hi all , i found a tiny proggy with the name ( winlogon) in system dir

so i got 2 proggy called winlogon with 2 dir ( windows + system32 )

which 1 of them iz the trojan ?

WARNING! MALWARE!

what you have uploaded is a trojan infected.(trojan.spambot.DU)

thatz what i thought, thanx soooo much esther .

gee get a better av software like bitdefender....

Maybe someone should now either mark the attached file as infected, or remove it from the post so it doesn't get downloaded by accident or whatever?

i dont uze any antivirus software , i dont like them

You have a point there, Anti virus software usually is more harm than it is worth. It slows your PC down as it constantly has to check every file you open, and even causes compatibility problems and false positives and negatives.

It's usually easier to just practice safe hex

I think they have to read first, what the message and its content,I mean like this --> "which 1 of them iz the trojan ?" .By the way my Symantec (6/14/2007 database)detect as Trojan.Goldun.

When I download the attached file, i expect some trojan/virus since i read the message from esther and seven. But I wanna look .If My computer was infectect then thats my choice right??.

If your Av cannot delete some virus from ur Windows OS ,then why not delete from Linux.When i cannot delete some infected virus/trojan from windows OS , I fired up Linux (Live CD also works - Ubuntu 7.x), and mount my drive where that virus was, and then delete it, manual. But you have to know the location first hehehe.

~Windows Never Restricted deleting files from My Linux OS~
If you want you can delete c:\windows also, try it and you'll never forget

That sounds like mis-identification. I had no time to check myself, but submitting the file to virustotal shows that most vendors identify the file as Spamtool.



Actually, I think that having an anti-virus software is usually a good thing. Of course, not with the default settings. If you set up property exclusions, type of files scanned and the other settings for the on-access-scan, you won't see any heavy slowdown nor unwanted popups. The memory consumption is of course another matter.

Anyway, what I do is having a Linux host machine with strong security settings, that in turn uses vmware to run several different Xp images. So no AV needed for me

PKLITE32. Interesting (custom?) packer.

This particular sample isn't very dangerous, as it doesn't seem to be the file-infecting-virus type.

U R RIGHT BUT IF IT WAZ ABOUT PRIVACY THEN ITZ MORE DANGEROUS .

See that key marked "Caps Lock" beside 'A' on your keyboard? Press it.

i got no keyboard

Then I wonder how he manage it, copy/paste from others?.If it is online keyboard then,for me its still a keyboard.


Haya... greets to all the *2005 hehehe. It seem i found my lost family member.Ya, thank you for finding the right place to be.

Actually he might have managed "copy and paste" with the "multi-quote" button, second from the right on the bottom of each post. ( It's the one which looks like a page with a "+" mark on it. You check the box in the upper righthand corner of the post(s) you want to quote and then click the quote or multi-quote button.

Regards,