Trojan.Win32.LogonInvader.a
Trojan.Win32.LogonInvader.a is a Trojan created for the Windows platform that poses a security risk. Trojan.Win32.LogonInvader.a can sneak into computers by means of spam e-mail messages or any form of virus infections that spreads by exploiting software vulnerabilities. Once infected, Trojan.Win32.LogonInvader.a will alter registry to make sure that the Trojan is loaded each time Windows is started. Other functionalities of Trojan.Win32.LogonInvader.a is to download additional malware and steal confidential information from victims computer.
| Type | Trojan |
| Sub-Type | Downloader |
| Aliases | Suspicious.MH690, Generic Dropper.rf, Troj/Gernid-Gen, PWS:Win32/Ldpinch.BE |
| OS Affected | Windows |
| Detected By | Kaspersky |
What are the Symptoms of Trojan.Win32.LogonInvader.a Infection?
It will modify Windows Registry and add the following entries:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{F689FD98-DD67-4D13-9259-6644329F9041}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run]
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Policies\System]
The threat will drop the following malicious file/files:
- %System%\winfiles.exe
- %Windir%\winfiles.exe
- %Windir%\GessM.exe
- %ProgramFiles%\server.exe
How to Remove Trojan.Win32.LogonInvader.a Manually
1. Restart your computer in SafeMode
- After Power-On the computer, just before Windows start, press F8
- From the selections, Select SafeMode
2. Remove Registry entries that the threat added. You MUST BACKUP YOUR REGISTRY FIRST.
- Click Start > Run
- Type in the field, regedit
- Navigate and look for the registry entries mentioned above and delete if necessary
3. Delete malicious files that the threat added:
- Base on the given location above, browse and delete the file
- If no location is given, click Start>Search> and search for the files.
- If cannot be deleted, press Ctrl+Alt+Del to access Task Manager, see if the file is running in the process. If it is, select the file and click End Process. Perform file delete again.
4. Scan computer with Antivirus Program
- Update antivirus program
- Scan computer and delete all detected threats.
How to Easily Remove Trojan.Win32.LogonInvader.a
1. Download and run Removal Tool to remove Trojan.Win32.LogonInvader.a