How to Fix a Winlogon.exe Virus

End Processes
1. Press "Ctrl" + "Shift" + "Escape" or "Ctrl" + "Alt" + "Delete" to open the Task Manager.
2. Click the "Processes" tab and then click "Show Processes From All Users."
3. Click "loveletter.doc.exe" and then click "End Process."
4. Click "winlogon.exe" and then click "End Process."
5. Close the Task Manager.
Delete Registry Values
6. Click "Start" and type "regedit" into the "Search" box and press "Enter." The Registry Editor opens.
7. Delete each of the following registry values from the left pane of the Registry Editor. Note that deleting the wrong registry value can cause significant system wide errors and thus you should exercise caution during this step or have it done by a computer technician.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DLL32=dllhost.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\@=C:\winlogon.exe
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools=1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\Shell\Open\Command\@="%System%\loader32.com" %1
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\dllfile\Shell\Open\Command\@="1" %*
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions=1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\HideFileExt\CheckedValue=1
8. Close the Registry Editor.
Delete Files
9. Click "Start," then click on the "Search" box.
10. Search for each of the following files using the "Search" box. Delete each file that you find by right-clicking on the file and selecting "Delete."loveletter.doc.exe
winlogon.exe
loader32.com
dllhost.dll
outlook.vbs
sender.vbs
11. Restart your computer.