系统之家 - 系统光盘下载网站!

教程
  • 综合
  • Win10
  • Win7
  • 教程
  • 资讯
搜 索

热搜:win11绕过硬件限制安装 一键重装Win10系统 最干净的u盘启动盘 真正纯净版的win7系统

首页 Win10系统 Win7系统 Win11系统 XP系统 办公之家 一键重装 教程
其他
Win10教程 Win7教程 Win11教程 WinXP教程 U盘教程 Office PPT专区 Excel专区 Word专区
当前位置:系统之家 > 系统教程 > 电脑感染上winlogon.exe病毒了怎么办?

电脑感染上winlogon.exe病毒了怎么办?

时间:2017-01-10 11:39:37 作者:zhanghong 来源:系统之家 1. 扫描二维码随时看资讯 2. 请使用手机浏览器访问: https://m.xitongzhijia.net/xtjc/20170110/90516.html 手机查看 评论

  电脑在浏览一些不安全网站的时候非常容易感染病毒,随着网络的发展,病毒也变得越来越多样化。近日一位网友突然发现自己的电脑感染上一个名为“winlogon.exe”的病毒,对此该怎么办呢?本文就给大家介绍手动清除winlogon.exe电脑病毒的方法。

  这只鸽子提示:中招后,贴日志求助的日子即将结束!做好系统基础安全防护是每个用户的当务之急。“基础安全防护”绝不仅仅是打几个补丁的问题。熟悉一两个性能好的安全软件的使用也是必要的。否则,中招后,你自己就着急吧!

  这只鸽子的要害是c:windows/winlogon.dll。如果想办法禁止这个dll加载运行,鸽子的文件全部可见图1:

电脑感染上winlogon.exe病毒了怎么办?

  screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='点击这儿打开新的窗口';}" resized="true">

  这只鸽子的要害是这个c:windowswinlogon.dll。

  如果用SSM禁止c:windowswinlogon.dll加载运行,则这只鸽子的文件全部可见。

  这是Movgear.exe中捆绑的一只灰鸽子(Movgear.exe样本来自安全12公里)。winlogon.exe的MD5值为:2de9f62c2b405e16cb66773747cf0f2d。

  一、自Movgear.exe中提取winlogon.exe并将其植入系统后,autoruns、HijackThis、SREng日志中均无任何异常发现。

  winlogon.exe释放的文件有:

  1、c:windowswinlogon.exe

  2、c:windowswinlogon.dll

  3、c:windowswinlogonKey.dll

  这两个dll插入IE浏览器进程。

  即使不打开IE浏览器,IceSword的进程列表中依然可见iexplore.exe。

  c:windowswinlogonKey.dll动态跟踪所有应用程序进程(一旦开启,立即插入。)

  注意:即使显示隐藏文件,用WINDOWS的资源管理器也看不到灰鸽子释放的这三个文件。用IceSword才能看到。

  二、注册表改动包括:

  1、在HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

  添加:winlogon.exe(指向c:windowswinlogon.exe)

  2、在HKEY_USERS.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\Cmd\Mapping

  添加:

  "{92780B25-18CC-41C8-B9BE-3C9C571A8263}"=dword:00002002 "{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}"=dword:00002002 "{FB5F1910-F110-11d2-BB9E-00C04F795683}"=dword:00002001

  3、在HKEY_USERS.DEFAULT\Software\Microsoft\Internet\Connection\Wizard

  添加:"Completed"=hex:01,00,00,00

  4、在HKEY_USERS.DEFAULT\Software\Microsoft\Internet\Explorer\Toolbar\WebBrowser

  添加:

