Home > General > System32/winlogon.exe


Messenger: {4528bbe0-4e08-11d5-ad55-00010333d0ad} - c:\progra~1\yahoo!\common\yhexbmesus.dllEB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dllEB: {32683183-48a0-441b-a342-7c2a440a9478} - No FileuRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /backgrounduRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe"uRun: [Acme.PCHButton] c:\progra~1\hpinst~1\plugin\bin\PCHButton.exeuRun: [PlaxoUpdate] c:\program files\plaxo\\PlaxoHelper_en.exe -auRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: Logged DavidR Avast √úberevangelist Certainly Bot Posts: 76885 No support PMs thanks Re: Is "C:\Windows\system32\winlogon.exe" a real/false virus or infected file? « Reply #1 on: March 05, 2011, 07:58:58 PM » some random guy When I boot the machine i get a message saying it can't find file c:\windows\inetr45\winlogon.exe. Jeff Found it in C:\Program Files, double clicked it out of curiosity and all 3 of my antivirus's popped up. have a peek at these guys

I assume it run stand-alone or in a workgroup as well. Unless it is in another folder other than system32, leave it alone as Windows won't be able to log you into any accounts, even admin accounts in safe mode if this My GoogleDS found one "file copy" at D:\temp\ext54382 winFS can't see it. B409909F6E2E8A7067076ED748ABF1E7 . 577536 . . [5.1.2600.3099] . .

c:\windows\ie7updates\KB2416400-IE7\wininet.dll[7] 2010-09-09 . 032F0278A8E39AA3F72FD795F5A83A23 . 841216 . . [7.00.6000.21293] . . Trying to find and kill the troublesome file is very difficult. If it's not in system32, it's a virus.

  • Had to use killbox to kill and remove the processes.
  • BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . .
  • c:\windows\ServicePackFiles\i386\es.dll[-] 2005-07-26 04:39 . 34BBD9ACC1538818F2C878898C64E793 . 243200 . . [2001.12.4414.308] . .
  • scanning hidden files ...
  • c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.2180_x-ww_b2505ed9\msvcrt.dll[7] 2004-08-04 .
  • Notice the difference between winlogon and winiogon the i capitalized (which it is) looks like l and can fool many users into thinking that it is the winlogon.exe file.
  • Logged Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/avast!

Register a free account to unlock additional features at BleepingComputer.com Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Therefore the technical security rating is 23% dangerous, however you should also read the user reviews. See also: Link Tim If winlogon.exe is using 0% cpu and ~ 2,008k memory, then it is most likely not infected. All I know is that right after I installed SP2, and followed the reboot prompt, I lost this exe file, and received an error saying that I had an entry point

See also: Link ozan It is an essential process for the Windows subsystem. Many viruses and spyware applications use this name. A modified winlogon.exe file will not lock you out and won't even remind you that you need to activate Windows. cant tell if says winlogon.exe or winIogon.exe, but processed wont terminate it..

Pearson This thing may or may not be the real deal, since on my machine, it shows up as file location \??\C:\WINDOWS\system32\winlogon.exe. CA5CB4F174592090FBECFEAD9B51BB90 . 841216 . . [7.00.6000.21148] . . but I was finally able to run ComboFix! Logged Mac 10.9.4 /Safari and Firefox (NoScript/AdBlockPlus/BetterPrivacy/Ghostey)/Vista Home Prem (same add-on's)/Avast Free/Online Armor Premium Firewall/MBAM Premium)/ Mobile MBAM.

If u block this u will crash windows Xp pro service pack 2 Robert Gelki it uses almost all my CPU power, but not allways, still don't konow why. (my processor anchor Gerard This file (winlogon.exe) is as many before me have said: just a part of the OS that is made for handling loging on and off the computer. Mike WinLogon.exe is the Windows NT login manager. Its very persistant it isnt picked up with adaware or antivirus software.

Very hard to kill because windows thinks you are trying to kill the "real" one. http://fmcproducts.net/general/system32-dll.php F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . The Windows Recovery Console may be needed to restore it. Click here to Register a free account now!

it is not dangerous! Dave Very hard to delete, there is a bad variant out there that is not the Windows app. The file is not a Windows system file. check my blog D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . .

Executable files may, in some cases, harm your computer. Can be ghosted as $user or $local ! ) Any other variant like Winiogon ( WinIogon ), WINLOG0N or similiar $system or not is a virus/trojan. Snrub This file is a natural process.

My virus detectors never detect any of these threats.

ran spybot, it found it but couldn't fix it. Some Rookit infection may damage your boot sector. c:\windows\$xpsp1hfm$\KB839645\asms\60\msft\windows\Common\Controls\comctl32.dll[7] 2001-08-18 . No, it is not.

Ctrl + Alt + Del) and loading the user profile on logon, among other things. c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\wininet.dll[7] 2010-06-24 . 473A87B1DD8941FFE9315CFE6A13B354 . 832512 . . [7.00.6000.17080] . . Join our community for more solutions or to ask questions. http://fmcproducts.net/general/system32-exe.php The program is not visible.

Jens i have 2 winlogons runnng, my computer will constantly try to launch IE over and over which hogs all the resorces, the file shows up in documents and settings/ local it works!! its a brand new laptop benny The winlogon process is important for the stable and secure running of your computer and should not be terminated. AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . .

like stated before you can get infections that use the same name or slight variations of the name. its high priority and it won't let me touch it. c:\windows\system32\drivers\atapi.sys[7] 2004-08-04 .