当前位置：系统之家 > 系统教程 > 电脑感染上winlogon.exe病毒了怎么办？

电脑感染上winlogon.exe病毒了怎么办？

时间：2017-01-10 11:39:37 作者：zhanghong 来源：系统之家 1. 扫描二维码随时看资讯 2. 请使用手机浏览器访问： https://m.xitongzhijia.net/xtjc/20170110/90516.html 手机查看评论反馈

　　电脑在浏览一些不安全网站的时候非常容易感染病毒，随着网络的发展，病毒也变得越来越多样化。近日一位网友突然发现自己的电脑感染上一个名为“winlogon.exe”的病毒，对此该怎么办呢？本文就给大家介绍手动清除winlogon.exe电脑病毒的方法。

　　这只鸽子提示：中招后，贴日志求助的日子即将结束！做好系统基础安全防护是每个用户的当务之急。“基础安全防护”绝不仅仅是打几个补丁的问题。熟悉一两个性能好的安全软件的使用也是必要的。否则，中招后，你自己就着急吧！

　　这只鸽子的要害是c:windows/winlogon.dll。如果想办法禁止这个dll加载运行，鸽子的文件全部可见图1：

　　screen.width*0.7) {this.resized=true; this.width=screen.width*0.7; this.alt='点击这儿打开新的窗口';}" resized="true">

　　这只鸽子的要害是这个c:windowswinlogon.dll。

　　如果用SSM禁止c:windowswinlogon.dll加载运行，则这只鸽子的文件全部可见。

　　这是Movgear.exe中捆绑的一只灰鸽子（Movgear.exe样本来自安全12公里）。winlogon.exe的MD5值为：2de9f62c2b405e16cb66773747cf0f2d。

　　一、自Movgear.exe中提取winlogon.exe并将其植入系统后，autoruns、HijackThis、SREng日志中均无任何异常发现。

　　winlogon.exe释放的文件有：

　　1、c:windowswinlogon.exe

　　2、c:windowswinlogon.dll

　　3、c:windowswinlogonKey.dll

　　这两个dll插入IE 浏览器进程。

　　即使不打开IE浏览器，IceSword的进程列表中依然可见iexplore.exe。

　　c:windowswinlogonKey.dll动态跟踪所有应用程序进程（一旦开启，立即插入。）

　　注意：即使显示隐藏文件，用WINDOWS的资源管理器也看不到灰鸽子释放的这三个文件。用IceSword才能看到。

　　二、注册表改动包括：

　　1、在HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

　　添加：winlogon.exe（指向c:windowswinlogon.exe）

　　2、在HKEY_USERS.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\Cmd\Mapping

　　添加：

　　"{92780B25-18CC-41C8-B9BE-3C9C571A8263}"=dword:00002002 "{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6}"=dword:00002002 "{FB5F1910-F110-11d2-BB9E-00C04F795683}"=dword:00002001

