Archive for the 'RunServices' Category

What is winIogon.exe, How to remove winIogon.exe

Sunday, January 17th, 2010

winIogon.exe is a harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: winIogon
Filename: winIogon.exe
Registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | Microsoft System Service
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices | Microsoft System Service
HKEY_CURRENT_USER\Software\Microsoft\OLE | Microsoft System Service

Command: C:\Windows\System32\winIogon.exe
Startup Type: HKLM->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\Run: [Microsoft System Service] winIogon.exe

DDS Line:

mRun: [Microsoft System Service] winIogon.exe

Combofix/RSIT Line:

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
“Microsoft System Service”=winIogon.exe

Description: trojan also known as W32/Virut.gen.a [McAfee], Backdoor:Win32/Poebot.gen [Microsoft], W32.IRCBot [Symantec], PE_VIRUT.AV [Trend Micro], W32.Virut.W [Symantec]

How to remove: use HijackThis + Kaspersky virus removal tool

lockx.exe is a W32/Sdbot-ADD worm

Saturday, February 14th, 2009

This is an harmful program.

remove It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program.
If that does not help, then ask us for help in the Spyware removal forum.

Name: lockx
Filename: lockx.exe
Command: %windir%\system32\lockx.exe
Startup Type: HKLM->RunServices, HKCU->Run
HijackThis Category: O4
HijackThis Line:

O4 – HKLM\..\RunServices: [strtas] lockx.exe
O4 – HKCU\..\Run: [strtas] lockx.exe

Description: W32/Sdbot-ADD worm

How to remove: Use HijackThis