Winlogon exe is it a virus or not?

[Sarah_Phampon]

I'm concerned that one of the processes I found running, winlogon.exe, could possibly be a trojan. I've read that it is definately a trojan, could be a trojan, also that it is extremely important and should be left alone. I'm confused, and semi-technologically retarded. I desperately need clarification.

 

[JackNaylorPE]

http://search.yahoo.com/search?p=winlogon.exe&ei=UTF-8&fr=moz35

winlogon.exe is a process belonging to the Windows login manager. It handles the login and logout procedures on your system. This program is important for the stable and secure running of your computer and should not be terminated.

 

[calguyhunk]

Hi Sarah, welcome to Tom's.

Every running process on Windows can be targeted by malware, that doesn't make the process itself a virus or any other form of malware.

As the name suggests, it helps with the login/logout processes on your PC. You don't need to tinker with it.

If you're worried that it's actually affected my rogueware, you can run this file from Microsoft (Sysinternals.com) to check out if there are any rogue handles/dll running under the legitimate winlogon.exe.

What is it that makes you suspicious in the first place?

If you have a real time Antivirus program running on your system with a software firewall program, maybe you're alright.

 

[sminlal]

As the others have noted, every Windows system has a continuously-running process called "Winlogon". The mere fact that you see this process running is not a cause for concern.

If you suspect a virus, then you need to run a scan on your system. The last thing you want to do is to try to delete "Winlogon" as that will cause you a lot of grief.

 

[nikorr]

I'm concerned that one of the processes I found running, winlogon.exe, could possibly be a trojan. I've read that it is definately a trojan, could be a trojan, also that it is extremely important and should be left alone. I'm confused, and semi-technologically retarded. I desperately need clarification.

Hello Sarah,

As everyone is saying, that it is a safe process -- yes it is. Windows needs it to run.

If u would like to check the file for viruses, worms, trojans, and all kinds of malware,

u can use the http://www.virustotal.com/ and upload the info in question.

 

[acer0169]

Just for the record, winlogon.exe is not necessarily a safe application. The legitimate winlogon.exe is fine, and comes with Windows, but there are a LOT of malware that name themselves winlogon.exe or other windows-related names, because then it's harder for people to prove or notice that it's a threat. If the winlogon.exe is not located in a Windows directory (I.E. if it's on a flash stick or external hard drive, chances are that it's a malicious application.)

Source - Owner of a PC Repair shop.

 

[HDKey]

Only recently has this file been grabbing too much CPU attention so I checked on what the correct size of this file should be. There were two instances of Winlogon.exe on my hard drive:
The one running was in C:\Windows\System32 (1)
The other: in C:\Windows\System32\dllcache (2)

Upon checking in properties for each file the versions were:
(1) 5.1.2600.2180
(2) 5.1.2600.5512

I renamed (1) to Winlogon1.exe
and copied (2) to C:\Windows\System32
and rebooted. The difference was amazing - no continuous disc accessing, CPU % has dropped off and if you check Task Manager it now rarely makes an appearance near the top of the CPU column.

Hope this helps anyone.

Windows XP (Media Centre Edition)
Version 2002
Service Pack 3
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Hi Sarah, welcome to Tom's.

Every running process on Windows can be targeted by malware, that doesn't make the process itself a virus or any other form of malware.

As the name suggests, it helps with the login/logout processes on your PC. You don't need to tinker with it.

If you're worried that it's actually affected my rogueware, you can run this file from Microsoft (Sysinternals.com) to check out if there are any rogue handles/dll running under the legitimate winlogon.exe.

What is it that makes you suspicious in the first place?

If you have a real time Antivirus program running on your system with a software firewall program, maybe you're alright.

 

[Levi Peterson]

Hi Sarah, welcome to Tom's.

Every running process on Windows can be targeted by malware, that doesn't make the process itself a virus or any other form of malware.

As the name suggests, it helps with the login/logout processes on your PC. You don't need to tinker with it.

If you're worried that it's actually affected my rogueware, you can run this file from Microsoft (Sysinternals.com) to check out if there are any rogue handles/dll running under the legitimate winlogon.exe.

What is it that makes you suspicious in the first place?

If you have a real time Antivirus program running on your system with a software firewall program, maybe you're alright.

I've had some rogue stuff pop up like svchost.exe *32 While I do believe my antivirus is working as it informed me that it stopped tasks and doing a websearch confirmed that that app was directly associated with the svchost.exe *32. I first stopped this process and then removed the file. Now, that file that is from Microsoft that you linked on here, does that search also for activation loaders such as 7loader?

 

[semutsujud]

It’s normal for the winlogon.exe process to always be running on your system. The real winlogon.exe file is located in the C:\Windows\System32 directory on your system. To verify the real Windows Logon Application is running, right-click it in Task Manager and select “Open file location”. The file manager should open to the C:\Windows\System32 directory containing the winlogon.exe file. If someone told you that the winlogon.exe file located in C:\Windows\System32 is malicious, that’s a hoax. This is a legitimate file and removing it will damage your Windows installation...more about winlogon.exe you can read this article

http://semutsujud.blogspot.co.id/2017/09/apa-aplikasi-winlogonexe-itu-kenapa.html