inoculan and winlogon
Posted on 2002-07-29
i just found the backdoor Subseven 2.2 server virus.
I'm doing a full scan of the HD. During the first part of the scanning everything runs smoothly.
I'm also runing task manager to see if no weird programs are running, but only inocuLAN.exe used cpu time.
Once the scanning reached WINNT\system32 i noticed that
winlogon.exe started to run, and using over 90% of the time.
What is the reason of winlogon to start running?
upto now i foudn 3 infected files in WINNT\SYSTEM32
the filenames are LJFF.exe, MBQT.exe and EYMGDKWE.exe.
Inoculan was not able to cure these files, so i moved them to another location. Are these programs part of windows 200? or are they created by the Virus?