Deep_Level_Shark Posted November 17, 2010 Share Posted November 17, 2010 what is winlogin.exe ? I see this in task manager's process . is it a virus ? Link to comment Share on other sites More sharing options...
LittleNeutrino Veteran Posted November 17, 2010 Veteran Share Posted November 17, 2010 winlogon.exe is a process belonging to the Windows login manager. It handles the login and logout procedures on your system. This program is important for the stable and secure running of your computer and should not be terminated. Link to comment Share on other sites More sharing options...
Deep_Level_Shark Posted November 17, 2010 Author Share Posted November 17, 2010 winlogon.exe is a process belonging to the Windows login manager. It handles the login and logout procedures on your system. This program is important for the stable and secure running of your computer and should not be terminated. aah ..ok ...fine. Thanks for the information. Link to comment Share on other sites More sharing options...
Chasethebase Reporter Posted November 17, 2010 Reporter Share Posted November 17, 2010 Basically, if it's called winlogon.exe, it's fine. But if it's winlogin.exe you might have a problem. I imagine from your response that it's logon so you're fine. Link to comment Share on other sites More sharing options...
Hell-In-A-Handbasket Posted November 17, 2010 Share Posted November 17, 2010 If its starting from e normal location, ( think its /windows/system32 ) Then its not a virus and is normal If its starting from /users/*****/appdata/local/temp/ ( or some other weird, not normal directory ) then its a virus, can usally find out from MSConfig, or hijackthis, but i would t recomend it as you will do some damage ( cause you had to asks what winlogin was in the firstplace ) If younworried about an infection, take it to somebody that stuff like that is their job ( not best buy, their job is to sell you stuff, not fix stuff) Link to comment Share on other sites More sharing options...
hdood Posted November 17, 2010 Share Posted November 17, 2010 You know the Windows directory separator is \, not /? Link to comment Share on other sites More sharing options...
carmatic Posted November 17, 2010 Share Posted November 17, 2010 can usally find out from MSConfig, or hijackthis, but i would t recomend it as you will do some damage ( cause you had to asks what winlogin was in the firstplace ) right click on the process in Task Manager, select 'Open File Location' ? Link to comment Share on other sites More sharing options...
Deep_Level_Shark Posted November 17, 2010 Author Share Posted November 17, 2010 Basically, if it's called winlogon.exe, it's fine. But if it's winlogin.exe you might have a problem. I imagine from your response that it's logon so you're fine. its winlogon.exe .. I did a open file location in task manager...it did not open though Link to comment Share on other sites More sharing options...
carmatic Posted November 17, 2010 Share Posted November 17, 2010 its winlogon.exe .. I did a open file location in task manager...it did not open though click 'show processes from all users' , then the open file location in task manager will work in any case, it means its normal Link to comment Share on other sites More sharing options...
+dave164 Subscriber¹ Posted November 17, 2010 Subscriber¹ Share Posted November 17, 2010 I have that process running on Windows 7 x64 Ultimate. Located at C:\Windows\System32\winlogon.exe Link to comment Share on other sites More sharing options...
Glassed Silver Posted November 17, 2010 Share Posted November 17, 2010 You know the Windows directory separator is \, not /? Not always. Depending on where you are in the system one of them can be used. On another note: I wouldn't generalize too much here, if the virus moved itself from a user directory to a system directory, don't give it a rushed okay. Having your process checked against malware is never a bad idea, also, why not use more than one checker? There are on-demand checkers available even from paid AV producers or go for online virus checkers, in case you want to run more than just one always-on AV. Glassed Silver:mac Link to comment Share on other sites More sharing options...
hdood Posted November 17, 2010 Share Posted November 17, 2010 Depending on where you are in the system one of them can be used. Windows has compatibility features in place that converts slashes to backslashes, but it is backslashes that are native, and it just looks strange to use the incorrect separator. Link to comment Share on other sites More sharing options...
Energy Posted November 19, 2010 Share Posted November 19, 2010 Winlogin.exe is commonly used for botnet server.exe's. It's the simplest trick, in order to hide it in plain visual site, you should do a HiJackThis log and find an expert to analyze it. Feel free to PM me, I can analyze your log if you wish. There is a normal, regular, non-harmful process called Winlogin.exe don't get me wrong, Link to comment Share on other sites More sharing options...
Recommended Posts