winlogin.exe, yuetyutr.dll - does anybody know how to get rid of this trojan/worm

I have tried serveral programs and many things that are supposed to remove them but nothing does. Microsoft Spyware said it removed it but no it is still there and a-squared as well. I have tried to manuelly delete the file, but nothing works it keeps coming back after I delete it.

 

thanks for the help. Stupid me, but I didn't realize before I posted this that the a-sqaured program worked. I needed to reboot. Finally removed. I bet I had that worm on my computer for 2 years.

 

it has the potential to takescontrol of your computer, basically:

The worm contains its own IRC client, allowing it to connect to specified IRC servers and join a channel to listen for commands from the worm's creator.

One such command is to exploit the DCOM RPC vulnerability: The worm generates random IP addresses. Once the IP address is generated, it sends specially formed data, which exploits the DCOM RPC vulnerability, to that particular IP address.


Creates a hidden Cmd.exe remote shell that will listen on TCP port 4444, allowing an attacker to issue remote commands on an infected system.


Creates a thread running as a TFTP server, listening on UDP port 69. When the worm receives a request from a computer to which it can connect using the DCOM RPC exploit, it will send Nstask32.exe or Winlogin.exe to that particular computer and tell it

 

Microsoft spyware caught mine. But I kinda already knew I had it and was trying to use microsoft to remove it.

If I were you, instead of me telling you where to look in registry, download a-sqaured spyware, either at tucows or a-square website. Then run it and see what it finds. After you remove all the spyware you need to reboot and you should be good to go.

You might need to bring up msconfig once you reboot so that you can remove the reference in your startup file.