I have a little problem with a person's computer .NOD32 detect this trojan in file in his computer
c:\windows\system32\winlogon.exe
Scan performed at: 3/10/2007 16:04:41
Scanning Log
NOD32 version 2106 (20070310) NT
Command line: c:\windows\system32\winlogon.exe
Operating memory - Win32/Wigon.I trojan
Date: 10.3.2007 Time: 16:05:19
Scanned disks, folders and files: c:\windows\system32\winlogon.exe
c:\windows\system32\winlogon.exe - Win32/Wigon.I trojan - deleted (after the next restart) [2]
Number of scanned files: 1
Number of threats found: 1
Number of files cleaned: 1
Time of completion: 16:05:24 Total scanning time: 5 sec (00:00:05)
Notes:
[2] File is being used (open or running). System restart is required for the cleaning to complete.
Generally I have no problem to tell him delete the file with some tools but I'm a little bit concerned because this file coincides with the path of the original legitimate Windows file winlogon.exe. I am concerned because of this and because I have heard of malware which overwrites the original file and if this is deleted the computer will crash.I have heard that such infection should be cured with the Windows CD , running sfc.exe which will replace the infected one with the original one and the trojan will be gone .
Since I have no information about how this trojan works I would like some advice from knowledgable people here and how do I deal with this.
Thanks very much !