Trojan Horse - logs.exe

  • Thread starter Mari-Anne Ennor
  • Start date
M

Mari-Anne Ennor

I am running WindowsXP (home) and my Norton antivirus
program informed me that I have a Trojan Horse and that
Norton could not fix it. Instead, Norton quarantined the
affected file: logs.exe

Also, during the next Norton WinDoctor test, I received
the following message:

"Missing or Invalid File/Key.
They key, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
refers to a Registry value "logs" that points
to "C:\WINNT\Microsoft.NET\logs.exe," an invalid startup
command."

Now, my Windows XP is running very sluggishly - especially
opening programs.

I've checked the Registry and there is no value "logs" -
also, I've checked the C:\WINNT\Microsoft directory and
there is no logs.exe file.

Is there any way of downloading another logs.exe file to
replace the infected one, or should it not be there in the
first place? Perhaps there is something else I need to do?

Mari-Anne Ennor
 
K

Kevin

My copy of XP Home does not have a file called "logs.exe" so I would be
suspicious at the very least! A Google search for the filename only
returned two pages of hits. The file does seem to have something to do with
the Internet, but exactly what I could not see. I don't run Norton, but if
it has placed this file in quarantine I would seriously consider deleting it
somehow. Run Spybot Search and Destroy and Ad-aware to make sure you don't
have other problems, too. Good luck!
 
D

David H. Lipman

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus


1) Download the following two items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download sysclean.com and place it in that directory.
Dowload the signature files (pattern files) by obtaing the ZIP file.

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
3) Reboot your PC into Safe Mode
4) Using the Trend Sysclean utility, perform a Full Scan of your platform and
clean/delete any infectors found
5) Restart your PC and perform a "final" Full Scan of your platform
6) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
7) Reboot your PC.
8) Create a new Restore point
9) Please report back your results

Dave






| I am running WindowsXP (home) and my Norton antivirus
| program informed me that I have a Trojan Horse and that
| Norton could not fix it. Instead, Norton quarantined the
| affected file: logs.exe
|
| Also, during the next Norton WinDoctor test, I received
| the following message:
|
| "Missing or Invalid File/Key.
| They key, "SOFTWARE\Microsoft\Windows\CurrentVersion\Run"
| refers to a Registry value "logs" that points
| to "C:\WINNT\Microsoft.NET\logs.exe," an invalid startup
| command."
|
| Now, my Windows XP is running very sluggishly - especially
| opening programs.
|
| I've checked the Registry and there is no value "logs" -
| also, I've checked the C:\WINNT\Microsoft directory and
| there is no logs.exe file.
|
| Is there any way of downloading another logs.exe file to
| replace the infected one, or should it not be there in the
| first place? Perhaps there is something else I need to do?
|
| Mari-Anne Ennor
|
 
M

Mari-Anne Ennor

Hi David,

First - a huge Thank You for your wonderful advise.

Second - an equally huge apology for having posted my
inquiry in wrong support group.

Third - I am happy to report that I am now minus a
TROJ_AGENT.L infection as well as a JAVA_FEMAD.B and a
ADW_RULEDOR.C virus.

I followed your steps to the letter, and the Sysclean
program worked like a charm. My computer's performance
seems to have improved considerably, as well.

Hopefully, this will come in handy and be of help to other
virus sufferers.

Again, thank you.

Mari-Anne Ennor
 
D

David H. Lipman

Your welcome.

I am very glad that Trend Sysclean eradicated the infectors and resolved your issues.

Dave




| Hi David,
|
| First - a huge Thank You for your wonderful advise.
|
| Second - an equally huge apology for having posted my
| inquiry in wrong support group.
|
| Third - I am happy to report that I am now minus a
| TROJ_AGENT.L infection as well as a JAVA_FEMAD.B and a
| ADW_RULEDOR.C virus.
|
| I followed your steps to the letter, and the Sysclean
| program worked like a charm. My computer's performance
| seems to have improved considerably, as well.
|
| Hopefully, this will come in handy and be of help to other
| virus sufferers.
|
| Again, thank you.
|
| Mari-Anne Ennor
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Trojan Horse 4
Trojan horse pc32.exe - should I delete?? 3
Virus? Trojan Horse Dropper.Agent.JOC 7
For MVP: Trojan-horse associated with C:\WINDOWS\system32\wdmaud.s 1
Trojan Horse keeps coming back 4
Can't get rid of Trojan Horse 5
Trojan Horse or valid Windows file? 4
Missing file cmmgr32.exe 1

Top