Re: Is winlogon.exe a virus and WinLogon.exe a windows utility?

The real winlogon.exe is in
C:\WINDOWS\system32\dllcache
and
C:\WINDOWS\system32

The other winlogon.exe would be in
C:\WINDOWS

W32.Netsky.D@mm
http://securityresponse.symantec.com/avcenter/venc/data/w32.netsky.d@xxxxxxx

Update your antivirus software and run a complete system scan if you're
concerned.

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:4CCD54E6-6ACA-410B-BBC5-618544E8234C@xxxxxxxxxxxxx,
Pyramid 36 <Pyramid36@xxxxxxxxxxxxxxxxxxxxxxxxx> hunted and pecked:
> I've been seeing winlogon.exe running and was not sure what it was. I
> found an answer on www.liutilities.com that has me puzzled. The site
> describes a possible relationship between winlogn and WinLogon as follows:
>
> Process File: winlogon or winlogon.exe
> Process Name: Microsoft Windows Logon Process
>
> Description:
> WinLogon.exe is the Windows NT login manager. It handles the login and
> logout procedures on your system. This process is an essential part of
> your OS and should be left alone. Note: winlogon.exe is a process which is
> registered as the W32.Netsky.D@mm worm. This virus is distributed via the
> Internet through e-mail and comes in the form of an e-mail message, in the
> hopes that you open it’s hostile attachment. The worm has it’s own
> SMTP engine which means it gathers E-mails from your local computer and
> re-distributes itself. In worst cases this worm can allow attackers to
> access your computer, stealing passwords and personal data. It is a
> registered security risk and should be removed immediately. Please see
> additional details regarding this process"
>
> If I read the above correctly, it saying that a process called
> winlogon.exe without the caps found in WinLogon.exe is the virus.
>
> I'd like some clarification and/or verification of the above, if possible.
>
> Pyramid36

.

Relevant Pages

  • Is winlogon.exe a virus and WinLogon.exe a windows utility?
    ... Process File: winlogon or winlogon.exe ... engine which means it gathers E-mails from your local computer and ... In worst cases this worm can allow attackers to access ... without the caps found in WinLogon.exe is the virus. ...
    (microsoft.public.windowsxp.general)
  • Bobax.C
    ... Other files containing the virus have been ... W32.Bobax.C is a worm that exploits both the LSASS ... While this threat may execute on Windows 95/98/Me/Server ... Virus Definitions * ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Pixelsrvr.exe wont load on bootup
    ... Sounds like you got yourself a virus,. ... Adds the following line to the [windows] section of the Win.ini file: ... antivirus products, including the Symantec AntiVirus and Norton AntiVirus ... Disabling System Restore ...
    (microsoft.public.windowsxp.video)
  • Re: RE-INSTALLING XP
    ... > IF I REINSTALL XP ON MY COMPUTER HELP IF I HAVE A VIRUS THAT I CANT ... Don't have an AntiVirus software? ... There are more applications you may need to run to completely clean your ... It will probably save you time and effort in re-installing Windows XP ...
    (microsoft.public.windowsxp.general)
  • Re: HELP ON XP RE-INSTALLATION...
    ... > IF I REINSTALL XP ON MY COMPUTER HELP IF I HAVE A VIRUS THAT I CANT ... Don't have an AntiVirus software? ... There are more applications you may need to run to completely clean your ... It will probably save you time and effort in re-installing Windows XP ...
    (microsoft.public.windowsxp.general)