We checked up the file WINLOGAN.EXE and found it hazardous.
The file WINLOGAN.EXE must be deleted from the system immediately.
Kill the process WINLOGAN.EXE and remove WINLOGAN.EXE from the Windows startup.
Malware Analysis of WINLOGAN.EXE
Full path on a computer: %Temp%\winlogan.exe
Detected by UnHackMe:
WINLOGAN.EXE
Default location: %Temp%\winlogan.exe
Removal Results: Success
Number of reboot: 1
WINLOGAN.EXE is known as:
Trojan.Small, Trojan.DL.Small.WJR, probably a variant of Win32.TrojanDownloader.Small.NTQ, W32.Trojan-Dlr-SysWrt.Eldorado, Downloader, Win32:Small-KRT, Trojan.Downloader-14718, TrojWare.TrojanDownloader.Small.fza, Trojan.DownLoader.35201, High Risk Cloaked Malware, Trojan-Downloader.Small, Trojan.Ertfor.A, Win-Trojan.Downloader.15000.O, Trojan.DL.Small.fza
WINLOGAN.EXE hash:
- MD5: 4e8256d83a75cafe7eaee1539745dbd8
The file tries to connect to the dangerous web site.
How to quickly detect WINLOGAN.EXE presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\CLSID\{B5AC49A2-94F3-42BD-F434-2604812C897D}\InProcServer32\: “%SysDir%\fY8dndg.dll”
- HKLM\Software\Classes\CLSID\{B5AF0562-94F3-42BD-F434-2604812C297D}\InProcServer32\: “%SysDir%\Bvdsf4g.dll”
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\f94mggfhfghodftdf: “%Temp%\winlogan.exe”
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\f94mggfhfghodftdf: “%Temp%\winlogan.exe”
Files:- %Temp%\k56dbhsfgdg.tmp
- %Temp%\kfi4gfm9.tmp
- %Temp%\ldfee3rkgdg.tmp
- %Temp%\winlogan.exe
- %SysDir%\Bvdsf4g.dll
- %SysDir%\fY8dndg.dll