G
Guest
Guest
Archived from groups: microsoft.public.windowsxp.general (More info?)
I've been seeing winlogon.exe running and was not sure what it was. I found
an answer on www.liutilities.com that has me puzzled. The site describes a
possible relationship between winlogn and WinLogon as follows:
Process File: winlogon or winlogon.exe
Process Name: Microsoft Windows Logon Process
Description:
WinLogon.exe is the Windows NT login manager. It handles the login and
logout procedures on your system. This process is an essential part of your
OS and should be left alone. Note: winlogon.exe is a process which is
registered as the W32.Netsky.D@mm worm. This virus is distributed via the
Internet through e-mail and comes in the form of an e-mail message, in the
hopes that you open it’s hostile attachment. The worm has it’s own SMTP
engine which means it gathers E-mails from your local computer and
re-distributes itself. In worst cases this worm can allow attackers to access
your computer, stealing passwords and personal data. It is a registered
security risk and should be removed immediately. Please see additional
details regarding this process"
If I read the above correctly, it saying that a process called winlogon.exe
without the caps found in WinLogon.exe is the virus.
I'd like some clarification and/or verification of the above, if possible.
Pyramid36
I've been seeing winlogon.exe running and was not sure what it was. I found
an answer on www.liutilities.com that has me puzzled. The site describes a
possible relationship between winlogn and WinLogon as follows:
Process File: winlogon or winlogon.exe
Process Name: Microsoft Windows Logon Process
Description:
WinLogon.exe is the Windows NT login manager. It handles the login and
logout procedures on your system. This process is an essential part of your
OS and should be left alone. Note: winlogon.exe is a process which is
registered as the W32.Netsky.D@mm worm. This virus is distributed via the
Internet through e-mail and comes in the form of an e-mail message, in the
hopes that you open it’s hostile attachment. The worm has it’s own SMTP
engine which means it gathers E-mails from your local computer and
re-distributes itself. In worst cases this worm can allow attackers to access
your computer, stealing passwords and personal data. It is a registered
security risk and should be removed immediately. Please see additional
details regarding this process"
If I read the above correctly, it saying that a process called winlogon.exe
without the caps found in WinLogon.exe is the virus.
I'd like some clarification and/or verification of the above, if possible.
Pyramid36