Virus removal

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I got a virus on my PC that added logonui.exe to C:\program files\??stem32
It has attributes SHR on it and the dos shell won't let me change it.
Windows Explorer doesn't see the directory or file, and it has blocked NAV
from accessing it. Is there any way to get rid of this w/o formatting the
drive?
 
Eric said:
I got a virus on my PC that added logonui.exe to C:\program
files\??stem32 It has attributes SHR on it and the dos shell won't
let me change it. Windows Explorer doesn't see the directory or file,
and it has blocked NAV from accessing it. Is there any way to get
rid of this w/o formatting the drive?
Click to expand...

Go to Symantec.com of any of the many sites that offer online virus scanning
and have your machine analyzed for viruses. That will most likely find/rid
you of it. If not, come back here.
Then, get yourself a good AV app like AVG or whatever; there are free to
paid versions available, but GET ONE! After that, go looking for
anti-spyware programs, and be certain you at least get your firewall turned
ON.

Pop`
 
Eric said:
I got a virus on my PC that added logonui.exe to C:\program files\??stem32
It has attributes SHR on it and the dos shell won't let me change it.
Windows Explorer doesn't see the directory or file, and it has blocked NAV
from accessing it. Is there any way to get rid of this w/o formatting the
drive?
Click to expand...

In five years of "house calls" for our computer club, I have never formatted
a drive. Download and install the free AVG Anti-Virus and free AVG
Anti-Spyware programs here: http://free.grisoft.com/doc/1

Then:
 
Chuck Davis said:
In five years of "house calls" for our computer club, I have never
formatted a drive. Download and install the free AVG Anti-Virus and free
AVG Anti-Spyware programs here: http://free.grisoft.com/doc/1

Then:
Click to expand...
Ooops!

1. Download hijackthis from http://www.tomcoyote.org/hjt/
2. Install hijackthis on your C: drive.
3. Open the program and click on Do a system scan and save a logfile.
4. Save the logfile.
5. Visit http://www.hijackthis.de/
6. Either copy and paste your logfile contents into the space provided, or
7. Click on the Browse button and locate your logfile.
8. Click on Analyze
9. Wait a few minutes and the results will be displayed.
10. Follow the instructions for the "Nasty" entries.
 
Pop` said:
Go to Symantec.com of any of the many sites that offer online virus scanning
and have your machine analyzed for viruses. That will most likely find/rid
you of it. If not, come back here.
Then, get yourself a good AV app like AVG or whatever; there are free to
paid versions available, but GET ONE! After that, go looking for
anti-spyware programs, and be certain you at least get your firewall turned
ON.

Pop`
Click to expand...

Adding to Pop` Advice, try to Disable this Runing logonui.exe by Pressing
ALT + CTRL + DEL onthe task manager, then look in the windows Explorer path
like this
C:\Program Files\logonui.exe or C:\Windows\System32\Logonui.exe for the
file and Delete by clicking SHIFT + DELete to delete without going to the Bin.
logonui.exe can be both a system processor or a Trojan called *irc.zcrew.b
Torjan*, used to hack the logon on infected machine to have control on it.
Open the Run command and type:
regedit.exe and click [OK]

[-] HKEY_CURRENT_USER\Default\Software\Microsoft\Windows\CurrentVersion\Run=
Delete it from there
[-] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Remove
it from there too.

Entry in the Right Pane named logonui.exe or any suspecious entry there for
runing
programs.
[-] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run =
Delete this if it exist in the right Pane/Window "logonui.exe"
"%System%\??lognoui.exe"
[-] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Runonce=
the same as run
[-] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run =
Delete in the right pane this "irc.zcrew" "%System%\logonui.exe or dll"

[-]HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
[-] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Delete this if it exist in the right Pane/Window "??logonui.exe"
"%System%\logonui.exe"

[-] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOce
Delete in the right pane this "irc.zcrew" "%System%\??logonui.exe"


But be awre that this an a Hack way to hack your Logon, so be sure you don't
delete the real Logonui.exe which it is a microsoft legitimate processor.
If you have a mate or it could be planted by a hacker to control your
computer and gain access to it.

Do a thorough scan for malwares and Viruses on your computer from online
vendors to clean your computer.
HTH.
Regards,
nass
 
I got a virus on my PC that added logonui.exe to C:\program files\??stem32
It has attributes SHR on it and the dos shell won't let me change it.
Windows Explorer doesn't see the directory or file, and it has blocked NAV
from accessing it. Is there any way to get rid of this w/o formatting the
drive?
Click to expand...

There are newsgroups for virus issues. You should post to one of those such
as microsoft.public.security.virus

Here are some links for malware removal.

Malware Removal
http://www.elephantboycomputers.com/page2.html#Removing_Malware

THE PARASITE FIGHT
Finding, Removing & Protecting Yourself From Scumware
http://aumha.org/a/parasite.htm

Richard Harper’s Guide to Cleaning Pests
http://rgharper.mvps.org/cleanit.htm
 
Back
Top