oyman 0 Posted January 1, 2005 I downloaded a file for starcraft (still fun to play ) and as luck would have it, it has somekind of virus or worm on it and now its on my computer. I noticed that sc started acting wierd so I closed it and ran norton antivirus and after about 10 seconds it closed itself, so I ran it again, it closed itself again. so I pressed ctrl+alt+del and a error message popped up saying "task manager is disabled by your admin" and i am the admin .If i open up any folder then it starts to lag pretty bad. I also noticed if I try to play any online games or try to update windows it blocks me from doing so. I downloaded AVG anti virus but that cant detect any virus on my computer, ad aware and spybot search and destroy detect some edited registry keys but I cant do anything about them since my access to regedit is also blocked (it says regedit is blocked by my admin again). and I was wondering if any of knew what to do, or what virus type this is I have tried everything to get rid of it but nothing works I think it has to do with lsass.exe Share this post Link to post Share on other sites
Planck 1 Posted January 1, 2005 Try this site oyman, if that doesn't help do a search for issas. http://computercops.biz/article-5276-nested-0-0.html Planck Share this post Link to post Share on other sites
oyman 0 Posted January 1, 2005 that webpage didnt really help but i am checking out the microsoft site site checked my computer for the sasser worms but none are on it i found a little tool that allows me to enable the task manager and i can see some program that is flickering on and off and only shows up for about 1/4 of a second Share this post Link to post Share on other sites
oyman 0 Posted January 2, 2005 after staring at the task manager for the last ~15 minutes i was able to make out that the program that was flickering about, it is Winlogon.exe Share this post Link to post Share on other sites
JdB 151 Posted January 2, 2005 Well, I have that process too, as should any user of a Windows NT based system... Information about winlogon.exe Share this post Link to post Share on other sites
SpeedyDonkey 0 Posted January 2, 2005 Edit: Silly me for not reading the entire first post *insert shame smiley* But i'd still try panda online + adaware. http://www.pandasoftware.com/home/default.asp (in the bottom left corner) http://housecall.trendmicro.com/ Share this post Link to post Share on other sites
benu 1 Posted January 2, 2005 If your system is compromised you should run the check from another system. You could try to get an antivirus program for dos and boot from a clean dos bootdisk, or get one of the many linux cds and boot from them. There are av tools for linux that check windows systems for virus infections. There was one in a german magazine c't called Knoppicilin that fetched the newest av signatures after booting and offered 3 or 4 av tools to check your windows installation (there are not really any virus for linux worth mentioning ). Share this post Link to post Share on other sites
Mr_Tea 0 Posted January 2, 2005 You should try AddAware SE, that could help. Share this post Link to post Share on other sites
D34N 0 Posted January 2, 2005 AdAware SE Personal SpyBot: Search & Destroy Hijack This! Quote[/b] ]I think it has to do with lsass.exe Nope.. Unrelated. Hope it helps! Everyone should run these programs (sans hijack this!) at least once a week. Share this post Link to post Share on other sites
nSe7eN 0 Posted January 2, 2005 Why you don’t use firefox as you’re primary browser and stay protected from most of the malicious codes! Using IE is a fatal error! Known IE Vulnerabilities! Share this post Link to post Share on other sites
oyman 0 Posted January 2, 2005 ok panda anti virus cant find anything norton antivirus cant find anything AVG cant find anything spybot S&D finds edited registry code it fixes it but the modified code keeps on coming back Ad Aware does the same thing as spybot S&D and hijackthis just makes a logfile nothing detects anything and if it does, it fixes it but comes back I was thinking if i should get firefox Share this post Link to post Share on other sites
Colossus 2 Posted January 2, 2005 I was thinking if i should get firefox Are you useing IE now? Share this post Link to post Share on other sites
BraTTy 0 Posted January 2, 2005 You were able to use the free online Pandasoftware activescan? Did you check the "search for trojans" box? Sounds like you have a trojan (hides and keeps popping out) Asides from the recommendations you have, I would also try Giant AntiSpyware Share this post Link to post Share on other sites
Milkman 1 Posted January 2, 2005 What solved all of my worm and trojan problems was booting to safe mode with command prompt, and navigating to my McAfee folder and telling it to scan all files on my system (I think it was */* ?). I even killed the blasted kletz.h worm along with 6 others that refused to die otherwards. Share this post Link to post Share on other sites
oyman 0 Posted January 2, 2005 using the program enditall i was able to find a .exe called WinIogon.exe (that is a i) disgusing itself as Winlogon.exe, when i closed it norton anti virus stopped crashing and when i opened a folder it stopped lagging like crazy. i think i almost killed this virus thingy Share this post Link to post Share on other sites
redface 1 Posted January 3, 2005 the problems with these buggers nowadays is that they keep coming back since they can reinstall & rename themselves perpetually. take care to look for hidden new files in the Windows/system32/ folder, look for any weird new folders in Program Files, and manually delete those files in Safe Mode. I have Spybot running all the time now, which helps. Share this post Link to post Share on other sites