　　3、在HKEY_USERS.DEFAULT\Software\Microsoft\Internet\Connection\Wizard

　　添加："Completed"=hex:01，00，00，00

　　4、在HKEY_USERS.DEFAULT\Software\Microsoft\Internet\Explorer\Toolbar\WebBrowser

　　添加：

01"ITBarLayout"=hex:11,00,00,00,5c,00,00,00,00,00,00,00,34,00,00,00,1f,00,00,00,56,
0200,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,
0300,00,26,00,00,00,02,00,00,00,21,07,00,00,a0,0f,00,00,04,00,00,
0400,21,01,00,00,a0,0f,00,00,03,00,00,00,20,03,00,00,00,00,00,00,
0500,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
0600,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
0700,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
0800,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
0900,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
1000,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
1100,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
1200,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
1300,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
1400,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
1500,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
1600,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
1700,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
1800,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
1900,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
2000,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
2100,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
2200,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
2300,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
2400,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
2500,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
2600,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
2700,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
28"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,aa,00,5b,43,83,10,00,00,00,00,
2900,00,00,01,e0,32,f4,01,00,00,00
30"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=hex:21,bf,5c,0e,5f,d1,d0,11,83,01,00,aa,00,5b,43,83,22,00,1c,00,08,
3100,00,00,06,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,
3200,00,4c,00,00,00,01,14,02,00,00,00,00,00,c0,00,00,00,00,00,00,
3346,81,00,00,00,10,00,00,00,a0,8f,ff,ba,9d,d4,c6,01,00,9e,02,bb,
349d,d4,c6,01,a0,8f,ff,ba,9d,d4,c6,01,00,00,00,00,00,00,00,00,01,
3500,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5d,01,14,00,1f,50,
36e0,4f,d0,20,ea,3a,69,10,a2,d8,08,00,2b,30,30,9d,19,00,2f,43,3a,
375c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5c,
3800,31,00,00,00,00,00,3a,31,09,3c,10,00,44,4f,43,55,4d,45,7e,31,
3900,00,44,00,03,00,04,00,ef,be,3a,31,9c,36,2a,35,f7,29,14,00,00,
4000,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,
4161,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,
4200,73,00,00,00,18,00,4c,00,31,00,00,00,00,00,2a,35,cb,2e,16,00,
434e,45,54,57,4f,52,7e,31,00,00,34,00,03,00,04,00,ef,be,3a,31,11,
4439,2a,35,cb,2e,14,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,
456b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,18,00,56,
4600,31,00,00,00,00,00,2a,35,cb,2e,11,00,46,41,56,4f,52,49,7e,31,
4700,00,3e,00,03,00,04,00,ef,be,2a,35,cb,2e,2a,35,cb,2e,14,00,28,
4800,46,00,61,00,76,00,6f,00,72,00,69,00,74,00,65,00,73,00,00,00,
4940,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,31,32,36,39,33,00,18,
5000,30,00,35,00,00,00,00,00,2a,35,f1,2e,10,00,fe,94,a5,63,00,00,
511c,00,03,00,04,00,ef,be,2a,35,f1,2e,2a,35,f1,2e,14,00,00,00,fe,
5294,a5,63,00,00,14,00,00,00,60,00,00,00,03,00,00,a0,58,00,00,00,
5300,00,00,00,6c,69,6e,62,61,6f,68,65,00,00,00,00,00,00,00,00,1e,
548c,63,4d,34,72,b3,48,8a,de,83,67,8f,38,be,10,b1,a9,fd,89,90,40,
55db,11,b2,29,00,d0,59,c0,b8,59,1e,8c,63,4d,34,72,b3,48,8a,de,83,
5667,8f,38,be,10,b1,a9,fd,89,90,40,db,11,b2,29,00,d0,59,c0,b8,59,
5700,00,00,00
复制代码
"ITBarLayout"=hex:11,00,00,00,5c,00,00,00,00,00,00,00,34,00,00,00,1f,00,00,00,56,
00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,
00,00,26,00,00,00,02,00,00,00,21,07,00,00,a0,0f,00,00,04,00,00,
00,21,01,00,00,a0,0f,00,00,03,00,00,00,20,03,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00
"{01E04581-4EEE-11D0-BFE9-00AA005B4383}"=hex:81,45,e0,01,ee,4e,d0,11,bf,e9,00,aa,00,5b,43,83,10,00,00,00,00,
00,00,00,01,e0,32,f4,01,00,00,00
"{0E5CBF21-D15F-11D0-8301-00AA005B4383}"=hex:21,bf,5c,0e,5f,d1,d0,11,83,01,00,aa,00,5b,43,83,22,00,1c,00,08,
00,00,00,06,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00,00,00,
00,00,4c,00,00,00,01,14,02,00,00,00,00,00,c0,00,00,00,00,00,00,
46,81,00,00,00,10,00,00,00,a0,8f,ff,ba,9d,d4,c6,01,00,9e,02,bb,
9d,d4,c6,01,a0,8f,ff,ba,9d,d4,c6,01,00,00,00,00,00,00,00,00,01,
00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5d,01,14,00,1f,50,
e0,4f,d0,20,ea,3a,69,10,a2,d8,08,00,2b,30,30,9d,19,00,2f,43,3a,
5c,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,5c,
00,31,00,00,00,00,00,3a,31,09,3c,10,00,44,4f,43,55,4d,45,7e,31,
00,00,44,00,03,00,04,00,ef,be,3a,31,9c,36,2a,35,f7,29,14,00,00,
00,44,00,6f,00,63,00,75,00,6d,00,65,00,6e,00,74,00,73,00,20,00,
61,00,6e,00,64,00,20,00,53,00,65,00,74,00,74,00,69,00,6e,00,67,
00,73,00,00,00,18,00,4c,00,31,00,00,00,00,00,2a,35,cb,2e,16,00,
4e,45,54,57,4f,52,7e,31,00,00,34,00,03,00,04,00,ef,be,3a,31,11,
39,2a,35,cb,2e,14,00,00,00,4e,00,65,00,74,00,77,00,6f,00,72,00,
6b,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,00,00,18,00,56,
00,31,00,00,00,00,00,2a,35,cb,2e,11,00,46,41,56,4f,52,49,7e,31,
00,00,3e,00,03,00,04,00,ef,be,2a,35,cb,2e,2a,35,cb,2e,14,00,28,
00,46,00,61,00,76,00,6f,00,72,00,69,00,74,00,65,00,73,00,00,00,
40,73,68,65,6c,6c,33,32,2e,64,6c,6c,2c,2d,31,32,36,39,33,00,18,
00,30,00,35,00,00,00,00,00,2a,35,f1,2e,10,00,fe,94,a5,63,00,00,
1c,00,03,00,04,00,ef,be,2a,35,f1,2e,2a,35,f1,2e,14,00,00,00,fe,
94,a5,63,00,00,14,00,00,00,60,00,00,00,03,00,00,a0,58,00,00,00,
00,00,00,00,6c,69,6e,62,61,6f,68,65,00,00,00,00,00,00,00,00,1e,
8c,63,4d,34,72,b3,48,8a,de,83,67,8f,38,be,10,b1,a9,fd,89,90,40,
db,11,b2,29,00,d0,59,c0,b8,59,1e,8c,63,4d,34,72,b3,48,8a,de,83,
67,8f,38,be,10,b1,a9,fd,89,90,40,db,11,b2,29,00,d0,59,c0,b8,59,
00,00,00,00

