Ok I battled a virus for 4 days while ago and bumbed in to this strange problem that there is couple windows procesesses that you cant really do anything and they are winlogon.exe and explorer.exe. Was really annoying when winlogon was allowing a harmful .dll file to re-open itself inside the process, and that you cannot really close any processes under the winlogon. So anyone know a program that can actually bypass the "protection" and so you could easily shutdown harmful processes under it ? Since it's xp it doesnt have the good old dos, just the command prompt wich opens the the both damn processes (winlogon and explorer) I've tried couple different programs, but they cant seem to be able to shut down any threads etc. So if anyone happen to know suitable program fro that purpose would really much appreciate it. Don't mind does it cost or not. -Oddin
One way you could finish battling the virus is to boot into a Live version of Linux. What you do is boot from the CD and it runs from your RAM without installing anything on your system. Then remove the problems that way as there wouldn't be any Windows processes running. I would recommend Knoppix for this. One of its' design features is just what I stated above. On the web page it states: utilities for data recovery and system repairs, even for other operating systems transparent write access for NTFS partitions (libntfs+fuse) Here's the link to the Knoppix page: http://www.knoppix.org/
Just be sure that you (or the one your advising) knows what their doing. Since it reads and writes NTFS, the wrong file could be removed. That would/could result in more trouble than was started with! As there is no warning such as Windows "file in use" message.
There is also a free program called autoruns from sysinternals. All you have to do is launch the program and go to the winlogon tab, uncheck the offending process and reboot. The unchecked process will no longer startup at boot. You can get it here http://www.sysinternals.com/utilities/autoruns.html
The problem with using a utility like that is it will NOT shut down necessary Windows files such as winlogon and explorer (the two he/she is having problems with). Without those two, Windows will not start. According to the web page, it's only good for third-party items. I stand by my method of removing/replacing Windows system files.
