PDA

View Full Version : Backdoor.hazzer infected winlogon.exe

Marc Heaselden
December 6th 03, 03:24 PM
Norton identified winlogon.exe as infected with backoor.hazzer virus which
it could not repair so quarantined instead. NAV website advised that NAV
could repair the virus and that new definitions available would do the job.
Having downloaded updated definitions and rerun NAV it still came back that
the file was unrepairable. Sent the infected file to Symantec which replied
automatically that the file was infected and that it was repairable with
current definitions (Which it is not apparently).
Where do i go from here? My PC seems to be working ok but i cannot get any
information on the winlogon.exe file (Even having done a search on microsoft
support site).
Can anyone give me any information on whether the infection is repairable
and if so how?

Much appreciated thanks in anticipation,

Marc H.
Rick \Nutcase\ Rogers
December 6th 03, 03:24 PM
Hi,

Are you sure it's winlogon.exe and not winlogin.exe? Winlogon.exe is a valid
file name, and a new one can be extracted from the I386 folder to replace it
if necessary. Winlogin.exe is a virus file and should simply be deleted.

For the hazzer trojan, follow the manual instructions to disable the bugger
here:
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.hazzer.html

Doing so should remove the winlogon.exe error, as the trojan doesn't infect
the file insofar as it affects the run path in the system registry. That is
the real problem.

--
Best of Luck,

Rick Rogers aka "Nutcase" MS-MVP - Win9x
http://mvp.support.microsoft.com/
Associate Expert - WinXP - Expert Zone
www.microsoft.com/windowsxp/expertzone
Win98 Help - www.rickrogers.org

"Marc Heaselden" > wrote in message
...
> Norton identified winlogon.exe as infected with backoor.hazzer virus which
> it could not repair so quarantined instead. NAV website advised that NAV
> could repair the virus and that new definitions available would do the
job.
> Having downloaded updated definitions and rerun NAV it still came back
that
> the file was unrepairable. Sent the infected file to Symantec which
replied
> automatically that the file was infected and that it was repairable with
> current definitions (Which it is not apparently).
> Where do i go from here? My PC seems to be working ok but i cannot get any
> information on the winlogon.exe file (Even having done a search on
microsoft
> support site).
> Can anyone give me any information on whether the infection is repairable
> and if so how?
>
> Much appreciated thanks in anticipation,
>
> Marc H.
>
>
Google