How to Remove winlogon.exe Virus? - WJunction

NiKE.. · 28th Jan 2012, 08:36 PM

yeah, i have been affected by a keylogger i think,, winlogon.exe is silently working in task manager.. pleasehelp me how to remove this virus

Techking · 28th Jan 2012, 08:50 PM

I think ,you tried to replace the original winlogon.exe file in windows xp for making pirated windows genuine ?
otherwiset the process "winlogon.exe" runs in the background. Winlogon is a part of the Windows Login subsystem, and is necessary for user authorization and Windows activation checks.

To remove Trojan Winlogon.exe ,just download this small utility and run it..
http://liveupdate.symantec.com/upgrade/NPE/1033/NPE.exe

Effective tool for such type of small trojans/snippers

gfxguru · 28th Jan 2012, 08:51 PM

The key to cleaning, is booting into Safe Mode With Networking, then running two (2) different cleaners. Here is how you can do it:

(1) First, restart your computer in Safe Mode With Networking (reboot).
Re-boot and hold down your [F8] key while re-booting
(2) Boot into "Safe Mode with Networking"
(3) Download Malwarebytes from www.malwarebytes.org
(4) Install Malwarebytes
(5) **Still in Safe Mode** Run Malwarebytes until it's finished
(6) On the "Quarantine" tab, delete everything!
(7) Restart your computer into SafeMode With Networking.

THEN:

Download and install the free SuperAntiSpyware.
www.superantispyware.com/download.html

Then, run SuperAntiSpyware. It's free, so you don't have to pay.

Then, tell it to detect everything and clean everything. Then, restart computer.

This should fix it.

EDIT: IF YOU CAN ONLY BOOT IN SAFE MODE, then could mean that your REGISTRY is messed up --- but I'm not sure of that. So, what I would do is download the latest MICROSOFT SECURITY ESSENTIALS.

links:
http://www.malwarebytes.org/
http://www.superantispyware.com/download.html
http://www.microsoft.com/security/po.../HowToMSE.aspx

Source: Google search

Techking · 28th Jan 2012, 08:53 PM

I think malwarebytes is not much effective as per previous experiences.rest OK!

gfxguru · 28th Jan 2012, 08:56 PM

from my personal experience malwarebytes is really good..i always use that, when KIS2012 cant find any.

Techking · 28th Jan 2012, 09:00 PM

Quote:

Originally Posted by gfxguru

from my personal experience malwarebytes is really good..i always use that, when KIS2012 cant find any.

Might be better than KIS2012 in removing malwares ,but remember MALWAREBYTES is not much effective in removing any security risk related to trojans .Even ,some time ,these type of softwares do just a showoff means showing fake infos about risks !

I have research report of various security softwares in which our team researched on it ..

NiKE.. · 28th Jan 2012, 09:05 PM

@Techking & @gfxguru ,, thanks for the help & please also help me in removeing 1 more suspisious task csrss.exe

Techking · 28th Jan 2012, 09:06 PM

Quote:

Originally Posted by NiKE..

@Techking & @gfxguru ,, thanks for the help & please also help me in removeing 1 more suspisious task csrss.exe

can you trace the path of that risk ?

Techking · 28th Jan 2012, 09:08 PM

just run above tools as recommend by me as well as gfxguru..

aussiegeorge · 28th Jan 2012, 09:11 PM

1

Click the "Start" button and then choose "Run," or press the "Windows" button and hold down "R" to launch the Run window.
2

Type in "cmd" and press "OK."
3

Type in "taskkill/IM winlogon.exe" and press "Enter."
4

Restart the computer system, and then press "F8" until the boot options menu appears. Choose "Boot in Safe Mode" and press "Enter."
5

Click "Start," "(My) Computer" and double-click the "C:" drive icon. Choose "Program Files" and then select "winlogon.exe." Push "Delete" and the file will be removed from the computer. Restart the computer system and allow it to boot normally.

