HELP how do i get rid of the Win32/TrojanClicker.XMedia.G. trojan?

Discussion in 'NOD32 version 1 Forum' started by megsy, Jun 3, 2004.

Thread Status:
Not open for further replies.
  1. megsy

    megsy Guest

    how do i get rid of the Win32/TrojanClicker.XMedia.G. trojan?

    any support would be appreciative thankyou
     
  2. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi megsy,

    have you tried to delete it with NOD32 on-demand scanner (Start->Programs->Eset->NOD32) ?

    Check the name and location of the infected file - in most cases the important files are not infected by a trojan - but it's possible - so pls. be careful.

    Rgds., :)

    jan
     
  3. Megsy

    Megsy Guest

    hi
    First of all thankyou jan for replying to my message.

    the NOD32 on demand scanner detected the virus/trojan and has told me the file infected is C:\WINDOWS\winlogon.exe and it cannot clean it.

    my problem is that i am not too sure whether this file is required by "Windows XP Professional" or the file was spawned by the trojan to look like a windows file

    Can I delete it?

    any responce would be appreciative
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
    Winlogon.exe is a system file. You don't want to delete it.

    If you don't have an adware scanner, you could download Ad-aware free and do a scan and see what you come up with in the meantime.
     
    Last edited: Jun 5, 2004
  5. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Here's info on the legit winlogon.exe: http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/

    Here's info on an apparent nonlegit version used by some malware/spyware:
    http://www.kephyr.com/spywarescanner/library/windir.winlogon/index.phtml

    Just to be on the safe side, I'd follow Ronjor's suggestion to download the free Adaware or Spybot Search and Destroy, run a scan and see what they come up with. If it's a running process and is indeed some form of adware/spyware/malware (as it seems it may be) it's likely you may have to scan in safe mode in order to delete it. (That would be true of NOD as well, by the way.) I'm suggesting using the antispyware apps for second opinions. Can't hurt. But you first need to make sure that it isn't the legit Windows file you're deleting.
     
    Last edited: Jun 5, 2004
  6. jan

    jan Former Eset Moderator

    Joined:
    Oct 25, 2002
    Posts:
    804
    Hi megsy,

    the normal location of winlogon.exe is C:\WINDOWS\SYSTEM32\ - so if you have such file there - there should be no problem when you delete the file C:\WINDOWS\winlogon.exe with NOD32 on-demand scanner. The trojans are using such tricks pretty often.

    Rgds.,

    jan
     
  7. megsy

    megsy Guest

    thankyou all for you help
     
Thread Status:
Not open for further replies.