　　5、在HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\CabinetState

　　添加："Settings"=hex:0c，00，02，00，0a，01，ef，75，60，00，00，00

　　6、在HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\ExtStats

　　添加：

　　{0055C089-8582-441B-A0BF-17B458C2A3A8}

　　{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

　　{92780B25-18CC-41C8-B9BE-3C9C571A8263}

　　{AE7CD045-E861-484F-8273-0445EE161910}

　　{DEDEB80D-FA35-45D9-9460-4983E5A8AFE6}

　　{FB5F1910-F110-11D2-BB9E-00C04F795683}

　　7、在HKEY_USERS.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\链接

　　添加："Order"=hex:08，00，00，00，02，00，00，00，0c，00，00，00，01，00，00，00，00，00，00，00

　　三、进行上述观察后，重启系统。

　　重启后，卡巴斯基报警（我的卡巴斯基为启动加载）：发现灰鸽子。但卡巴斯基仅仅将c:windowswinlogon.dll删除；c:windowswinlogon.exe和c:windowswinlogonKey.dll卡巴斯基并不报毒。汗！！卡巴斯基越来越不争气了另外发现其winlogonKey.log文件。文件内容为：

　　#？》。？：4？74;

　　四、查杀流程：

　　1、打开注册表编辑器，展开HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services

　　删除灰鸽子的服务项：winlogon.exe

　　2、重启系统。用IceSword找到并删除鸽子释放的那三个文件。

　　4、清理注册表（删除鸽子添加的注册表项）。

　　五、查杀方法：安全模式下操作

　　删除文件

　　C:Downloads

　　C:WINDOWSsystem32AddrConfig.bin

　　C:WINDOWSsystem32oobedata

　　C:WINDOWSsystem32wbemddes

　　C:WINDOWSsystem32wbemkbd101ab.dll

　　C:WINDOWSsystem32wbemSysOption.bin

　　C:WINDOWSsystem32wbemwinlogon.exe

　　删除注册表

　　HKCRCLSID{881F6F06-4620-4070-AD05-BD77D4C56661}

　　HKCRInterface{468262B9-8400-4A49-B2E5-CE8550EB1347}

　　HKCRTypeLib{F63B08CD-3645-474F-8872-BA4293251FF9}1.0

　　HKCRVCFIWZDY32.VCFIWZDY

　　HKLMSYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfileAuthorizedApplicationsListC:WINDOWSSystem32WBEMwinlogon.exe

　　HKCUSoftwareMicrosoftMediaPlayerPlayerExtensions

　　重启回正常模式即可。

　　以上便是手动清除winlogon.exe电脑病毒的详细操作，由于操作起来步骤比较多，所以用户在操作的时候一定要注意，不要删除错了注册表，以免影响到其它功能无法正常使用。

标签电脑病毒

< 上一篇
搜索引擎搜索有哪些语法？百度搜索引擎搜索技巧解析
下一篇 >
Cookie是什么意思？Cookie有什么作用和弊端？

发表评论

共0条

验证码

没有更多评论了

评论就这些咯，让大家也知道你的独特见解

立即评论

以上留言仅代表用户个人观点，不代表系统之家立场

其他版本软件

人气教程排行

1 系统之家装机大师怎么用？系统之家装机大师使...
2 如何用u盘重装系统？用U盘装win7系统的操作图...
3 如何激活office2010？Office 2010安装及激活...
4 如何用u盘装系统？用系统之家U盘启动制作盘安...
5 系统之家一键还原工具图文教程：支持gpt分区...
6 怎么装win7系统？本地硬盘安装win7系统详细教...
7 office2007怎么安装？分享Microsoft office 2...
8 已安装迅雷下载时却还是提示安装该怎么办?
9 怎么用u盘安装win7系统？u盘安装win7系统的详...
10 怎么自己重装系统Win7 用U盘重装Win7 iso镜像

猜你想搜

1Windows11正式版
2Windows11家庭版
3Windows11精简版
4Windows11游戏版
5绕过检测升级Win11
6老电脑升级Win11
7Windows11专业工作站版
8Windows11企业版
9正版Windows10
10精简版Windows10
11Windows10家庭版
12Windows10企业精简版
13深度技术Win7 64位标准版
14深度技术Win7 32位精简版
15Win7 64位官方原版
16Win7 32位官方原版
17XP系统精简版
18XP系统经典版
19纯净版Win10系统
20纯净版Win11系统

电脑感染上winlogon.exe病毒了怎么办？

相关教程

发表评论

其他版本软件

热门教程

人气教程排行

相关系统推荐

猜你想搜