Sign in with
Sign up | Sign in
Your question

Winlogon exe is it a virus or not?

Last response: in Windows 7
Share
November 20, 2011 2:56:00 PM

I'm concerned that one of the processes I found running, winlogon.exe, could possibly be a trojan. I've read that it is definately a trojan, could be a trojan, also that it is extremely important and should be left alone. I'm confused, and semi-technologically retarded. I desperately need clarification.

More about : winlogon exe virus

November 21, 2011 11:47:54 AM

Hi Sarah, welcome to Tom's.

Every running process on Windows can be targeted by malware, that doesn't make the process itself a virus or any other form of malware.

As the name suggests, it helps with the login/logout processes on your PC. You don't need to tinker with it.

If you're worried that it's actually affected my rogueware, you can run this file from Microsoft (Sysinternals.com) to check out if there are any rogue handles/dll running under the legitimate winlogon.exe.

What is it that makes you suspicious in the first place?

If you have a real time Antivirus program running on your system with a software firewall program, maybe you're alright.
m
0
l
Related resources
a b 8 Security
a c 209 $ Windows 7
November 21, 2011 2:24:20 PM

As the others have noted, every Windows system has a continuously-running process called "Winlogon". The mere fact that you see this process running is not a cause for concern.

If you suspect a virus, then you need to run a scan on your system. The last thing you want to do is to try to delete "Winlogon" as that will cause you a lot of grief.
m
0
l
a b 8 Security
a b $ Windows 7
November 21, 2011 2:33:29 PM

Sarah_Phampon said:
I'm concerned that one of the processes I found running, winlogon.exe, could possibly be a trojan. I've read that it is definately a trojan, could be a trojan, also that it is extremely important and should be left alone. I'm confused, and semi-technologically retarded. I desperately need clarification.

Hello Sarah,

As everyone is saying, that it is a safe process -- yes it is. Windows needs it to run.

If u would like to check the file for viruses, worms, trojans, and all kinds of malware,

u can use the http://www.virustotal.com/ and upload the info in question.
m
0
l
May 11, 2013 9:44:58 AM

Just for the record, winlogon.exe is not necessarily a safe application. The legitimate winlogon.exe is fine, and comes with Windows, but there are a LOT of malware that name themselves winlogon.exe or other windows-related names, because then it's harder for people to prove or notice that it's a threat. If the winlogon.exe is not located in a Windows directory (I.E. if it's on a flash stick or external hard drive, chances are that it's a malicious application.)

Source - Owner of a PC Repair shop.
m
0
l
October 19, 2013 2:35:23 AM

Only recently has this file been grabbing too much CPU attention so I checked on what the correct size of this file should be. There were two instances of Winlogon.exe on my hard drive:
The one running was in C:\Windows\System32 (1)
The other: in C:\Windows\System32\dllcache (2)

Upon checking in properties for each file the versions were:
(1) 5.1.2600.2180
(2) 5.1.2600.5512

I renamed (1) to Winlogon1.exe
and copied (2) to C:\Windows\System32
and rebooted. The difference was amazing - no continuous disc accessing, CPU % has dropped off and if you check Task Manager it now rarely makes an appearance near the top of the CPU column.

Hope this helps anyone.

Windows XP (Media Centre Edition)
Version 2002
Service Pack 3
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

calguyhunk said:
Hi Sarah, welcome to Tom's.

Every running process on Windows can be targeted by malware, that doesn't make the process itself a virus or any other form of malware.

As the name suggests, it helps with the login/logout processes on your PC. You don't need to tinker with it.

If you're worried that it's actually affected my rogueware, you can run this file from Microsoft (Sysinternals.com) to check out if there are any rogue handles/dll running under the legitimate winlogon.exe.

What is it that makes you suspicious in the first place?

If you have a real time Antivirus program running on your system with a software firewall program, maybe you're alright.


m
0
l
December 4, 2013 12:31:00 PM

calguyhunk said:
Hi Sarah, welcome to Tom's.

Every running process on Windows can be targeted by malware, that doesn't make the process itself a virus or any other form of malware.

As the name suggests, it helps with the login/logout processes on your PC. You don't need to tinker with it.

If you're worried that it's actually affected my rogueware, you can run this file from Microsoft (Sysinternals.com) to check out if there are any rogue handles/dll running under the legitimate winlogon.exe.

What is it that makes you suspicious in the first place?

If you have a real time Antivirus program running on your system with a software firewall program, maybe you're alright.


I've had some rogue stuff pop up like svchost.exe *32 While I do believe my antivirus is working as it informed me that it stopped tasks and doing a websearch confirmed that that app was directly associated with the svchost.exe *32. I first stopped this process and then removed the file. Now, that file that is from Microsoft that you linked on here, does that search also for activation loaders such as 7loader?
m
0
l
!