Methods of killing Winlogon virus

Although this virus has become the past, but the problem is more classic, now The Killing method written out, extrapolate, hope to help everyone!

This Trojan may release the QQ tail msinfo.rx is in C:\Program Files\Common Files\Microsoft Shared\msinfo\, is hides the file, launches the QQ to be loaded to the QQ.exe, Within the TIMPlatform.exe thread, it can be deleted in safe mode. Another C:\Program files\internet Explorer\Plugins will also generate Systme.sys Trojan file, Safe mode can be deleted! This is found in the cleaning of colleagues machine, whether and "snow" association, it is not clear, we should pay attention to.

Colleague's machine virus, I checked, found that the process of a capital Winlogon, is in the Winnt directory, and under normal circumstances, this process should be in the Winnt/system32 directory, it seems certain ghosts.

Check the registry of the startup items, there is indeed an abnormal Torjan pragramme, you can switch to the security model after the deletion, restart will appear, it seems that this thing is not simple.

Search the Internet, the original is a "snow" virus, a beautiful name AH.

Below the search for the solution to share the following:

This process is not a legendary World program icon using 51 cracked version heirloom will produce a WINLOGON.EXE process, the normal Winlogon system process, its user name "system" program name is lowercase winlogon.exe. and masquerading as the process of the Trojan horse program whose username is the current system user name, and the program name is uppercase WINLOGON.exe. Process View Ctrl+alt+del then select the process. Under normal circumstances, there is only one Winlogon.exe process with the user name "SYSTEM". If there are two Winlogon.exe, and one of them is uppercase, the user name is the current system user, indicating a possible trojan.

This trojan is very powerful, can destroy Trojan nemesis, make it not normal operation. I am currently using other anti-virus software not detected. That Windows WINLOGON.EXE is really a virus, but, she is only the small role of the virus, we open D to see if there is a pagefile DOS point to the file and a Autorun.inf file, oh, of course, are hidden, delete these few useless, because she associated a very Many things, even in safe mode are difficult to do, just run any program, or double-click to open D, she will be installed again, oh, this time a lot of people are stolen because of this family heirloom, and anti-virus software can not find out, someone called this virus for "snow" is a special theft legendary world Trojan Horse, As for will not steal other accounts such as QQ, net silver to see her happy, hehe, is also estimated to be recorded together. Not afraid of the poison and to reduce the loss of the best to open the firewall to prevent in addition to their own trust in a few common tasks out of the door, the other all blocked, of course, we'd better back up as soon as possible, and then close the door antivirus including favour, such as modified 51PYWG heirlooms, and they As for other cooperative web site estimates also can not escape the relationship, especially the new site, has been confirmed many times in the site on the Trojan, although he explained is black, but can not exclude other possible, especially careful those after the launch of the link to the site's plug-in, not excluding the initiator itself is poisonous, anyway, This startup is the easiest poison to connect to a website's cracked software, as to when to put, how to, such as a day for a few hours, to see how good he is, and try to use that completely local to crack the verification version, although the Union now seems to have not found the horse or put on their own, but be careful, Recently legendary world legend n many people stolen number, targeted at these sites, The following is a recent special virus WINLOGON.EXE removal method, note that this fake WINLOGON.EXE is in Windows, the process is represented by the current user or administrator. The other one. System's Winlogon.exe is normal, that must not disorderly delete, see clearly, the front one is uppercase, the back one is lowercase, and by some netizens confirmed that this file connection destination for Henan.

Ways to solve the "snow" virus

Symptom: D disk double blows not open, inside have Autorun.inf and pagefile.com file

The virus is also too strong, in safe mode with the administrator to solve the same! After an afternoon of fighting is barely solved. I do not use any Trojan software, is a manual one to pull it out of his deleted. The files associated with it are the following, and most files are displayed as system files and hidden. So to open the display hidden file in Folder Options.

There are two in D, you can't double click to open D disk. There's more in the C plate!

D:\autorun.inf

D:\pagefile.com

C:\Program files\internet Explorer\iexplore.com

C:\Program Files\Common Files\iexplore.com

C:\WINDOWS\1.com

C:\WINDOWS\iexplore.com

C:\WINDOWS\finder.com

C:\WINDOWS\Exeroud.exe (Forget the name is, the red icon has the legendary world icon)

c:\windows\debug\*** Programme.exe (also the above icon, the name forgot-_-good well obviously not hidden)

C:\Windows\system32\command.com This do not easily delete, to see if it is not the same as the following several dates and other file dates, if and other documents most of the system file date can not be deleted, of course, the system file is certainly not this time.

C:\Windows\system32\msconfig.com

C:\Windows\system32\regedit.com

C:\Windows\system32\dxdiag.com

C:\Windows\system32\rundll32.com

C:\Windows\system32\finder.com

C:\Windows\system32\a.exe