An Antivirus site I can trust - Winchook.dll and Winsys2.exe

Post Reply New Topic

I'm getting an error message that says winsys2.exe can't find winchook.dll. I'm also getting a note from Avast saying I have a trojan.

Now, back in the day, I would just go to a trusted site, but apparently, they've all gone out of business. Some sites say 'it's not a problem', some sites say 'it's a potential trojan with the same name as an MS file' . One site said 'are you sure you want to leave this site?' That message always gets a rousing '@#$% yeah'.

So the real problem is what help can I trust? Do you guys know of any web sites that can explain what it is (I'm figuring it probably is a trojan), and most importantly, how to get rid of it?

Thanks.

(Ps - I wouldn't be a bit surprised if this has something to do with my 'static for sound' problem)

One thing you can do is see if these files (winsys2.exe and winchook.dll) are required by Windows. Do this by searching for the files on another computer running the same version of Windows you have. If not found on the other computer, try renaming winsys2.exe to winsys2.bak. Reboot and run the Avast. If your system crashes, try restoring the file back to its original name.

The latest AVAST update started giving a LOT of false positives.
On mine it detected Spybot S&D and a visual studio addon as a trojan.

hmm...yeah, Avast did just update...somebody get the bacon, I've got egg on my face...

I will skip that update, it has been popping up since yesterday, so far Avast
has been trouble free for me, which windows version are you using pakled.

Windows XP , SP (whatever the last one was...AMD dual-core, 4g mem, Asus System board

I have XP at work, and don't find either file on the machine there.
I've been going through the various web sites, forums, etc., and it's evenly divided between
'this is harmless'
'this is Nvidia's fault (I have an nvidia card)
This is a dangerous Trojan that does high-cost calling when needed.(but not by me)
microsoft (why am I not surprised?) doesn't seem to have anything at all on either file.
From one of the reports, it's automatically loaded on startup. and part of my installed programs.
Actually, now that I think of it, I'm going to make sure by calling my ISP. I'll check some more.
I wish Computer Cops was still around, at least I could trust 'em.

Ok, Hijack This! didn't have any help per se, but at least it gave me some semi-trustworthy sites.

Evidently, both files are semi-legit; they're used in both real programs and malware..
They've been deleted, time for a reboot. If you don't see me for a couple of days, it's more essential than I thought...