Windows 7: Infected With winlogon Trojan

I had a Action Center message this morning that said my comp. was infected with the winlogon Trojan. I've tried many virus removal tools, such as Malware Bytes, Look2Me Destroyer (which wouldn't run), Avira, Spybot, & Super Antivirus Remover. Nothing shows up.



Does anyone know how to get rid of this?

Easy format and re-install

Hi there, try this: http://files.surfright.nl/HitmanPro35.exe

Good grief! A complete reformat and reinstall is the only way to get rid of this thing?
Anyone else have a suggestion?

Not always. A good anti virus / anti malware scanner can remove it if the infection is at an early stage.

you can post on Bleeping Computer - Computer Help and Discussion in their forums. they will tell you to get "hijackthis" which is used for diagnostics and probably someone there can advise on how to get rid of it.

try this trojan remover Simply Super Software - Trojan Remover run pc in safe mode

Hi, waltersfield.

It is possible that what you are seeing is not the Action Center but a rogue. I suggest you scan with Malwarebytes' Anti-Malware. Following are may standard instructions:

Please download Malwarebytes' Anti-Malware to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, be sure Quick scan is selected, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:
  
• Click Remove Selected.

Note: With regard to System Restore, you can clear SR after your computer is cleaned. However, for the time being, it is better to have an infected restore point than none at all!

Let us know how that works.

Thanks, but nothing seems to do the trick at this point. May just need to reinstall after all... Very discouraging.

Thanks for all the helpful replies!

This is what's known as a Backdoor" Trojan ....

Backdoor Trojans

These are the most dangerous, and most widespread, type of Trojan.
Backdoor Trojans provide the author or ‘master’ of the Trojan with remote ‘administration’ of victim machines. Unlike legitimate remote administration utilities, they install, launch and run invisibly, without the consent or knowledge of the user. Once installed, backdoor Trojans can be instructed to send, receive, execute and delete files, harvest confidential data from the computer, log activity on the computer and more.
If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums.
You should consider them to be compromised.
They should be changed by using a different computer and not the infected one, if not an attacker may get the new passwords and transaction information.
Banking and credit card institutions should be notified of the possible security breech.
More info can be found below:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
How to report ID theft, fraud, drive-by installs, hijacking and malware? Security - dslreports.com
When should I re-format? How should I reinstall?
When should I re-format? How should I reinstall? Security - dslreports.com