My NOD32 with extra settings found a lot of trojan in system32 . what i can do???? take a look..............



http://img459.imageshack.us/img459/3259/lllzo0.th.jpg (http://img459.imageshack.us/my.php?image=lllzo0.jpg)


I can't end the process (winlogon.exe) to delete this files??????????

Reboot, seems like someof those log entries say the trojan will be deleted on rebooting. You should also try running the scan in safe mode, that makes it easier as not as many processes load and our easier to delete

I have do that---nothing

Best is to become a member here (http://www.castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html) and post a Hijackthislog.

GET

-{ Quote: "Best is to become a member here and post a Hijackthislog." }-

the guys here are too kind an helpful....They've helped me many time....::)

I have made a Hijack-thing...check the file for delete,,but they appear again???!!!???

Hello Greenfly .



Make sure your definition is up-to-date by pressing Control Center -> Update -> Update now.

Make sure your settings are the same as this tutorial (http://www.wilderssecurity.com/showthread.php?t=37509).

Boot in Safe Mode (http://support.microsoft.com/kb/315222)

Open NOD32's on-demand scanner from Start -> Programs-> ESET ->NOD32 ,make sure you use Control Center profiles and perforum full Scan&Clean over your hard drives . NOD32 will take care of these threats


You can also use Ewido Micro (http://download.ewido.net/ewido_micro.exe) for second opinion


If this still doesn't help , can you please also send a HijackThis log file to ESET Tech Support (support[at]eset.com) along with more information and a link to this thread.You might have something like trojan-downloader/dropper undetected by NOD32 . Let us know how you go. :thumb:

Email address edited to prevent it from being harvested by robots

-{ Quote: "I have made a Hijack-thing...check the file for delete,,but they appear again???!!!???" }-

Yes, but you shouldn't use hjt yourself. Post a log in a forum like CastleCops and people there will tell you what to do and that's in this case a lot more then just click "Fix" :), but by all means do it the way other wilders-people tell you if that makes you feel more comfortable.;)

-{ Quote: "My NOD32 with extra settings found a lot of trojan in system32 . what i can do???? take a look..............


" }-

Official complaint:

Posting pictures from other sites (http://www.wilderssecurity.com/showthread.php?t=171258)

winlogon.exe is a windows system process

For instance, Wigon patches the system file winlogon.exe and some other trojans inject their dlls into it. I'd suggest Greenfly to email support[at]eset.com and enclose a link to this thread.

Get :

-{ Quote: " Best is to become a member here and post a Hijackthislog." }-

Thanks Man ,, the guys are great ...;D they solving my problem "in progres"

-{ Quote: "Thanks Man" }-

You're welcome. Good luck :).