3 Replies Latest reply on Jan 5, 2010 10:25 AM by dmeier

    Trojan not allowing Login

      I run McAfee, free through Comcast.  While in a web site McAfee detected the presence of a trojan.  Apparently McAfee was unable to disable it.  I kept getting popups (trojanspm lx) warning be of a security issue.  I ran a complete virus scan and it detected several unwanted files, however, I was not able to delete the quarantined files (Artemis!).  I was not even able to find Folder Options in Control Panel to see if the quarantined files were not being shown because the were hidden.  Meanwhile, the popups continued.  I tried to get into the register via regedit, but it was not allowed (admin privileges).  I rebooted the computer which appeared to open Windows normally bringing me to the user account page.  When I login I briefly see the background and then the I am logged out.  This happens with all accounts and in all modes, i.e., Safe Mode, etc.  I created a boot disk as described in another post and was able to get into the computer.  I ran the McAfee and ESET NOD32 Online Scanner and came up with two files which were deleted, neither that looked too suspicous. I downloaded MalwareBytes but was unable to start it receiving a mbam.exe system error - missing MSVBVM60.DLL.  I downloaded this file but am unable to extract the .zip file.  I recently backed up all important files and can see most files using the boot disk for additional backup.  Is there a fix or should I just do a clean reinstall of my operating system and all programs?  Thanks!

        • 1. Re: Trojan not allowing Login
          dmeier

          You might get up and running more quickly if you choose to format/reinstall.  However, that wouldn't be any fun    It's up to you.  if you want to continue, I would recommend booting into a boot cd, and then perhaps running our stinger utility (enable artemis), to see if anything is found.

           

          - David

          • 2. Re: Trojan not allowing Login

            David - Thanks for the reply!  Looks like I just got it.  The virus downloaded an executable file, winlogin86.exe, which runs on startup and changed the Userint registry file from "C:\Windows\System32\userinit.exe" to "C:\Windows\System32\winlogon86.exe", as was mentioned in another post.  It also disabled the regedit run command.  The Secured2K boot disk was a very helpful tool allowing me to get into the system, delete the winlogon86.exe file as well as a few other suspicious files and change the Userinit registry file.  Once back into the computer via normal login I ran several anti-virus/malware applications that found and cleaned several other files related to this virus.  It appears things are working fine again .

            • 3. Re: Trojan not allowing Login
              dmeier

              Great to hear. I'm glad you have your computer back

               

              - David