etc etc - hundreds of them ever time i go online, i have tried various scanners and removers but nothing seems to get rid of it - can anyone help please!!!
Get a firewall such as Zone Alarm and block Winlogon.exe from accessing the net.
This will fix the problem for now until the virus definitions detect and remove it.
That is a good interim measure (whilst trying to resolve the problem), but it is treating the symptom rather than treating the disease.
Waiting for avast to detect it may take some time as this is a spambot and not a true virus. A forum search for winlogon.exe should return some hits I believe this has cropped up before. I think it was some form of injection trojan that I think Ewido was able to detect, but can’t remember exactly.
Hi there i have the same problem, have searched the forums on the nett and done everything i have read about mail boots. I have tested a Normann removal tool. Dident help… I have tested evido, dident help…
Deleted something like 40 or 50 different files that was made at the time of the problem started. I have used Hijackthis… no help…
I have found no solution to the problem.
If someone can help us whit this problem i would be very pleased.
Mvh
viggi
What did you do with it?
HJT isn't like an anti-virus/spyware tool where it removes harmeful entries it only reports what is running. You have to analyse the log file and decide what requires fixing, etc.
Did you visit the HJT Tutorial and on-line analysis sites I gave links to?
Post the contents of your latest hijackthis log file here.
Hi i might have found a solution, in evido->analysis->processes i found the process calld ashMaiSv.exe this is an Avast file, when i terminated this the problem was solved… i think the mail boot hijacks this file ore something. A lot of the files in the avast folder was missing before i stoped the process, after i stopped it they returned. i started it again to test and the mail boot got active again. When its stopprd the winlogon.exe has no activity in taskmgm…
Maybe this is a hint?? Maybe im wrong?? Test it and post a reply please!
Mvh
Viggi
ashMaiSv.exe is the avast email scanner, having terminated/disabled it, no checks will made to the email ports.
The problem hasn’t been solved all you have done is killed the process reporting the symptoms, e.g. multiple identical emails, likely to be a trojan spambot at work.
I’m at a loss as to what to suggest, I think you may have crippled avast using other tools. I suggest you download the latest version of avast and save it on your HDD, uninstall avast, reboot, install the latest version and reboot.
Hi still no help found, i know ashmaisv.exe is a avast file. But what i discovered was that when stopping this process, winlogon.exe stoped beeing so active. and i could run my programs as normal.
That was all…
I tried different types of virus scanners but havent been able to find this mail boot.
So i still need help clearing this from my system…
Mvh
Viggi
Read this again, "ashMaiSv.exe is the avast email scanner, having terminated/disabled it, no checks will made to the email ports. "
Winlogon hasn’t stopped being active just it has stopped being detected by ashMaiSv.exe, which you have terminated. The fact that it hasn’t been detected doesn’t mean it isn’t active. If you haven’t done anything to stop its activity, other than stop the notifications then it logically should still be running.
What is your firewall?
Have you tried this mentione earlier in the thread?
Get a firewall such as Zone Alarm and block Winlogon.exe from accessing the net.