Winlogon Notifier - HELP!

Last night I thought I was downloading a legitimate file. I scanned it with Avast before opening - reported clean. It was NOT! So I got the virus popup, and aborted the connection. Then Spybot went nuts with a “Winlogon Notifier” popup, incessantly! I pulled my DSL cable from the modem, and tried to find the infected file.

I think this is at least one of them: awtttqOf.dll which was in my System32 folder. But access is denied. I ran HiJack this and checked a few things to fix, but they keep coming back on the next scan. I booted into Safe Mode, and still can’t fix with HiJack.

I’m at work now, but when I get home I need to take care of this. If I have to reconnect to the Internet to fix it I will. I have two 80gb drives, divided into partitions. Two of the partitions have XP Pro SP2 on them, so I can always boot into a clean drive to post a log online.

Any suggestions on how to proceed? Any help will be appreciated.

it looks like a virtumonde infection… can you tell us what was the source of it (url or some p2p)? anyway, run a HiJackThis and post the log here…

I am at work and won’t be home until after 5:30. But I will check and see if I can pull the site out of my History. And it would be a regular site (not P2P), since I don’t use those services.

One thing of note, I am using the beta of Firefox 3 and the add-on WOT does not fully work with the new beta version. Some sites have the red “dangerous” dot, some don’t.

But at any rate I will try to find the URL and post it tonight or in the morning.

ook, post the url in non-clickable state :wink:

That is a definite OK! Sure don’t want to spread it further…