Winlogon Notifier Trojan - HELP!

Last night I thought I was downloading a legitimate file. I scanned it with my antivirus before opening - reported clean. It was NOT! So I got the virus popup, and aborted the connection. Then Spybot went nuts with a “Winlogon Notifier” popup, incessantly! I pulled my DSL cable from the modem, and tried to find the infected file.

I think this is at least one of them: awtttqOf.dll (the last entry in the folder after all the ones beginning with “w,x,y & z”) which was in my System32 folder. But access is denied. I ran HiJack this and checked a few things to fix, but they keep coming back on the next scan. I booted into Safe Mode, and still can’t fix with HiJack.

I’m at work now, but when I get home I need to take care of this. If I have to reconnect to the Internet to fix it I will. I have two 80gb drives, divided into partitions. Two of the partitions have XP Pro SP2 on them, so I can always boot into a clean drive to post a log online.

Any suggestions on how to proceed? Any help will be appreciated.

Prevx knows this threat as “Rootkit Haxdoor”. I would suggest downloading the trial version of Prevx and cleaning the infection. Last I checked the trial version still offers full cleaning capabilities for the first 30 days.

I also recommend A-Squared if Prevx does not clean the infection.

Good Luck

Thanks! When I get off work I will try that later tonight or early in the morning. Avast support is guessing it as a Virtumonde trojan. But since Avast did NOT recognize it on the scan before opening the file, I’ll trust Comodo once again to help me! (R)