winlogonn.exe - Dangerous
winlogonn.exe
Manual removal instructions:
Antivirus Report of winlogonn.exe:
winlogonn.exe
W32.Randex.FC is a network-aware worm that will copy itself as the following files:
\Admin$\system32\GT.exe
\c$\winnt\system32\GT.exe
The worm receives instructions from an IRC channel on a predetermined IRC server. One such command will trigger the aforementioned spreading.
Steals the CD key of some popular games.
It does the following:
Copies itself as %System%\Winlogonn.exe.
Calculates a random IP address for a computer that it will try to infect.
Attempts to authenticate itself to the randomly generated IP addresses.
Copies itself to computers that have weak administrator passwords, at the following locations:
\\\Admin$\system32\GT.exe
\\\c$\winnt\system32\GT.exe
Remotely schedules a task to run the worm on a newly infected computer.
For manual removal, please delete value: "Windows mangement"="winlogonn.exe"
from the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Removal:
Use RegRun Startup Opimizer.
| winlogonn.exe | Malware |
| winlogonn.exe | Dangerous |
| winlogonn.exe | High Risk |
\Admin$\system32\GT.exe
\c$\winnt\system32\GT.exe
The worm receives instructions from an IRC channel on a predetermined IRC server. One such command will trigger the aforementioned spreading.
Steals the CD key of some popular games.
It does the following:
Copies itself as %System%\Winlogonn.exe.
Calculates a random IP address for a computer that it will try to infect.
Attempts to authenticate itself to the randomly generated IP addresses.
Copies itself to computers that have weak administrator passwords, at the following locations:
\\
\\
Remotely schedules a task to run the worm on a newly infected computer.
For manual removal, please delete value: "Windows mangement"="winlogonn.exe"
from the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Removal:
Use RegRun Startup Opimizer.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.