Winlogon Notifier Trojan - HELP!

[Guest]

[kc7brown]

Last night I thought I was downloading a legitimate file.  I scanned it with my antivirus before opening - reported clean.  It was NOT!  So I got the virus popup, and aborted the connection.  Then Spybot went nuts with a "Winlogon Notifier" popup, incessantly!  I pulled my DSL cable from the modem, and tried to find the infected file.

I think this is at least one of them:  awtttqOf.dll  (the last entry in the folder after all the ones beginning with "w,x,y & z")   which was in my System32 folder.   But access is denied.  I ran HiJack this and checked a few things to fix, but they keep coming back on the next scan.  I booted into Safe Mode, and still can't fix with HiJack.

I'm at work now, but when I get home I need to take care of this.  If I have to reconnect to the Internet to fix it I will.  I have two 80gb drives, divided into partitions.  Two of the partitions have XP Pro SP2 on them, so I can always boot into a clean drive to post a log online.

Any suggestions on how to proceed?   Any help will be appreciated.

[jminnie]

Prevx knows this threat as "Rootkit Haxdoor". I would suggest downloading the trial version of Prevx and cleaning the infection. Last I checked the trial version still offers full cleaning capabilities for the first 30 days.

I also recommend A-Squared if Prevx does not clean the infection.

http://info.prevx.com/downloadprevx2.asp
http://www.emsisoft.com/en/software/free/

Good Luck

[kc7brown]

Thanks!  When I get off work I will try that later tonight or early in the morning.  Avast support is guessing it as a Virtumonde trojan.  But since Avast did NOT recognize it on the scan before opening the file, I'll trust Comodo once again to help me!

[Tags:]