[zergpc208]

I seem to have some virus or spyware because the internet is slow .I will post the highject this long.

C:\wincBR.EXE
And I got trojan horse IRC/backdoor.sdbot2HKI

Logfile of HijackThis v1.99.1
Scan saved at 1:48:33 PM, on 22/12/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: RHSI Toolbar - {4DF5B116-4FD9-4039-B377-1130953A980F} - C:\PROGRAM FILES\ROGERS HI-SPEED INTERNET\RHSI TOOLBAR\TOOLBAND.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://map.hamilton.ca/InteractiveMaps1024/ACGM/Acgm.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/175a863c8e84e537da20/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

With the AVG pop up should I click on move to vault or click on heal?

 

[zergpc208]

I ran adware and found nothing but tracking cookies .I should say before I had some spyware and torjan hores in the back up folder and vault of AVG but I did not know If I should have clean it out or not.

I also got some more AVG pop ups.

Also one of my MSN groups is not working what should I do?I think one of my MSN groups may have some spyware.

I also ran spybot and got this.
http://img130.imageshack.us/img130/5892/save8xw9.jpg

 

[JSntgRvr]

Hi, zergpc208

Welcome to the forum.

I hope I am early.

Click Ignore on these findings. If you already Quarantine these files, restore them. If you delete the Winlogon.exe entry, you will not be able to logon into Windows after a restart.

Flooder.ake

Flooder.Ake is a brand new threat that began to appear on people's computers on December 6th, 2006.

The symptoms of infection are an alert window which pops up reading "threat found, trojan horse, heal now". Clicking this popup quarantines a system file, which then restarts the computer and pops up the alert again. The computer is then stuck in an infinite loop. There are several solutions which have been reported to work (see below).

This problem only seems to be impacting users of the antivirus program, AVG. Initial indications are that this not a true virus, but rather a bug in AVG that results in damage to system critical files.

If you are experiencing problems associated with flooder.ake, please post any pertinent information below. If you have a screenshot that we may share with our readers, please post a URL where we may find it. Thank you!

Solutions for fixing Flooder.ake

Solution #1:

1. Boot your computer to Safe mode. Power on (or restart) your computer, keep pressing F8 key until the Startup menu appears and choose "Windows in Safe Mode".

2. Uninstall AVG through the control panel "Add or Remove Programs" applet.

3. Reboot.

Solution #2:

1. Boot your computer to Safe mode. Power on (or restart) your computer, keep pressing F8 key until the Startup menu appears and choose "Windows in Safe Mode".

2. In the Windows Safe mode, navigate to following folder:

C:\WINDOWS\system32\drivers\

3. Rename rename the following files to avoid furhter deleting of "winlogon.exe".

AVGCLEAN.SYS -> AVGCLEAN.SY_
AVGRSXP.SYS -> AVGRSXP.SY_

4. Launch Registry Editor (regedit.exe) and remove the "__delete" value in the right pane from this key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AvgClean

5. Restart the computer back to Windows normal mode

6. Update your AVG program to latest virus base version. Launch AVG or open AVG Control Center and press F9 key to update your AVG.

7. Then rename the SYS files back to their original names

AVGCLEAN.SY_ -> AVGCLEAN.SYS
AVGRSXP.SY_ -> AVGRSXP.SYS

8. Restart your computer for to get AVG Resident shield loaded again

Solution #3:

If either of the above solutions do not work, you will have to reinstall your Windows operating system.

Standby for futher instructions.

 

[zergpc208]

Click Ignore on these findings. If you already Quarantine these files, restore them. If you delete the Winlogon.exe entry, you will not be able to logon into Windows after a restart.

wow long reply thats take it slow.I don't think I quarantine these files but how can I tell ? I hav not updated AVG for a very long time and same with adware and spybot.I think it is over a year I updated AVG.

I just started to get this virus pop up and the internet running slow some web sites more slow than other web sites. Also in the past some days when turning the computer off it freezes at the shut off screen .

Flooder.ake

Flooder.Ake is a brand new threat that began to appear on people's computers on December 6th, 2006.

Do I have this Flooder.ake virus ?

The symptoms of infection are an alert window which pops up reading "threat found, trojan horse, heal now". Clicking this popup quarantines a system file, which then restarts the computer and pops up the alert again. The computer is then stuck in an infinite loop. There are several solutions which have been reported to work (see below).

I have not had this problem or any other pop ups but the AVG pop ups, I just click on ignore or nothing.But when I run adware or go in windows explorer I get the virus pop ups.

This problem only seems to be impacting users of the antivirus program, AVG. Initial indications are that this not a true virus, but rather a bug in AVG that results in damage to system critical files.

So all 5 AVG pop ups I posted here are not true virus and I should do nothing with them?

If you are experiencing problems associated with flooder.ake, please post any pertinent information below. If you have a screenshot that we may share with our readers, please post a URL where we may find it. Thank you!

How can I tell If I have a flooder.ake problem? And why is the interent slow and some web sites slow.

And what should I do with the AVG pop ups .

 

[JSntgRvr]

Hi, zergpc208

Since Winlogon.exe is part of the detections, chances are your AVG software has the bug.

Make sure you have ignored these findings and go through the Solutions above. Once you have completed a solution, re-scan with AVG. If Winlogon.exe still part of the findings, try the second solution.

In any event, Winlogon cannot be part of the findings as it is a critical object.

Keep me posted.

 

[zergpc208]

So Solution 1: I should try to Uninstall AVG in safe mode? And if that does not work rename the file AVGCLEAN.SYS -> to file AVGCLEAN.SY_ and than file AVGRSXP.SYS -> to file AVGRSXP.SY_ ??

I should say before the windows splash screen AVG checks the boot sector for virus before windows starts.