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Virus !!! need help	MSL6600	General Discussion	16	3rd May 2011 07:27 PM
VIRUS - Any idea about this virus ?	pankaj	General Discussion	6	9th Mar 2011 08:11 AM
Virus Help	Danny1986	Technical Help Desk Support	5	18th Feb 2010 09:14 PM
hw to remove virus frm the server??	anuragblr	Server Management Help	6	4th Sep 2009 03:54 AM
Virus help	lenney	General Discussion	5	26th Jun 2009 07:21 PM

28th Jan 2012, 08:36 PM	#1
NiKE.. Banned Website(s): NitroXD.com My Statistics Join Date: Feb 2011 Posts: 405 Liked: 20 Times Rep Power: 0	yeah, i have been affected by a keylogger i think,, winlogon.exe is silently working in task manager.. pleasehelp me how to remove this virus
	Quote

28th Jan 2012, 08:50 PM	#2
Techking Website(s): mnchost.com My Statistics Join Date: Jan 2012 Posts: 145 Liked: 16 Times Rep Power: 2	I think ,you tried to replace the original winlogon.exe file in windows xp for making pirated windows genuine ? otherwiset the process "winlogon.exe" runs in the background. Winlogon is a part of the Windows Login subsystem, and is necessary for user authorization and Windows activation checks. To remove Trojan Winlogon.exe ,just download this small utility and run it.. http://liveupdate.symantec.com/upgrade/NPE/1033/NPE.exe Effective tool for such type of small trojans/snippers
	Quote

28th Jan 2012, 08:51 PM	#3
gfxguru Website(s): GFXWebHosting.com WarezJobs.com My Statistics Join Date: Jul 2009 Posts: 972 Liked: 94 Times Rep Power: 5	The key to cleaning, is booting into Safe Mode With Networking, then running two (2) different cleaners. Here is how you can do it: (1) First, restart your computer in Safe Mode With Networking (reboot). Re-boot and hold down your [F8] key while re-booting (2) Boot into "Safe Mode with Networking" (3) Download Malwarebytes from www.malwarebytes.org (4) Install Malwarebytes (5) Still in Safe Mode Run Malwarebytes until it's finished (6) On the "Quarantine" tab, delete everything! (7) Restart your computer into SafeMode With Networking. THEN: Download and install the free SuperAntiSpyware. www.superantispyware.com/download.html Then, run SuperAntiSpyware. It's free, so you don't have to pay. Then, tell it to detect everything and clean everything. Then, restart computer. This should fix it. EDIT: IF YOU CAN ONLY BOOT IN SAFE MODE, then could mean that your REGISTRY is messed up --- but I'm not sure of that. So, what I would do is download the latest MICROSOFT SECURITY ESSENTIALS. links: http://www.malwarebytes.org/ http://www.superantispyware.com/download.html http://www.microsoft.com/security/po.../HowToMSE.aspx Source: Google search
	Quote

28th Jan 2012, 08:53 PM	#4
Techking Website(s): mnchost.com My Statistics Join Date: Jan 2012 Posts: 145 Liked: 16 Times Rep Power: 2	I think malwarebytes is not much effective as per previous experiences.rest OK!
	Quote

28th Jan 2012, 08:56 PM	#5
gfxguru Website(s): GFXWebHosting.com WarezJobs.com My Statistics Join Date: Jul 2009 Posts: 972 Liked: 94 Times Rep Power: 5	from my personal experience malwarebytes is really good..i always use that, when KIS2012 cant find any.
	Quote

28th Jan 2012, 09:05 PM	#7
NiKE.. Banned Website(s): NitroXD.com My Statistics Join Date: Feb 2011 Posts: 405 Liked: 20 Times Rep Power: 0	@Techking & @gfxguru ,, thanks for the help & please also help me in removeing 1 more suspisious task csrss.exe
	Quote

28th Jan 2012, 09:08 PM	#9
Techking Website(s): mnchost.com My Statistics Join Date: Jan 2012 Posts: 145 Liked: 16 Times Rep Power: 2	just run above tools as recommend by me as well as gfxguru..
	Quote

28th Jan 2012, 09:11 PM	#10
aussiegeorge My Statistics Join Date: Jan 2011 Posts: 65 Liked: 10 Times Rep Power: 3	1 Click the "Start" button and then choose "Run," or press the "Windows" button and hold down "R" to launch the Run window. 2 Type in "cmd" and press "OK." 3 Type in "taskkill/IM winlogon.exe" and press "Enter." 4 Restart the computer system, and then press "F8" until the boot options menu appears. Choose "Boot in Safe Mode" and press "Enter." 5 Click "Start," "(My) Computer" and double-click the "C:" drive icon. Choose "Program Files" and then select "winlogon.exe." Push "Delete" and the file will be removed from the computer. Restart the computer system and allow it to boot normally.
	Quote