as well as a few other suspicious files and change the Userinit registry file. Once back into the computer via normal login I ran several anti-virus/malware applications that found and cleaned several other files related to this virus. It appears things are working fine again .