Virus hooked into winlogon.exe

Does anyone know how to unlock a .dll that has its hooks in a core XP file? Once I unhook the .dll the entire system shuts down. I don’t fancy doing a format, so I hope someone has a funky utility to help me

I have tried with no luck:
removeonboot.exe
Unlocker.exe

Trying from a dos prompt in a safe boot wont work, however it does delete but on return it is back.

Virus generator appears to be called Vmoolty.dll

 

When deleting the file through DOS, first switch of System Restore in Windows and then do the deletion....worth a try

 

Just tried that with no luck
boy i smell a format there goes my weekend.

 

Further >
that last reboot (with sysrestore off) was interesting; the virus took control of avira’s engine, shutting it down and infecting it. what a mess.

 

Have you tried Avast AV? While Avira is great at detecting Avast seems to do a better job eliminating viruses.

 

I would certainly say try Avast! Home Edition and a safemode scan and whatnot.

 

If you can't do it yourself, I strongly recommend Geeks to Go. http://www.geekstogo.com/forum/forums.html I once had a bad case of that winfixer adware that caused my CPU to soar to 100% when nothing was going on. I believe that it cause winlogon to eat up my CPU. Anyway, these guys helped me get rid of it.

 

Download shellexview.exe as well. It'll show you where the hook is in the registry and you'll be able to delete it that way, I had a similar virus that hooked my explorer.exe so it kept restarting every 4-5 seconds or so...

 

Cheers for everyone’s help!
Avast’s engine was also quickly infected.

I never did get to try shellx but I will grab a copy!

What did work was unlocker.exe, although I had to have quick fingers before the system shut down. Unhooked and hit delete on the .dll generator in a ¼ second. It went.

This is the same virus geeks-to-go said a complete format was the only way to remove