  1. 01"ITBarLayout"=hex:11,00,00,00,5c,00,00,00,00,00,00,00,34,00,00,00,1f,00,00,00,56,
  2. 0200,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,
  3. 0300,00,26,00,00,00,02,00,00,00,21,07,00,00,a0,0f,00,00,04,00,00,
  4. 0400,21,01,00,00,a0,0f,00,00,03,00,00,00,20,03,00,00,00,00,00,00,
  5. 0500,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  6. 0600,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  7. 0700,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  8. 0800,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  9. 0900,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  10. 1000,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  11. 1100,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  12. 1200,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  13. 1300,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  14. 1400,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  15. 1500,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  16. 1600,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  17. 1700,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  18. 1800,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  19. 1900,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  20. 2000,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  21. 2100,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  22. 2200,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  23. 2300,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  24. 2400,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  25. 2500,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  26. 2600,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
  27. 2700,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
  28. 28"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,aa,00,5b,43,83,10,00,00,00,00,
  29. 2900,00,00,01,e0,32,f4,01,00,00,00
  30. 30"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=hex:21,bf,5c,0e,5f,d1,d0,11,83,01,00,aa,00,5b,43,83,22,00,1c,00,08,
  31. 3100,00,00,06,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,
  32. 3200,00,4c,00,00,00,01,14,02,00,00,00,00,00,c0,00,00,00,00,00,00,
  33. 3346,81,00,00,00,10,00,00,00,a0,8f,ff,ba,9d,d4,c6,01,00,9e,02,bb,
  34. 349d,d4,c6,01,a0,8f,ff,ba,9d,d4,c6,01,00,00,00,00,00,00,00,00,01,
  35. 3500,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5d,01,14,00,1f,50,
  36. 36e0,4f,d0,20,ea,3a,69,10,a2,d8,08,00,2b,30,30,9d,19,00,2f,43,3a,
  37. 375c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5c,
  38. 3800,31,00,00,00,00,00,3a,31,09,3c,10,00,44,4f,43,55,4d,45,7e,31,
  39. 3900,00,44,00,03,00,04,00,ef,be,3a,31,9c,36,2a,35,f7,29,14,00,00,
  40. 4000,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,
  41. 4161,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,
  42. 4200,73,00,00,00,18,00,4c,00,31,00,00,00,00,00,2a,35,cb,2e,16,00,
  43. 434e,45,54,57,4f,52,7e,31,00,00,34,00,03,00,04,00,ef,be,3a,31,11,
  44. 4439,2a,35,cb,2e,14,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,
  45. 456b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,18,00,56,
  46. 4600,31,00,00,00,00,00,2a,35,cb,2e,11,00,46,41,56,4f,52,49,7e,31,
  47. 4700,00,3e,00,03,00,04,00,ef,be,2a,35,cb,2e,2a,35,cb,2e,14,00,28,
  48. 4800,46,00,61,00,76,00,6f,00,72,00,69,00,74,00,65,00,73,00,00,00,
  49. 4940,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,31,32,36,39,33,00,18,
  50. 5000,30,00,35,00,00,00,00,00,2a,35,f1,2e,10,00,fe,94,a5,63,00,00,
  51. 511c,00,03,00,04,00,ef,be,2a,35,f1,2e,2a,35,f1,2e,14,00,00,00,fe,
  52. 5294,a5,63,00,00,14,00,00,00,60,00,00,00,03,00,00,a0,58,00,00,00,
  53. 5300,00,00,00,6c,69,6e,62,61,6f,68,65,00,00,00,00,00,00,00,00,1e,
  54. 548c,63,4d,34,72,b3,48,8a,de,83,67,8f,38,be,10,b1,a9,fd,89,90,40,
  55. 55db,11,b2,29,00,d0,59,c0,b8,59,1e,8c,63,4d,34,72,b3,48,8a,de,83,
  56. 5667,8f,38,be,10,b1,a9,fd,89,90,40,db,11,b2,29,00,d0,59,c0,b8,59,
  57. 5700,00,00,00
复制代码
"ITBarLayout"=hex:11,00,00,00,5c,00,00,00,00,00,00,00,34,00,00,00,1f,00,00,00,56, 00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05, 00,00,26,00,00,00,02,00,00,00,21,07,00,00,a0,0f,00,00,04,00,00, 00,21,01,00,00,a0,0f,00,00,03,00,00,00,20,03,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00 "{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,aa,00,5b,43,83,10,00,00,00,00, 00,00,00,01,e0,32,f4,01,00,00,00 "{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=hex:21,bf,5c,0e,5f,d1,d0,11,83,01,00,aa,00,5b,43,83,22,00,1c,00,08, 00,00,00,06,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00, 00,00,4c,00,00,00,01,14,02,00,00,00,00,00,c0,00,00,00,00,00,00, 46,81,00,00,00,10,00,00,00,a0,8f,ff,ba,9d,d4,c6,01,00,9e,02,bb, 9d,d4,c6,01,a0,8f,ff,ba,9d,d4,c6,01,00,00,00,00,00,00,00,00,01, 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5d,01,14,00,1f,50, e0,4f,d0,20,ea,3a,69,10,a2,d8,08,00,2b,30,30,9d,19,00,2f,43,3a, 5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5c, 00,31,00,00,00,00,00,3a,31,09,3c,10,00,44,4f,43,55,4d,45,7e,31, 00,00,44,00,03,00,04,00,ef,be,3a,31,9c,36,2a,35,f7,29,14,00,00, 00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00, 61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67, 00,73,00,00,00,18,00,4c,00,31,00,00,00,00,00,2a,35,cb,2e,16,00, 4e,45,54,57,4f,52,7e,31,00,00,34,00,03,00,04,00,ef,be,3a,31,11, 39,2a,35,cb,2e,14,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00, 6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,18,00,56, 00,31,00,00,00,00,00,2a,35,cb,2e,11,00,46,41,56,4f,52,49,7e,31, 00,00,3e,00,03,00,04,00,ef,be,2a,35,cb,2e,2a,35,cb,2e,14,00,28, 00,46,00,61,00,76,00,6f,00,72,00,69,00,74,00,65,00,73,00,00,00, 40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,31,32,36,39,33,00,18, 00,30,00,35,00,00,00,00,00,2a,35,f1,2e,10,00,fe,94,a5,63,00,00, 1c,00,03,00,04,00,ef,be,2a,35,f1,2e,2a,35,f1,2e,14,00,00,00,fe, 94,a5,63,00,00,14,00,00,00,60,00,00,00,03,00,00,a0,58,00,00,00, 00,00,00,00,6c,69,6e,62,61,6f,68,65,00,00,00,00,00,00,00,00,1e, 8c,63,4d,34,72,b3,48,8a,de,83,67,8f,38,be,10,b1,a9,fd,89,90,40, db,11,b2,29,00,d0,59,c0,b8,59,1e,8c,63,4d,34,72,b3,48,8a,de,83, 67,8f,38,be,10,b1,a9,fd,89,90,40,db,11,b2,29,00,d0,59,c0,b8,59, 00,00,00,00

