It handles the login and logout procedures on your system. What a dumbass. All comments about winlogon.exe: The Windows Logon Process is responsible for managing user logon and logoff, and checks the Windows XP activation code. Suffix being tempered.
See also: Link Jamie I tried to delete this file once, because i thought it'd contained some virus; but i couldn't perform this action even in safe mode. Kaenneth, I don't think webpages or Word documents can do that kind of stuff anyway. I made a copy with a different name and ran it successfully. If not in system32, delete it! http://www.bleepingcomputer.com/forums/t/150169/i-think-i-blocked-winlogonexe/
Very hard to kill because windows thinks you are trying to kill the "real" one. You must have to REGISTER before you can post: Click the register link above to proceed. LOL, I promise I'll be back. Appreciate your time!
The scan wont take long.When the scan completes, it will open two notepad windows. for additional hints on searching ARIN's WHOIS database.As you can see it is a legitimate IP and therefore not malware.If all you are getting is an alert that this IP is Navigate to the following registry and remove the key aol7.0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services Navigate to the following registry and remove “Torjan pragramme” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run Step3. Register Help Remember Me?
To learn more and to read the lawsuit, click here. Slow as a B***CH on startup. He continues to maintain a passion and focus in analyzing Windows systems, and in particular, the Windows Registry.Harlan is an accomplished author, public speaker, and open source tool author. I have two of the same files, one is in system32 folder, and the other in the I386 folder.
I believe we've got the auto-update engaged so any patches from MicroSoft should have been applied. WinIogon.exe is hard to remove unless you have SuperAntiSpyWare. I'm thinking W7 would have better support and might replace all those corrupted Windows files maybe/maybe not? The interface still looks like Windows 95 and I have no inernet connection.
See also: Link Sandra - Houston, TX The only one needed in system32 is fine until a trojan attaches itself to it. have a peek at these guys the other 2 were "in use" so I couldn't kill them. If it is taking cpu or too much memory it may be a virus. Onecare was unable to clean it.2.
it is a very dangerous virus, so try to localise it and delete it, ps: when u search by windows, u cant find it, and when u do alt+ctrl+del u will Do not change any settings unless otherwise told to do so. For future posts and in order to allow us to help you please adhere to the posting requirement that appears above 'If you're asking for technical help, please be sure to Make suer it's not in the System32 location, remove the tick, "apply", "ok" and then restart your computer.
Direct extermination of WINLOGON.EXE would still trigger error message telling the process cannot be ended since the system is not smart enough to tell if winlogon.exe is affected or not due So what i think is that some .dll(and i dont know which ones because its a long list of dll files beeing used by these two programs at least) is running Lastly, if winlogon.exe or any of the variants are found outside of system32, they are viruses. BleepingComputer is being sued by the creators of SpyHunter.
Back to top #10 Waygook Waygook Topic Starter Members 33 posts OFFLINE Local time:10:55 PM Posted 05 June 2008 - 07:05 PM Thanks for that. The Next time I vistited a torrent search site, both onecare and MB detected a virus allong with a firewall alert. This file can be infected with a virus like some of idiots do.
The many 'winlogon' variants can be anything from mostly harmless to the biggest bastard virus you will find (netsky related). Some commands may not be available.The specified service does not exist as an installed service.Successfully reset the Winsock Catalogue. But if it somewhere else then C:\Windows\System32 it might be a trojan. In fact this may be the first BSD I have ever seen on XP!
Once reported, our moderators will be notified and the post will be reviewed. Right click on it to rename it as cmd.com. It really has a different name that is not displayed. If it has no description it is not from microsoft.
but do use extreme caution as you could lock yourself out,if you delete the wrong one Ben Its a Windows file. Brian Cooley found it for you at CES 2017 in Las Vegas and the North American International Auto Show in Detroit. Hit View tab to select ‘Show Kernel Times’/ ‘Select Process Page Columns’. Member Posts: 20 Re: Is "C:\Windows\system32\winlogon.exe" a real/false virus or infected file? « Reply #8 on: May 12, 2011, 11:37:48 PM » I know a lot of time has passed since
Disruptive posting: Flaming or offending other usersIllegal activities: Promote cracked software, or other illegal contentOffensive: Sexually explicit or offensive languageSpam: Advertisements or commercial links Submit report Cancel report Track this discussion Considering the fact that affected winlogon.exe stays identical to the genuine winlogon.exe, how to differentiate which one is fake that needs to be removed?