winlogon.exe - Dangerous

%windir%\winlogon.exe

Jeff's Story:

My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.

I sought a solution on the Internet and discovered your product and tried out the trial.

You quickly found the rootkit and SAVED my PC!

I haven't had any problems since, and I'm extremely grateful.

Free Download

Manual removal instructions:

%windir%\winlogon.exe
I-Worm.Netsky.d worm that infect computers through internet as an attachment to infected emails.

Infected email message has the following characteristics:
Random header.

Body is one of the following:
Here is the file.
Please have a look at the attached file
Please read the attached file.
See the attached file for details.
Your document is attached.
Your file is attached.

Attachment: all_document.pif, application.pif, document.pif, document_4351.pif, document_excel.pif, document_full.pif, document_word.pif, etc.

Copies itself to the %System% folder as "winlogon.exe"
and adds the value to the registry key:
[HKLM\Software\Microsoft\Windows\CurrentVersion\Run]
Searches for the email addresses in the files with the following extensions: adb, asp, dbx, doc, eml, htm, html, msg, oft, php, pl, rtf, sht, tbb, txt, uin, vbs, wab.
Attempts to send email messages using its own SMTP list.
Some of them:
145.253.2.171
151.189.13.35
193.141.40.42
193.189.244.205
193.193.144.12
and so on.

Attempts to remove Mydoom worm from the infected machine.
Also it deletes the keys:
"KasperskyAv" and "system."
from the system registry.

Remove winlogon.exe now!