  5、在HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState

  添加:"Settings"=hex:0c,00,02,00,0a,01,ef,75,60,00,00,00

  6、在HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ExtStats

  添加:

  {0055C089-8582-441B-A0BF-17B458C2A3A8}

  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

  {92780B25-18CC-41C8-B9BE-3C9C571A8263}

  {AE7CD045-E861-484F-8273-0445EE161910}

  {DEDEB80D-FA35-45D9-9460-4983E5A8AFE6}

  {FB5F1910-F110-11D2-BB9E-00C04F795683}

  7、在HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\链接

  添加:"Order"=hex:08,00,00,00,02,00,00,00,0c,00,00,00,01,00,00,00,00,00,00,00

  三、进行上述观察后,重启系统。

  重启后,卡巴斯基报警(我的卡巴斯基为启动加载):发现灰鸽子。但卡巴斯基仅仅将c:windowswinlogon.dll删除;c:windowswinlogon.exe和c:windowswinlogonKey.dll卡巴斯基并不报毒。汗!!卡巴斯基越来越不争气了另外发现其winlogonKey.log文件。文件内容为:

  #?》。?:4?74;

  四、查杀流程:

  1、打开注册表编辑器,展开HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

  删除灰鸽子的服务项:winlogon.exe

  2、重启系统。用IceSword找到并删除鸽子释放的那三个文件。

  4、清理注册表(删除鸽子添加的注册表项)。

  五、查杀方法:安全模式下操作

  删除文件

  C:Downloads

  C:WINDOWSsystem32AddrConfig.bin

  C:WINDOWSsystem32oobedata

  C:WINDOWSsystem32wbemddes

  C:WINDOWSsystem32wbemkbd101ab.dll

  C:WINDOWSsystem32wbemSysOption.bin

  C:WINDOWSsystem32wbemwinlogon.exe

  删除注册表

  HKCRCLSID{881F6F06-4620-4070-AD05-BD77D4C56661}

  HKCRInterface{468262B9-8400-4A49-B2E5-CE8550EB1347}

  HKCRTypeLib{F63B08CD-3645-474F-8872-BA4293251FF9}1.0

  HKCRVCFIWZDY32.VCFIWZDY

  HKLMSYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsListC:WINDOWSSystem32WBEMwinlogon.exe

  HKCUSoftwareMicrosoftMediaPlayerPlayerExtensions

  重启回正常模式即可。

  以上便是手动清除winlogon.exe电脑病毒的详细操作,由于操作起来步骤比较多,所以用户在操作的时候一定要注意,不要删除错了注册表,以免影响到其它功能无法正常使用。

标签 电脑病毒

相关教程

新版Steam大屏幕怎么关?Steam退出大屏幕模式的方法

新版Steam大屏幕怎么关?Steam退出大屏幕模式的方法

 天玑处理器排行榜2023最新4月榜单_天玑芯片排行天梯图

天玑处理器排行榜2023最新4月榜单_天玑芯片排行天梯图

 Steam登陆错误代码e84怎么办?Steam账号短期内登录次数过多的解决方法

Steam登陆错误代码e84怎么办?Steam账号短期内登录次数过多的解决方法

 MSDN我告诉你官网是哪个?MSDN官网入口介绍

MSDN我告诉你官网是哪个?MSDN官网入口介绍

发表评论

0

没有更多评论了

评论就这些咯,让大家也知道你的独特见解

立即评论

以上留言仅代表用户个人观点,不代表系统之家立场

其他版本软件

    热门教程

    人气教程排行

    相关系统推荐

    猜你想搜

    官方交流群 软件收录