winlogo.exe - Dangerous
%sysdir%\grouppolicy\user\scripts\logon\winlogo.exe
Manual removal instructions:
Antivirus Report of %sysdir%\grouppolicy\user\scripts\logon\winlogo.exe:
%sysdir%\grouppolicy\user\scripts\logon\winlogo.exe
We suggest you to remove %SysDir%\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE from your computer as soon as possible.
%SysDir%\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE is Trojan/Backdoor.
Kill the process %SysDir%\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE and remove %SysDir%\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE from Windows startup.
Malware:
bd0a1017088beb52f0020d0dab19893c.exe
Removed:
C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE
Detected by UnHackMe:
Item Name: 0\0
Author: Unknown
Related File: C:\WINDOWS\System32\GroupPolicy\User\autorun.bat
Type: Current User – Scripts at Logon
Item Name: winlogo.exe
Author: Unknown
Related File: C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE – deleted
Type: Running Processes
After first reboot detected by UnHackMe:
Item Name: 0\0
Author: Unknown
Related File: C:\WINDOWS\System32\GroupPolicy\User\autorun.bat
Type: Current User – Scripts at Logon
Removal Results: Success
Number of reboot: 2
Classification:Antivirus Version Last Update Result
F-Secure 9.0.15370.0 2010.04.12 Trojan-Downloader:W32/Agent.DIUW
Kaspersky 7.0.0.125 2010.04.13 Trojan-Downloader.Win32.Delf.zyx
McAfee 5.400.0.1158 2010.04.13 Generic MultiDropper.l
Microsoft 1.5605 2010.04.13 -
NOD32 5023 2010.04.12 Win32/TrojanDownloader.Delf.PLN
Additional information
File size: 238920 bytes
MD5 : 0120115ea6ec86b555e906d0a0c3d8a7
SHA1 : 29718ab843fbf61abd20bc36a5a8c5b0d326fa14
SHA256: 349c4ca7d04a9055eb11687d116bb8efbedb784cf24535621898d0f6e099a45b
http://greatis.com/blog/how-to-remove-ma...
| %sysdir%\grouppolicy\user\scripts\logon\winlogo.exe | Malware |
| %sysdir%\grouppolicy\user\scripts\logon\winlogo.exe | Dangerous |
| %sysdir%\grouppolicy\user\scripts\logon\winlogo.exe | High Risk |
%SysDir%\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE is Trojan/Backdoor.
Kill the process %SysDir%\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE and remove %SysDir%\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE from Windows startup.
Malware:
bd0a1017088beb52f0020d0dab19893c.exe
Removed:
C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE
Detected by UnHackMe:
Item Name: 0\0
Author: Unknown
Related File: C:\WINDOWS\System32\GroupPolicy\User\autorun.bat
Type: Current User – Scripts at Logon
Item Name: winlogo.exe
Author: Unknown
Related File: C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\SCRIPTS\LOGON\WINLOGO.EXE – deleted
Type: Running Processes
After first reboot detected by UnHackMe:
Item Name: 0\0
Author: Unknown
Related File: C:\WINDOWS\System32\GroupPolicy\User\autorun.bat
Type: Current User – Scripts at Logon
Removal Results: Success
Number of reboot: 2
Classification:Antivirus Version Last Update Result
F-Secure 9.0.15370.0 2010.04.12 Trojan-Downloader:W32/Agent.DIUW
Kaspersky 7.0.0.125 2010.04.13 Trojan-Downloader.Win32.Delf.zyx
McAfee 5.400.0.1158 2010.04.13 Generic MultiDropper.l
Microsoft 1.5605 2010.04.13 -
NOD32 5023 2010.04.12 Win32/TrojanDownloader.Delf.PLN
Additional information
File size: 238920 bytes
MD5 : 0120115ea6ec86b555e906d0a0c3d8a7
SHA1 : 29718ab843fbf61abd20bc36a5a8c5b0d326fa14
SHA256: 349c4ca7d04a9055eb11687d116bb8efbedb784cf24535621898d0f6e099a45b
http://greatis.com/blog/how-to-remove-ma...
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.