And what should I do with the 5 AVG virus pop ups?

I also seem to have this in AVG vault.
http://img72.imageshack.us/img72/2851/save55va6.jpg
http://img340.imageshack.us/img340/2508/save44ff7.jpg

 

[zergpc208]

Also should I not scan with AVG and click on heal on all files posted but Winlogon.exe ? And remove every thing spybot found?

And is the other 4 is it true virus ?

 

[JSntgRvr]

Hi, zergpc208

Also should I not scan with AVG and click on heal on all files posted but Winlogon.exe ? And remove every thing spybot found?

And is the other 4 is it true virus ?

Whatever is not in the Virus Vault, such as Winlogon.exe, do not fix yet. You will be able to detect these, except Winlogon.exe , once AVG is reinstalled (I don't expect Winlogon.exe will be part of it once you reinstall.

So, lets take it one step at a time:

Click Here to download AVG Free. Save the file on your desktop. Do not run the file yet.

Reboot into safe mode.

Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

AVG Antivirus

If asked to delete the files in the Virus Vault, select Yes. (I am assuming Winlogon.exe is not part of them)

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\PROGRAM FILES\GRISOFT

Restart the computer

Double click on the downloaded file to reinstall AVG Free. Once installed, update the definitions and perform a Scan. Is Winlogon.exe part of the objects infected during this scan?

 

[zergpc208]

Okay I did that and here is a new long file.

I should say I download avg75free_432a861.exe at http://free.grisoft.com/freeweb.php/doc/5390/lng/us/tpl/v5#avg-anti-virus-free

Now should I install AVG?

Logfile of HijackThis v1.99.1
Scan saved at 7:49:45 PM, on 22/12/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\IRMON.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\LOGITECH\ITOUCH\ITOUCH.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\PROGRAM FILES\LOGITECH\MOUSEWARE\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/nwshp
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 6.0\READER\ACTIVEX\ACROIEHELPER.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: RHSI Toolbar - {4DF5B116-4FD9-4039-B377-1130953A980F} - C:\PROGRAM FILES\ROGERS HI-SPEED INTERNET\RHSI TOOLBAR\TOOLBAND.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [IrMon] IrMon.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] LOGI_MWX.EXE
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\WCESCOMM.EXE"
O4 - Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\SYSTEM\E_SRCV03.EXE
O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRAM FILES\MICROSOFT ACTIVESYNC\INETREPL.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://map.hamilton.ca/InteractiveMaps1024/ACGM/Acgm.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/175a863c8e84e537da20/netzip/RdxIE601.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://groups.msn.com/controls/PhotoUC/MsnPUpld.cab

 

[JSntgRvr]

Hi, zergpc208

I should say I download avg75free_432a861.exe at http://free.grisoft.com/freeweb.php/...nti-virus-free

That was what I asked you to do first. Check the post above.

 

[zergpc208]

Okay I will install it.And by the way the internet seems to be working faster so it looks like it was AVG.

 

[zergpc208]

Okay I install the AVG and when I click on updates I got this.

I also get a error trying to update adaware.

I got some more AVG pop ups.

The internet seems to be faster but some times it is saying it is loading a page but every thing is there and nothing to load.I find uploading to the internet to be slow and some windows operations like moving file to other folder to be slow.

 

[JSntgRvr]

Hi, zergpc208

Jotti File Submission:

• Please go to Jotti's malware scan
  
• Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
  • C:\WINDOWS\SYSTEM32\Winlogon.exe
• Click on the submit button
• Please post the results in your next reply.

Please send the rest to the Virus Vault and delete the C:\!Killbox folder.

Click here to download Dr.Web CureIt and save it to your desktop.

• Doubleclick the drweb-cureit.exe file and allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
  
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
• This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply along with a new HijackThis log.

 

[zergpc208]

I seem to have some problem with connecting to the internet but it is working now.I found a folder in the recycle bin called Grisoft and folder called !KillBox in C:\!KillBox

I can't find C:\WINDOWS\SYSTEM32\Winlogon.exe

I looked in Windows Explorer and can't find it or clicking on start and find than files or folder I can't seem to find it .

And going to http://virusscan.jotti.org/ I get this when I try to upload it.

The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

How do I find Winlogon.exe ??

 

[zergpc208]

Please send the rest to the Virus Vault .

So I should try to heal the below and if it does not work try to move it to the Virus Vault ? I just want to make sure the files below I'm to move it to the Virus Vault ?

 

[JSntgRvr]

Hi, zergpc208

Move all to the Virus Vault, then open the Virus Vault, right click on these files and delete.

Is AVG detecting C:\WINDOWS\SYSTEM32\Winlogon.exe ?

How is the computer doing?

 

[zergpc208]

When I try to move this to the Virus Vault I get this pop up.

Also I'm still getting the C:\WINDOWS\SYSTEM32\Winlogon.exe pop up.

 

[JSntgRvr]

Hi, zergpc208

I have a Windows 98 machine, and none of these files are part of it. Winlogon.exe is a critical object in Windows XP and on any NT OS, but not on Windows 98 and ME.

My concern is that AVG should not detect Winlogon.exe in the System32 folder as malware. If winlogon.exe is detected in a folder other than the System32, then I wouldn't be concerned.

Since you OS is Windows 98, and winlogon.exe as well as the SR$HOSTU.exe files, are not system files, I would say, send them all to the Virus Vault, then Delete.

Keep me posted.

 

[zergpc208]

Okay just a update I don't want to troubleshoot this problem to my new cordless/cable router I got for the new year is up and running because I may run into problem if I move this to the virus vault.

To connect to the internet you need a IP adress for the computer that is using the internet and a gateway address for my ISP ? Well I'm going to be putting in new cordless/cable router.

And What about security problem?