WINLOGON.EXE – Trojan Small

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

WINLOGON.EXE – Trojan Small removal

FileMD5Virus Alias
WINLOGON.EXE 00e8328d1008b32d9a21f3801359f1e1 Trojan Small
WINLOGON.EXE 00e8328d1008b32d9a21f3801359f1e1 Suspicious File
WINLOGON.EXE 00e8328d1008b32d9a21f3801359f1e1 Trojan Artemis
WINLOGON.EXE 00e8328d1008b32d9a21f3801359f1e1 Trojan Generic
WINLOGON.EXE 00e8328d1008b32d9a21f3801359f1e1 Trojan Eldorado
WINLOGON.EXE 00e8328d1008b32d9a21f3801359f1e1 Trojan Agent

WINLOGON.EXE size: 465408 bytes
WINLOGON.EXE hash: 00E8328D1008B32D9A21F3801359F1E1

Created files:

%UserProfile%\Local Settings\Application Data\Microsoft\cisvc.exe
%UserProfile%\Local Settings\Application Data\Microsoft\mqtgsvc.exe
%UserProfile%\Local Settings\Application Data\Microsoft\winlogon.exe
%SysDir%\drivers\sessmgr.exe
%TEMP%\Twain002.Mtx
%AllUsersProfile%\esentutl.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cisvc: %WinDir%\System32\config\SYSTEM~1\LOCALS~1\APPLIC~1\MICROS~1\cisvc.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\MessageService: %WinDir%\System32\config\SYSTEM~1\LOCALS~1\APPLIC~1\MICROS~1\mqtgsvc.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Sessmgr: %WinDir%\System32\drivers\sessmgr.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\EseNtUtl: C:\DOCUME~1\ALLUSE~1\esentutl.exe

Detected by UnHackMe:

WINLOGON.EXE
Default location: %LOCAL APPDATA%\MICROSOFT\WINLOGON.EXE

Dropper information:
MD5: 00e8328d1008b32d9a21f3801359f1e1
File size: 465408 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images