Solved

Winlogon exe is it a virus or not?

I'm concerned that one of the processes I found running, winlogon.exe, could possibly be a trojan. I've read that it is definately a trojan, could be a trojan, also that it is extremely important and should be left alone. I'm confused, and semi-technologically retarded. I desperately need clarification.
Reply to Sarah_Phampon
8 answers Last reply Best Answer
More about winlogon virus
  1. Best answer
    http://search.yahoo.com/search?p=winlogon.exe&ei=UTF-8&fr=moz35

    winlogon.exe is a process belonging to the Windows login manager. It handles the login and logout procedures on your system. This program is important for the stable and secure running of your computer and should not be terminated.
    Reply to JackNaylorPE
  2. Hi Sarah, welcome to Tom's.

    Every running process on Windows can be targeted by malware, that doesn't make the process itself a virus or any other form of malware.

    As the name suggests, it helps with the login/logout processes on your PC. You don't need to tinker with it.

    If you're worried that it's actually affected my rogueware, you can run this file from Microsoft (Sysinternals.com) to check out if there are any rogue handles/dll running under the legitimate winlogon.exe.

    What is it that makes you suspicious in the first place?

    If you have a real time Antivirus program running on your system with a software firewall program, maybe you're alright.
    Reply to calguyhunk
  3. As the others have noted, every Windows system has a continuously-running process called "Winlogon". The mere fact that you see this process running is not a cause for concern.

    If you suspect a virus, then you need to run a scan on your system. The last thing you want to do is to try to delete "Winlogon" as that will cause you a lot of grief.
    Reply to sminlal
  4. Sarah_Phampon said:
    I'm concerned that one of the processes I found running, winlogon.exe, could possibly be a trojan. I've read that it is definately a trojan, could be a trojan, also that it is extremely important and should be left alone. I'm confused, and semi-technologically retarded. I desperately need clarification.

    Hello Sarah,

    As everyone is saying, that it is a safe process -- yes it is. Windows needs it to run.

    If u would like to check the file for viruses, worms, trojans, and all kinds of malware,

    u can use the http://www.virustotal.com/ and upload the info in question.
    Reply to nikorr
  5. Just for the record, winlogon.exe is not necessarily a safe application. The legitimate winlogon.exe is fine, and comes with Windows, but there are a LOT of malware that name themselves winlogon.exe or other windows-related names, because then it's harder for people to prove or notice that it's a threat. If the winlogon.exe is not located in a Windows directory (I.E. if it's on a flash stick or external hard drive, chances are that it's a malicious application.)

    Source - Owner of a PC Repair shop.
    Reply to acer0169
  6. Only recently has this file been grabbing too much CPU attention so I checked on what the correct size of this file should be. There were two instances of Winlogon.exe on my hard drive:
    The one running was in C:\Windows\System32 (1)
    The other: in C:\Windows\System32\dllcache (2)

    Upon checking in properties for each file the versions were:
    (1) 5.1.2600.2180
    (2) 5.1.2600.5512

    I renamed (1) to Winlogon1.exe
    and copied (2) to C:\Windows\System32
    and rebooted. The difference was amazing - no continuous disc accessing, CPU % has dropped off and if you check Task Manager it now rarely makes an appearance near the top of the CPU column.

    Hope this helps anyone.

    Windows XP (Media Centre Edition)
    Version 2002
    Service Pack 3
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    calguyhunk said:
    Hi Sarah, welcome to Tom's.

    Every running process on Windows can be targeted by malware, that doesn't make the process itself a virus or any other form of malware.

    As the name suggests, it helps with the login/logout processes on your PC. You don't need to tinker with it.

    If you're worried that it's actually affected my rogueware, you can run this file from Microsoft (Sysinternals.com) to check out if there are any rogue handles/dll running under the legitimate winlogon.exe.

    What is it that makes you suspicious in the first place?

    If you have a real time Antivirus program running on your system with a software firewall program, maybe you're alright.
    Reply to HDKey
  7. calguyhunk said:
    Hi Sarah, welcome to Tom's.

    Every running process on Windows can be targeted by malware, that doesn't make the process itself a virus or any other form of malware.

    As the name suggests, it helps with the login/logout processes on your PC. You don't need to tinker with it.

    If you're worried that it's actually affected my rogueware, you can run this file from Microsoft (Sysinternals.com) to check out if there are any rogue handles/dll running under the legitimate winlogon.exe.

    What is it that makes you suspicious in the first place?

    If you have a real time Antivirus program running on your system with a software firewall program, maybe you're alright.


    I've had some rogue stuff pop up like svchost.exe *32 While I do believe my antivirus is working as it informed me that it stopped tasks and doing a websearch confirmed that that app was directly associated with the svchost.exe *32. I first stopped this process and then removed the file. Now, that file that is from Microsoft that you linked on here, does that search also for activation loaders such as 7loader?
    Reply to Levi Peterson
  8. It’s normal for the winlogon.exe process to always be running on your system. The real winlogon.exe file is located in the C:\Windows\System32 directory on your system. To verify the real Windows Logon Application is running, right-click it in Task Manager and select “Open file location”. The file manager should open to the C:\Windows\System32 directory containing the winlogon.exe file. If someone told you that the winlogon.exe file located in C:\Windows\System32 is malicious, that’s a hoax. This is a legitimate file and removing it will damage your Windows installation...more about winlogon.exe you can read this article

    http://semutsujud.blogspot.co.id/2017/09/apa-aplikasi-winlogonexe-itu-kenapa.html
    Reply to semutsujud
Ask a new question Answer

Read More

Security Trojan Virus Windows 7