Monday, February 2, 2009

Winlogon Malware Malware

Removing Winlogon Malware
Categories: Malware
Malware includes a range of programs that do not threaten computers directly,
but are used to create viruses or Trojans, or used to carry out illegal activities
such as DoS attacks and breaking into other computers.
Visible Symptoms:
Files in system folders:
[%SYSTEM%]\explorer.dll
[%SYSTEM%]\iexplorer.dll
[%SYSTEM%]\j40s0ed7eh0.dll
[%SYSTEM%]\req.dat
[%SYSTEM%]\ssldr32.dll
[%SYSTEM%]\winbug32.dll
[%SYSTEM%]\wineil32.dll
[%SYSTEM%]\winfon32.dll
[%SYSTEM%]\wingsa32.dll
[%SYSTEM%]\winhab32.dll
[%SYSTEM%]\winhfp32.dll
[%SYSTEM%]\winjgf32.dll
[%SYSTEM%]\winmmt32.dll
[%SYSTEM%]\winowl32.dll
[%SYSTEM%]\winpsa32.dll
[%SYSTEM%]\winrge32.dll
[%SYSTEM%]\wintts32.dll
[%SYSTEM%]\winvhi32.dll
[%SYSTEM%]\winwly32.dll
[%SYSTEM%]\winysc32.dll
[%SYSTEM%]\winzwr32.dll
[%SYSTEM%]\yvpp01.dll
[%WINDOWS%]\$NtUninstallKB823559$\run.dll
[%SYSTEM%]\explorer.dll
[%SYSTEM%]\iexplorer.dll
[%SYSTEM%]\j40s0ed7eh0.dll
[%SYSTEM%]\req.dat
[%SYSTEM%]\ssldr32.dll
[%SYSTEM%]\winbug32.dll
[%SYSTEM%]\wineil32.dll
[%SYSTEM%]\winfon32.dll
[%SYSTEM%]\wingsa32.dll
[%SYSTEM%]\winhab32.dll
[%SYSTEM%]\winhfp32.dll
[%SYSTEM%]\winjgf32.dll
[%SYSTEM%]\winmmt32.dll
[%SYSTEM%]\winowl32.dll
[%SYSTEM%]\winpsa32.dll
[%SYSTEM%]\winrge32.dll
[%SYSTEM%]\wintts32.dll
[%SYSTEM%]\winvhi32.dll
[%SYSTEM%]\winwly32.dll
[%SYSTEM%]\winysc32.dll
[%SYSTEM%]\winzwr32.dll
[%SYSTEM%]\yvpp01.dll
[%WINDOWS%]\$NtUninstallKB823559$\run.dll

How to detect Winlogon Malware:

Files:
[%SYSTEM%]\explorer.dll
[%SYSTEM%]\iexplorer.dll
[%SYSTEM%]\j40s0ed7eh0.dll
[%SYSTEM%]\req.dat
[%SYSTEM%]\ssldr32.dll
[%SYSTEM%]\winbug32.dll
[%SYSTEM%]\wineil32.dll
[%SYSTEM%]\winfon32.dll
[%SYSTEM%]\wingsa32.dll
[%SYSTEM%]\winhab32.dll
[%SYSTEM%]\winhfp32.dll
[%SYSTEM%]\winjgf32.dll
[%SYSTEM%]\winmmt32.dll
[%SYSTEM%]\winowl32.dll
[%SYSTEM%]\winpsa32.dll
[%SYSTEM%]\winrge32.dll
[%SYSTEM%]\wintts32.dll
[%SYSTEM%]\winvhi32.dll
[%SYSTEM%]\winwly32.dll
[%SYSTEM%]\winysc32.dll
[%SYSTEM%]\winzwr32.dll
[%SYSTEM%]\yvpp01.dll
[%WINDOWS%]\$NtUninstallKB823559$\run.dll
[%SYSTEM%]\explorer.dll
[%SYSTEM%]\iexplorer.dll
[%SYSTEM%]\j40s0ed7eh0.dll
[%SYSTEM%]\req.dat
[%SYSTEM%]\ssldr32.dll
[%SYSTEM%]\winbug32.dll
[%SYSTEM%]\wineil32.dll
[%SYSTEM%]\winfon32.dll
[%SYSTEM%]\wingsa32.dll
[%SYSTEM%]\winhab32.dll
[%SYSTEM%]\winhfp32.dll
[%SYSTEM%]\winjgf32.dll
[%SYSTEM%]\winmmt32.dll
[%SYSTEM%]\winowl32.dll
[%SYSTEM%]\winpsa32.dll
[%SYSTEM%]\winrge32.dll
[%SYSTEM%]\wintts32.dll
[%SYSTEM%]\winvhi32.dll
[%SYSTEM%]\winwly32.dll
[%SYSTEM%]\winysc32.dll
[%SYSTEM%]\winzwr32.dll
[%SYSTEM%]\yvpp01.dll
[%WINDOWS%]\$NtUninstallKB823559$\run.dll

Registry Keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Management
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\artm_newreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\BITS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\browsela
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\debugg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\directpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Extensions
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gatexkey
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gdiwxp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\gs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Hints
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hpprintx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\htproc
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ideusr50
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\iexplorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Installer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\lanH32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msgnap
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\msupdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Nls
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OemStartMenuData
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pptp16
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Reliability
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\req
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensSrv
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\seppgs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SharedDlls
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ShellServiceObjectDelayLoad
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ssldr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\st3
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\style2
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\URL
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\vistax
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\welcome
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winbug32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WindowsUpdate
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wineil32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winexz32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winfon32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wingsa32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winhab32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winhfp32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjgf32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winjyp32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winkvh32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmfu32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmhw32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmiu32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winmmt32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winnjx32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winowl32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winpsa32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrge32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrgq32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrnt32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrvc32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winrzf32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winsdr32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winstu32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintfj32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wintts32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winuns32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winuqw32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winvhi32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winwil32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winwly32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winxtn32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winysc32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzdn32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winzwr32
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ydsvgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yvpp01

Removing Winlogon Malware:

You can download trial version of "Exterminate-It" antivirus software here, to check your computer instantly.

Or buy it to remove ALL viruses from your computer.

Also Be Aware of the Following Threats:
Removing SillyDl.CFR Trojan
Pigeon.ADN Trojan Symptoms
VB.fk Trojan Cleaner

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)