Solved

Winlogon exe is it a virus or not?

I'm concerned that one of the processes I found running, winlogon.exe, could possibly be a trojan. I've read that it is definately a trojan, could be a trojan, also that it is extremely important and should be left alone. I'm confused, and semi-technologically retarded. I desperately need clarification.
7 answers Last reply Best Answer
More about winlogon virus
  1. Best answer
    http://search.yahoo.com/search?p=winlogon.exe&ei=UTF-8&fr=moz35

    winlogon.exe is a process belonging to the Windows login manager. It handles the login and logout procedures on your system. This program is important for the stable and secure running of your computer and should not be terminated.
  2. Hi Sarah, welcome to Tom's.

    Every running process on Windows can be targeted by malware, that doesn't make the process itself a virus or any other form of malware.

    As the name suggests, it helps with the login/logout processes on your PC. You don't need to tinker with it.

    If you're worried that it's actually affected my rogueware, you can run this file from Microsoft (Sysinternals.com) to check out if there are any rogue handles/dll running under the legitimate winlogon.exe.

    What is it that makes you suspicious in the first place?

    If you have a real time Antivirus program running on your system with a software firewall program, maybe you're alright.
  3. As the others have noted, every Windows system has a continuously-running process called "Winlogon". The mere fact that you see this process running is not a cause for concern.

    If you suspect a virus, then you need to run a scan on your system. The last thing you want to do is to try to delete "Winlogon" as that will cause you a lot of grief.
  4. Sarah_Phampon said:
    I'm concerned that one of the processes I found running, winlogon.exe, could possibly be a trojan. I've read that it is definately a trojan, could be a trojan, also that it is extremely important and should be left alone. I'm confused, and semi-technologically retarded. I desperately need clarification.

    Hello Sarah,

    As everyone is saying, that it is a safe process -- yes it is. Windows needs it to run.

    If u would like to check the file for viruses, worms, trojans, and all kinds of malware,

    u can use the http://www.virustotal.com/ and upload the info in question.
  5. Just for the record, winlogon.exe is not necessarily a safe application. The legitimate winlogon.exe is fine, and comes with Windows, but there are a LOT of malware that name themselves winlogon.exe or other windows-related names, because then it's harder for people to prove or notice that it's a threat. If the winlogon.exe is not located in a Windows directory (I.E. if it's on a flash stick or external hard drive, chances are that it's a malicious application.)

    Source - Owner of a PC Repair shop.
  6. Only recently has this file been grabbing too much CPU attention so I checked on what the correct size of this file should be. There were two instances of Winlogon.exe on my hard drive:
    The one running was in C:\Windows\System32 (1)
    The other: in C:\Windows\System32\dllcache (2)

    Upon checking in properties for each file the versions were:
    (1) 5.1.2600.2180
    (2) 5.1.2600.5512

    I renamed (1) to Winlogon1.exe
    and copied (2) to C:\Windows\System32
    and rebooted. The difference was amazing - no continuous disc accessing, CPU % has dropped off and if you check Task Manager it now rarely makes an appearance near the top of the CPU column.

    Hope this helps anyone.

    Windows XP (Media Centre Edition)
    Version 2002
    Service Pack 3
    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

    calguyhunk said:
    Hi Sarah, welcome to Tom's.

    Every running process on Windows can be targeted by malware, that doesn't make the process itself a virus or any other form of malware.

    As the name suggests, it helps with the login/logout processes on your PC. You don't need to tinker with it.

    If you're worried that it's actually affected my rogueware, you can run this file from Microsoft (Sysinternals.com) to check out if there are any rogue handles/dll running under the legitimate winlogon.exe.

    What is it that makes you suspicious in the first place?

    If you have a real time Antivirus program running on your system with a software firewall program, maybe you're alright.
  7. calguyhunk said:
    Hi Sarah, welcome to Tom's.

    Every running process on Windows can be targeted by malware, that doesn't make the process itself a virus or any other form of malware.

    As the name suggests, it helps with the login/logout processes on your PC. You don't need to tinker with it.

    If you're worried that it's actually affected my rogueware, you can run this file from Microsoft (Sysinternals.com) to check out if there are any rogue handles/dll running under the legitimate winlogon.exe.

    What is it that makes you suspicious in the first place?

    If you have a real time Antivirus program running on your system with a software firewall program, maybe you're alright.


    I've had some rogue stuff pop up like svchost.exe *32 While I do believe my antivirus is working as it informed me that it stopped tasks and doing a websearch confirmed that that app was directly associated with the svchost.exe *32. I first stopped this process and then removed the file. Now, that file that is from Microsoft that you linked on here, does that search also for activation loaders such as 7loader?
Ask a new question

Read More

Security Trojan Virus Windows 7