:( help: Trojan.Bookmarker.Gen

Discussion in 'OT Technology' started by godisgowri, Apr 24, 2004.

  1. godisgowri

    godisgowri Guest

    Hey guys, when i do a norton antivirus check on my computer, the virus:
    Trojan.Bookmarker.Gen (with the name of winlogon.exe in my program startup folder)
    is caught..but it says its in use so it cant clean/delete it, when i go to my Task Manager, i see two winlogon.exe files..and when i try to delete one of them (the virus), it says it cant end cuz its critical or sumthing.
    I tried deleting it right after i start computer, so it wont b in use..but it is
    Can someone help

    defintion found on symatic: Trojan.Bookmarker.Gen is a generic detection for a group of Trojan horses that modifies the Internet Explorer home page and search page. Then, it adds bookmarks to the Favorites folder.

    thanks alot guys :)
  2. Apothis

    Apothis New Member

    Sep 14, 2003
    Likes Received:
    San Antonio, TX
    Try using the system restore feature (I assume you're on XP). Failing that, try booting from the norton disk and see if you can fix it from there. Failing that, try booting with the windows disk and repair the installation (you'll need to know your way around a command prompt). When it asks you if you're reinstalling or repairing, choose repair.

    Btw, didn't norton give you an option to fix it on next reboot or something? Usually, if a program can't fix something at the time due to things being in use, it'll ask if you want to schedule it for next time you restart. Anyway, if norton can't fix it, you'll have to do it manually. The legit winlogon.exe is in C:\WINDOWS\system32. The fake one, however, can't be in there (unless the legit one has been overwritten).

    Do a search for winlogon and see what comes up. That way, if you have to delete it, you'll know where it is. If it overwrote the real copy though, your options are either system restore or reinstall. When you tried to kill winlogon.exe from task manager, I assume you tried both instances? The one running on my comp is using 4.416k memory. What's yours, and is there a big difference between the two?

    Also, STOP USING IE. :slap:
  3. godisgowri

    godisgowri Guest

    thanks fo replying...:)
    Yes, im on XP. Norton did not give me any options. It jus said

    Scan type: Realtime Protection Scan
    Event: Virus Found!
    Virus name: Trojan.Bookmarker.Gen
    File: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogon.exe
    Location: C:\Documents and Settings\All Users\Start Menu\Programs\Startup
    Computer: RUFF
    User: LuGz
    Action taken: Clean failed : Quarantine failed : Access denied

    Yea...so the real winlogon.exe is in system32..and i also got one in:
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\

    i cant even delete it manually. In the task manager there are 2 winlogons :
    winlogon.exe LuGz 1,436K
    winlogon.exe System 2,224K

    So im guessing the LuGz one is the virus. Both when i try to end process give me a : This is a critical system process. Task Manager cannot end this process.

    lol..i should stop using IE
  4. hawkeye

    hawkeye Guest

  5. RenaultFreak

    RenaultFreak OMG

    Apr 1, 2002
    Likes Received:
    CCS, VE
    ppl in this forum knows better how to help you :)
  6. Wolf68k

    Wolf68k Active Member OT Supporter

    Dec 18, 2003
    Likes Received:
    Houston, Texas
    If you know exactly which one it is, boot into safemode and try deleting it that way.
    If that doesn't work, there should be another safemode option that will boot it into commandline mode and if you can't delete it then....you're screwed, short of a reformat

Share This Page