Troj/WLHack-A

Category	Viruses and Spyware
Type	Trojan
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Protection available since	29 March 2007 19:21:56 (GMT)
Last updated	4 May 2007 16:50:25 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing Trojans.

After winlogon.exe has been disinfected a system reboot is recommended to complete the cleanup process

More Information

Summary
Action
More Information

Troj/WLHack-A is a Trojan for the Windows platform.

Troj/WLHack-A is a hacked version of <System>\winlogon.exe, which is a legitimate Windows system file.

When executed on startup as a replacement to the original winlogon.exe, Troj/WLHack-A will attempt to load malicious code from either one of the following files:
- ws2_32.dll:fork2
- wsys.dll

The file ws2_32.dll:fork2 is an Alternate Data Stream of the legitimate Windows system file ws2_32.dll.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Troj/WLHack-A

Summary

Action

More Information