I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free DownloadFully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
WINLOGON.EXE – Trojan SuspiciousFile removal
File | MD5 | Virus Alias |
---|---|---|
WINLOGON.EXE | eb2f76b12c780ccfde41cac5880ab413 | Trojan SuspiciousFile |
WINLOGON.EXE size: 915853 bytes
WINLOGON.EXE hash: EB2F76B12C780CCFDE41CAC5880AB413
Created files:
%TEMP%\IXP000.TMP\CoolPDFReader.exe
%TEMP%\IXP000.TMP\pdf.exe
%TEMP%\_MEI24842\bin\csrss.exe
%TEMP%\_MEI24842\bin\diablo130302.cl
%TEMP%\_MEI24842\bin\diakgcn121016.cl
%TEMP%\_MEI24842\bin\explorer.exe
%TEMP%\_MEI24842\bin\libcurl.dll
%TEMP%\_MEI24842\bin\libeay32.dll
%TEMP%\_MEI24842\bin\libidn-11.dll
%TEMP%\_MEI24842\bin\minerd.dll
%TEMP%\_MEI24842\bin\OpenCL.dll
%TEMP%\_MEI24842\bin\phatk121016.cl
%TEMP%\_MEI24842\bin\poclbm130302.cl
%TEMP%\_MEI24842\bin\pthreadGC2.dll
%TEMP%\_MEI24842\bin\scrypt130511.cl
%TEMP%\_MEI24842\bin\ssleay32.dll
%TEMP%\_MEI24842\bin\winlogon.exe
%TEMP%\_MEI24842\bin\zlib1.dll
%TEMP%\_MEI24842\bz2.pyd
%TEMP%\_MEI24842\eggs\msgpack_python-0.3.0-py2.7-win32.egg
%TEMP%\_MEI24842\eggs\psutil-1.0.1-py2.7-win32.egg
%TEMP%\_MEI24842\eggs\wmi-1.4.9-py2.7-win32.egg
%TEMP%\_MEI24842\mfc90.dll
%TEMP%\_MEI24842\mfc90u.dll
%TEMP%\_MEI24842\mfcm90.dll
%TEMP%\_MEI24842\mfcm90u.dll
%TEMP%\_MEI24842\msgpack._packer.pyd
%TEMP%\_MEI24842\msgpack._unpacker.pyd
%TEMP%\_MEI24842\msvcm90.dll
%TEMP%\_MEI24842\msvcp90.dll
%TEMP%\_MEI24842\msvcr90.dll
%TEMP%\_MEI24842\pyexpat.pyd
%TEMP%\_MEI24842\pyHook._cpyHook.pyd
%TEMP%\_MEI24842\python27.dll
%TEMP%\_MEI24842\pythoncom27.dll
%TEMP%\_MEI24842\pywintypes27.dll
%TEMP%\_MEI24842\select.pyd
%TEMP%\_MEI24842\unicodedata.pyd
%TEMP%\_MEI24842\win32api.pyd
%TEMP%\_MEI24842\win32com.shell.shell.pyd
%TEMP%\_MEI24842\win32file.pyd
%TEMP%\_MEI24842\win32gui.pyd
%TEMP%\_MEI24842\win32pipe.pyd
%TEMP%\_MEI24842\win32trace.pyd
%TEMP%\_MEI24842\win32ui.pyd
%TEMP%\_MEI24842\_ctypes.pyd
%TEMP%\_MEI24842\_hashlib.pyd
%TEMP%\_MEI24842\_multiprocessing.pyd
%TEMP%\_MEI24842\_psutil_mswindows.pyd
%TEMP%\_MEI24842\_socket.pyd
%TEMP%\_MEI24842\_ssl.pyd
%TEMP%\_MEI24842\_win32sysloader.pyd
Autostart registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0: rundll32.exe %WinDir%\System32\advpack.dll,DelNodeRunDLL32 “%TEMP%\IXP000.TMP\”
Detected by UnHackMe:
WINLOGON.EXE
Default location: %TEMP%\_MEI24842\BIN\WINLOGON.EXE
Dropper information:
MD5: 125d357fea7d532c2bb474ecc3efd90b
File size: 8565760 bytes