Program attached to winlogon, how to remove it.

G

Guest

I have a problem with an adware called adpopup.

Norton Antivirus detected it in a routine scan but was unable to remove it.
it's a dll named cabcom.dll, installed in the Windows\help\sbsi directory.
If I try to delete it manually, it tells me the file is in use, so I tried
to identify which process is using the file, and it's winlogon.
So I went to the registry editor and tried to find all entries related to
that .dll, I found a couple of registered dlls and an entry in Winlogon, I
deleted them all, but when I logged on again they all came back.
It seems there is some process reinstalling the file, but I can't quite
identify what it is, how can I remove it?

thanks in advance
 
T

T. Waters

Try removing the file in Safe Mode.
Tap repeatedly on F8 button as the computer boots.
 
R

Rock

Ricardo said:
I have a problem with an adware called adpopup.

Norton Antivirus detected it in a routine scan but was unable to remove it.
it's a dll named cabcom.dll, installed in the Windows\help\sbsi directory.
If I try to delete it manually, it tells me the file is in use, so I tried
to identify which process is using the file, and it's winlogon.
So I went to the registry editor and tried to find all entries related to
that .dll, I found a couple of registered dlls and an entry in Winlogon, I
deleted them all, but when I logged on again they all came back.
It seems there is some process reinstalling the file, but I can't quite
identify what it is, how can I remove it?

thanks in advance
Click to expand...

All anti-malware scans should be done in safe mode. Also you need to
run a variety of programs to keep the system clean. Just NAV alone or
any single anti-virus will catch all the nasties.

Cwshredder
http://www.intermute.com/spysubtract/cwshredder_download.html

Ad-aware SE
http://www.lavasoftusa.com

Spybot Search and Destroy
http://www.safer-networking.org

Bazooka Adware and Spyware Scanner
http://download.com.com/3000-2144-10247783.html

Pest Patrol Free Pest Scanner
http://store.ca.com/dr/v2/ec_main.e...tchingYou&client=ComputerAssociates&sid=35715

If you’re still having problems after running these then run HijackThis
and post the log to one of the specialty forums, _NOT_ this one.

HijackThis
http://www.majorgeeks.com/download.php?det=3155

Forums to Interpret HijackThis Logs:

http://www.spywareinfo.com/forums/
http://forum.aumha.org/viewforum.php?f=30
http://forums.tomcoyote.org/
http://www.wilderssecurity.com/

After your system is clean use these programs to help keep it clean:

Spywareblaster
www.javacoolsoftware.com/sbdownload.html

Spywareguard
http://www.javacoolsoftware.com/sgdownload.html

IE-SPYAD
http://www.staff.uiuc.edu/~ehowes/resource.htm
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

How to kill hidden winlogon processes 19
Running a GUI application at Winlogon Notification Events 0
Missing "winlogon" in event viewer? Need to see chkdsk log! 2
Loading/running program during WinXP boot 1
winlogon keyhook 1
Winlogon is not logging events in event viewer 10
Edit Registry from DOS 10
SVCHOST - how? 24

Top