Windows Logon Client.exe – rootkit MSIL.Krypt

I will tell you in this post how to fix the issue manually and how to clean it automatically using a special powerful removal tool. You can download the removal program for free here:

We checked up the file Windows Logon Client.exe and found it hazardous.
The file Windows Logon Client.exe must be deleted from the system immediately.
Kill the process Windows Logon Client.exe and remove Windows Logon Client.exe from the Windows startup.

Malware Analysis of Windows Logon Client.exe
Executed: winlogon.exe
Removed: Windows Logon Client.exe. Full path: C:\Documents and Settings\Administrator\Application Data\whitepixel\Windows Logon Client.exe

—————————————————————————————————————————-
Detected by RegRun Warrior:

1. RegRun Reanimator:


Will you remove it?
0 0

Download Removal Tool for Free

People say

Visitor post

Item Name: Windows Logon Client
Author: Windows Microsoft LTD
Related File: C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\WHITEPIXEL\WINDOWS LOGON CLIENT.EXE
Type: Registry Run

2. Multi AntiVirus scan:

- none -

Removal Results: Success
Number of reboot: 1

—————————————————————————————————————————-
How to quickly detect malware presence?

Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Logon Client
Value: “C:\Documents and Settings\Administrator\Application Data\whitepixel\Windows Logon Client.exe”

Folders:
C:\Documents and Settings\Administrator\Application Data\whitepixel\
Files:
C:\Documents and Settings\Administrator\Application Data\whitepixel\Logon
C:\Documents and Settings\Administrator\Application Data\whitepixel\Windows Logon Client.exe
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.16440.0 2011.03.14 Gen:Heur.MSIL.Krypt.2
Kaspersky 7.0.0.125 2011.03.15 -
Microsoft 1.6603 2011.03.14 -
NOD32 5953 2011.03.14 -

—————————————————————————————————————————-

MD5 eef76e371eb8c90d302e7b97726e3302

SHA1 2327e2e7ac2fc74ceed5a2c2bbd92ab3f4b6a86c

SHA256 ae6b3366a9bcc48e1a99186b2da35a62b761b3ea195d1ef75494270dd0c8cb61

—————————————————————————————————————————-


Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Values added:1
———————————-
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Windows Logon Client: “C:\Documents and Settings\Administrator\Application Data\whitepixel\Windows Logon Client.exe”

———————————-
Files added:2
———————————-
C:\Documents and Settings\Administrator\Application Data\whitepixel\Logon
C:\Documents and Settings\Administrator\Application Data\whitepixel\Windows Logon Client.exe

———————————-
Files [attributes?] modified:2
———————————-
C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
C:\sand-box\winlogon.exe

———————————-
Folders added:1
———————————-
C:\Documents and Settings\Administrator\Application Data\whitepixel

———————————-
Total changes:6
———————————-

—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


I use UnHackMe for cleaning ads and viruses from my friend's computers, because it is extremely fast and effective.




STEP 1: Download UnHackMe for free

UnHackMe removes Adware/Spyware/Unwanted Programs/Browser Hijackers/Search Redirectors from your PC easily.

Free Download

UnHackMe is compatible with most antivirus software.
UnHackMe is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. VirusTotal (0/56).
System Requirements: Windows 2000-Windows 8.1/10 32 or 64-bit. UnHackMe uses minimum of computer resources.

STEP 2: Double click on UnHackMe_setup.exe

You will see a confirmation screen with verified publisher: Greatis Software. Verified Publisher Greatis Software

Once UnHackMe has installed the first Scan will start automatically

Review the detected threats

STEP 3: Carefully review the detected threats!

Click Remove button or False Positive.

Enjoy!

7 votes, average: 5.00 out of 57 votes, average: 5.00 out of 57 votes, average: 5.00 out of 57 votes, average: 5.00 out of 57 votes, average: 5.00 out of 5 (7 votes, average: 5.00 out of 5)
You need to be a registered member to rate this.
Loading...