how do i get rid of the Win32/TrojanClicker.XMedia.G. trojan?

any support would be appreciative thankyou

Hi megsy,

have you tried to delete it with NOD32 on-demand scanner (Start->Programs->Eset->NOD32) ?

Check the name and location of the infected file - in most cases the important files are not infected by a trojan - but it's possible - so pls. be careful.

Rgds., :)

jan

hi
First of all thankyou jan for replying to my message.

the NOD32 on demand scanner detected the virus/trojan and has told me the file infected is C:\WINDOWS\winlogon.exe and it cannot clean it.

my problem is that i am not too sure whether this file is required by "Windows XP Professional" or the file was spawned by the trojan to look like a windows file

Can I delete it?

any responce would be appreciative

-{ Quote: "hi
First of all thankyou jan for replying to my message.

the NOD32 on demand scanner detected the virus/trojan and has told me the file infected is C:\WINDOWS\winlogon.exe and it cannot clean it.

my problem is that i am not too sure whether this file is required by "Windows XP Professional" or the file was spawned by the trojan to look like a windows file

Can I delete it?

any responce would be appreciative" }-

Winlogon.exe is a system file. You don't want to delete it.

If you don't have an adware scanner, you could download Ad-aware free and do a scan and see what you come up with in the meantime.

Here's info on the legit winlogon.exe: http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/

Here's info on an apparent nonlegit version used by some malware/spyware:
http://www.kephyr.com/spywarescanner/library/windir.winlogon/index.phtml

Just to be on the safe side, I'd follow Ronjor's suggestion to download the free Adaware or Spybot Search and Destroy, run a scan and see what they come up with. If it's a running process and is indeed some form of adware/spyware/malware (as it seems it may be) it's likely you may have to scan in safe mode in order to delete it. (That would be true of NOD as well, by the way.) I'm suggesting using the antispyware apps for second opinions. Can't hurt. But you first need to make sure that it isn't the legit Windows file you're deleting.

Hi megsy,

the normal location of winlogon.exe is C:\WINDOWS\SYSTEM32\ - so if you have such file there - there should be no problem when you delete the file C:\WINDOWS\winlogon.exe with NOD32 on-demand scanner. The trojans are using such tricks pretty often.

Rgds.,

jan

thankyou all for you help