Winlogon.exe???
Results 1 to 5 of 5

Thread: Winlogon.exe???

  1. May 23rd, 2006, 08:47 AM #1
    Zonie
    Zonie is offline
    Registered User Zonie's Avatar
    Join Date
    Apr 2001
    Location
    Phoenix, Arizona
    Posts
    1,461

    Question Winlogon.exe???

    I have a client with Win XP Pro on a p2p network. They went to lunch and when they came back, they could no longer get on the internet, "page cannot be displayed." I found by pinging I still got replies from google.com. Checking in Task Manager process, I found (2) winlogon.exe running. I logged the person off and then back on. This got rid of the extra winlogon.exe and was able to get web pages to display, however this lasted on 3-5 minutes, then back to (2) winlogon.exe.

    Started the system up in safe mode w/networking and did not have a problem. Ran spyware removers and housecall, the system came back clean. I am at a loss. Any suggestions????
    It's not the computers that keep having problems, it's the users!!
    Reply With Quote Reply With Quote
  2. May 23rd, 2006, 12:43 PM #2
    arch0nmyc0n
    arch0nmyc0n is offline
    Registered User arch0nmyc0n's Avatar
    Join Date
    Oct 2002
    Location
    It's all relative.
    Posts
    1,820
    Are they both SYSTEM services? or is one of them a user service?
    Reply With Quote Reply With Quote
  3. May 23rd, 2006, 05:24 PM #3
    slgrieb
    slgrieb is offline
    Registered User slgrieb's Avatar
    Join Date
    Feb 2003
    Posts
    4,103
    Unclean! Unclean! Here's a list of some of the malware that inserts a bogus winlogon.exe process into a system: http://www.hardavenue.com/startup/winlogon.exe.php

    You don't mention what you used for the scans, but right now my top 5 products are Ewido, Ad Aware, Spybot, Windows Defender, & Spycatcher. The current demo version of Spysweeper doesn't actually do anything. It reports infections but won't remove anything until you buy it. How bogus! I also haven't found it to outperform the current version of Ewido, so if I were buying one...

    When scanning for malware, you should first disable system restore, run disk cleanup to remove browser cache files, temp files, etc. then shut the computer down for 30 seconds minimum, boot into Safe Mode and run your scans.
    Reply With Quote Reply With Quote
  4. May 23rd, 2006, 06:40 PM #4
    arch0nmyc0n
    arch0nmyc0n is offline
    Registered User arch0nmyc0n's Avatar
    Join Date
    Oct 2002
    Location
    It's all relative.
    Posts
    1,820
    I've found this tool can help locate many of those sorts of problems:

    http://www.sysinternals.com/utilities/autoruns.html
    Reply With Quote Reply With Quote
  5. May 24th, 2006, 09:20 AM #5
    Zonie
    Zonie is offline
    Registered User Zonie's Avatar
    Join Date
    Apr 2001
    Location
    Phoenix, Arizona
    Posts
    1,461
    Thanks for the suggestions everyone. Turned out even though the system is not on a domain, it does log into the server to access other programs shared by all. It seems the server became trapped and needed rebooted. Once this was done the problem went away. The Winlogon.exe was both "system" processes. All I can guess is the workstation somehow was being caused to login twice.
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Similar Threads

  1. Stupid porn virus, please help!
    By cloefish in forum Spyware & Antivirus - Security
    Replies: 11
    Last Post: July 6th, 2004, 05:13 AM
  2. win2k error during sp3 setup
    By trippinfool in forum Tech Lounge & Tales
    Replies: 2
    Last Post: November 22nd, 2002, 06:15 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules