winlogonn.exe - Dangerous

winlogonn.exe

Manual removal instructions:

Antivirus Report of winlogonn.exe:
winlogonn.exe Malware
winlogonn.exeDangerous
winlogonn.exeHigh Risk
winlogonn.exe
W32.Randex.FC is a network-aware worm that will copy itself as the following files:
\Admin$\system32\GT.exe
\c$\winnt\system32\GT.exe

The worm receives instructions from an IRC channel on a predetermined IRC server. One such command will trigger the aforementioned spreading.
Steals the CD key of some popular games.

It does the following:
Copies itself as %System%\Winlogonn.exe.

Calculates a random IP address for a computer that it will try to infect.
Attempts to authenticate itself to the randomly generated IP addresses.
Copies itself to computers that have weak administrator passwords, at the following locations:
\\\Admin$\system32\GT.exe
\\\c$\winnt\system32\GT.exe

Remotely schedules a task to run the worm on a newly infected computer.

For manual removal, please delete value: "Windows mangement"="winlogonn.exe"
from the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Removal:
Use RegRun Startup Opimizer.

Remove winlogonn.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.