Winlogon.exe – trojan Kazy

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

The file Winlogon.exe is malware related.
You must delete the file Winlogon.exe immediately!
Delete the file Winlogon.exe without delay!
Kill the process Winlogon.exe and remove Winlogon.exe from Windows startup.

Malware Analysis of Winlogon.exe
Executed: winlogon.exe
Removed: Winlogon.exe. Full path: C:\Documents and Settings\Administrator\Application Data\Miicrosoft\Winlogon.exe

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: Microsoft
Author: MOXIJVYUY
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MIICROSOFT\WINLOGON.EXE
Type: Registry Run


Will you remove it?
0 0

Download Removal Tool for Free

People say

Visitor post

Remove dangerous files caused a BSOD.

After first reboot detected by UnHackMe:

Item Name: Microsoft
Author: MOXIJVYUY
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MIICROSOFT\WINLOGON.EXE
Type: Registry Run

Removal Results: Success
Number of reboot: 2

—————————————————————————————————————————-
How to quickly detect malware presence?

Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft
Value: “C:\Documents and Settings\Administrator\Application Data\Miicrosoft\Winlogon.exe”

Files:
C:\Documents and Settings\Administrator\Application Data\data.dat
C:\Documents and Settings\Administrator\Application Data\Miicrosoft\Winlogon.exe
C:\Documents and Settings\Administrator\Application Data\wicolo.exe
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.16440.0 2011.03.14 Gen:Variant.Kazy.14912
Kaspersky 7.0.0.125 2011.03.15 -
Microsoft 1.6603 2011.03.15 -
NOD32 5953 2011.03.14 Win32/VB.NXB

—————————————————————————————————————————-

MD5 3f330cac9e3c8de087481afeb987dc16

SHA1 cd27b27a1b08c1d927abb9a3491582505264691b

SHA256 42ec4c60cbe1c514cceb4f1a368461a34d2b204cf1f2008cc7a6904a393359f5

—————————————————————————————————————————-


Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:7
———————————-
HKCU\Software\Microsoft\Visual Basic
HKCU\Software\Microsoft\Visual Basic\6.0
HKCU\Software\VB and VBA Program Settings
HKCU\Software\VB and VBA Program Settings\INSTALL
HKCU\Software\VB and VBA Program Settings\INSTALL\DATE
HKCU\Software\VB and VBA Program Settings\SrvID
HKCU\Software\VB and VBA Program Settings\SrvID\ID

———————————-
Values added:6
———————————-
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions: 0×00000000
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Application Data\Miicrosoft\Winlogon.exe: “C:\Documents and Settings\Administrator\Application Data\Miicrosoft\Winlogon.exe:*:Enabled:Windows Messanger”
HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Application Data\wicolo.exe: “C:\Documents and Settings\Administrator\Application Data\wicolo.exe:*:Enabled:Windows Messanger”
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft: “C:\Documents and Settings\Administrator\Application Data\Miicrosoft\Winlogon.exe”
HKCU\Software\VB and VBA Program Settings\INSTALL\DATE\XNLG10L8OU: “March 15, 2011″
HKCU\Software\VB and VBA Program Settings\SrvID\ID\XNLG10L8OU: “080MA”

———————————-
Files added:3
———————————-
C:\Documents and Settings\Administrator\Application Data\data.dat
C:\Documents and Settings\Administrator\Application Data\Miicrosoft\Winlogon.exe
C:\Documents and Settings\Administrator\Application Data\wicolo.exe

———————————-
Folders added:1
———————————-
C:\Documents and Settings\Administrator\Application Data\Miicrosoft

———————————-
Total changes:17
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


I use UnHackMe for cleaning ads and viruses from my friend's computers, because it is extremely fast and effective.




STEP 1: Download UnHackMe for free

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

STEP 2: Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed the first Scan will start automatically

Review the detected threats

STEP 3: Carefully review the detected threats!

Click Remove button or False Positive.

Enjoy!

1 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 51 vote, average: 5.00 out of 5 (1 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...