"Closed due to Complications. If you downloaded this simply run your antivirus. This process is invisible so thats all you can really do as of now.
The process is NOT "invisible" as this particular moderator claims, it IS visible.
The process name is: "winlogin.exe". CTRL+ALT+DEL; Start -> Run -> "taskmgr" -> Processes -> Look for "winlogin.exe" -> Click promptly -> "End Process" -> "Yes".
& since the thread is now deleted, everything I mentioned in there was deleted.
Therefore, AFTER YOU END THE PROCESS "winlogin.exe", REMEMBER TO BROWSE TO C:\Windows\System32 and DELETE winlogin.exe as it is OBSOLETE.
Last edited by Exclusive; 06-27-2009 at 06:21 AM.
The Following User Says Thank You to Exclusive For This Useful Post:
Exclusive, it starts at startup bro. Ending the process temporarily shuts it down. It doesnt get rid of it permanently. Thats in my experience with it.
Are you sure it does? I'm pretty sure it doesn't. It wasn't added to any registry keys for startup/nor was it in msconfig either. I analyzed the file in OllyDBG, doesn't seem to add it to HKLM\Software\Microsoft\Windows\ CurrentVersion\Run or HKCU\Software\Microsoft\Windows\CurrentVersion\Run .
Are you sure it does? I'm pretty sure it doesn't. It wasn't added to any registry keys for startup/nor was it in msconfig either. I analyzed the file in OllyDBG, doesn't seem to add it to HKLMSoftwareMicrosoftWindows CurrentVersionRun or HKCUSoftwareMicrosoftWindowsCurrentVersionRun.
This dude is just crushing me with his techyness....I may need you hmmmm Ill pm you about it.
Are you telling me that 100% block hackshield was a virus?
It was completely undetected by my kaspersky and virustotal, too.
Wow. I found fuckingdl.dll today, and I didn't download the virused files, or so I had thought.
Anyway, winlogin.exe isn't running for me, just the REAL winlogon.exe.
Neither is winlogin.exe in my system32 and it's not in my startup devices.
I have fuckingdl.dll but no other traces of the virus. Kaspersky did that for me, I guess?