Backdoor.hazzer infected winlogon.exe

[Marc Heaselden]

Norton identified winlogon.exe as infected with backoor.hazzer virus which
it could not repair so quarantined instead. NAV website advised that NAV
could repair the virus and that new definitions available would do the job.
Having downloaded updated definitions and rerun NAV it still came back that
the file was unrepairable. Sent the infected file to Symantec which replied
automatically that the file was infected and that it was repairable with
current definitions (Which it is not apparently).
Where do i go from here? My PC seems to be working ok but i cannot get any
information on the winlogon.exe file (Even having done a search on microsoft
support site).
Can anyone give me any information on whether the infection is repairable
and if so how?

Much appreciated thanks in anticipation,

Marc H.

 

[Rick \Nutcase\ Rogers]

Hi,

Are you sure it's winlogon.exe and not winlogin.exe? Winlogon.exe is a valid
file name, and a new one can be extracted from the I386 folder to replace it
if necessary. Winlogin.exe is a virus file and should simply be deleted.

For the hazzer trojan, follow the manual instructions to disable the bugger
here:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hazzer.html

Doing so should remove the winlogon.exe error, as the trojan doesn't infect
the file insofar as it affects the run path in the system registry. That is
the real problem.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x

Associate Expert - WinXP - Expert Zone