Winlogon.exe "Bill P" <BillP[ at ]nospam.invalid> 12/10/2008 3:13:35 PM Hi I have WinPatrol installed and it has started to detect a new auto startup program / C:\Documents and Settings\HP_Owner\winlogon.exe/ and is asking if this prog is approved to run each time I login or restart. I am not sure whether or not this is a trojan or whether it is genuine. I believe the genuine one is in C\Windows\System 32. Does anyone have any guidance? At the moment I am not approving it when WinPatrol flags it up. Regards Bill

Re: Winlogon.exe "Bill P" <BillP[ at ]nospam.invalid> 12/10/2008 3:17:53 PM PS WinXP Home SP3 "Bill P" <BillP[ at ]nospam.invalid> wrote in message news:uw2RhntWJHA.256[ at ]TK2MSFTNGP06.phx.gbl... [Quoted Text] > Hi > I have WinPatrol installed and it has started to detect a new auto startup > program / C:\Documents and Settings\HP_Owner\winlogon.exe/ and is asking > if this prog is approved to run each time I login or restart. > > I am not sure whether or not this is a trojan or whether it is genuine. I > believe the genuine one is in C\Windows\System 32. > Does anyone have any guidance? At the moment I am not approving it when > WinPatrol flags it up. > Regards Bill >

Re: Winlogon.exe "Olórin" <incanus[ at ]erkljrjre890aeraekj4na.com> 12/10/2008 3:56:42 PM "Bill P" <BillP[ at ]nospam.invalid> wrote in message news:eOQS9ptWJHA.2372[ at ]TK2MSFTNGP03.phx.gbl... [Quoted Text] > PS > WinXP Home SP3 > > > "Bill P" <BillP[ at ]nospam.invalid> wrote in message > news:uw2RhntWJHA.256[ at ]TK2MSFTNGP06.phx.gbl... >> Hi >> I have WinPatrol installed and it has started to detect a new auto >> startup program / C:\Documents and Settings\HP_Owner\winlogon.exe/ and is >> asking if this prog is approved to run each time I login or restart. >> >> I am not sure whether or not this is a trojan or whether it is genuine. I >> believe the genuine one is in C\Windows\System 32. >> Does anyone have any guidance? At the moment I am not approving it when >> WinPatrol flags it up. >> Regards Bill >> > > What have your researches so far turned up? Did you make any changes to your system just before this started happening? What, if any, anti-virus and anti-malware protection do you have in place? Try uploading the file to www.virustotal.com to see what a wide selection of AVs think of it. How is this file being started - from the Start Menu, registry etc? Does WinPatrol say or can you otherwise find out? If you've made no changes and don't know what this file is, certainly continue blocking it from starting for now.

Re: Winlogon.exe "Bill P" <BillP[ at ]nospam.invalid> 12/10/2008 4:20:37 PM "Olórin" <incanus[ at ]erkljrjre890aeraekj4na.com> wrote in message news:O2Kfm$tWJHA.552[ at ]TK2MSFTNGP06.phx.gbl... [Quoted Text] > "Bill P" <BillP[ at ]nospam.invalid> wrote in message > news:eOQS9ptWJHA.2372[ at ]TK2MSFTNGP03.phx.gbl... >> PS >> WinXP Home SP3 >> >> >> "Bill P" <BillP[ at ]nospam.invalid> wrote in message >> news:uw2RhntWJHA.256[ at ]TK2MSFTNGP06.phx.gbl... >>> Hi >>> I have WinPatrol installed and it has started to detect a new auto >>> startup program / C:\Documents and Settings\HP_Owner\winlogon.exe/ and >>> is asking if this prog is approved to run each time I login or restart. >>> >>> I am not sure whether or not this is a trojan or whether it is genuine. >>> I believe the genuine one is in C\Windows\System 32. >>> Does anyone have any guidance? At the moment I am not approving it when >>> WinPatrol flags it up. >>> Regards Bill >>> >> >> > > What have your researches so far turned up? > > Did you make any changes to your system just before this started > happening? > > What, if any, anti-virus and anti-malware protection do you have in place? > > Try uploading the file to www.virustotal.com to see what a wide selection > of AVs think of it. > > How is this file being started - from the Start Menu, registry etc? Does > WinPatrol say or can you otherwise find out? > > If you've made no changes and don't know what this file is, certainly > continue blocking it from starting for now. > Hi Olorin Thanks for responding. I downloaded a prog from the internet from a p2p site (I know it is dodgy but I scanned it with Norton before installing and it found nothing.) After installation the WinLogon popups started from WinPatrol. It was being started from the Start menu. In the Active Tasks list the genuine WinLogon in System32 was running, therefore I have assumed that the one in C\Documents and settings\HP Owner folder was an intruder. I have just done a system restore and low and behold the spurious file has disappeared and the popups have stopped. Regards Bill

Re: Winlogon.exe "Gerry" <gerry[ at ]nospam.com> 12/10/2008 6:49:54 PM Bill You need to be far more careful with the way you handle email. http://www.neuber.com/taskmanager/process/winlogon.exe.html http://www.symantec.com/security_response/writeup.jsp?docid=2004-030110-0232-99&tabid=2 What you got was relatively easy to remove but lately there are far more problematic nasties coming in by the same route. -- Hope this helps. Gerry ~~~~ FCA Stourport, England Enquire, plan and execute ~~~~~~~~~~~~~~~~~~~ Bill P wrote: [Quoted Text] > "Olórin" <incanus[ at ]erkljrjre890aeraekj4na.com> wrote in message > news:O2Kfm$tWJHA.552[ at ]TK2MSFTNGP06.phx.gbl... >> "Bill P" <BillP[ at ]nospam.invalid> wrote in message >> news:eOQS9ptWJHA.2372[ at ]TK2MSFTNGP03.phx.gbl... >>> PS >>> WinXP Home SP3 >>> >>> >>> "Bill P" <BillP[ at ]nospam.invalid> wrote in message >>> news:uw2RhntWJHA.256[ at ]TK2MSFTNGP06.phx.gbl... >>>> Hi >>>> I have WinPatrol installed and it has started to detect a new auto >>>> startup program / C:\Documents and Settings\HP_Owner\winlogon.exe/ >>>> and is asking if this prog is approved to run each time I login or >>>> restart. I am not sure whether or not this is a trojan or whether >>>> it is >>>> genuine. I believe the genuine one is in C\Windows\System 32. >>>> Does anyone have any guidance? At the moment I am not approving it >>>> when WinPatrol flags it up. >>>> Regards Bill >>>> >>> >>> >> >> What have your researches so far turned up? >> >> Did you make any changes to your system just before this started >> happening? >> >> What, if any, anti-virus and anti-malware protection do you have in >> place? Try uploading the file to www.virustotal.com to see what a >> wide >> selection of AVs think of it. >> >> How is this file being started - from the Start Menu, registry etc? >> Does WinPatrol say or can you otherwise find out? >> >> If you've made no changes and don't know what this file is, certainly >> continue blocking it from starting for now. >> > > Hi Olorin > Thanks for responding. > I downloaded a prog from the internet from a p2p site (I know it is > dodgy but I scanned it with Norton before installing and it found > nothing.) After installation the WinLogon popups started from > WinPatrol. It was being started from the Start menu. In the Active > Tasks list the genuine WinLogon in System32 was running, therefore I > have assumed that the one in C\Documents and settings\HP Owner folder > was an intruder. I have just done a system restore and low and behold > the spurious > file has disappeared and the popups have stopped. > Regards Bill

Re: Winlogon.exe "Bill P" <BillP[ at ]nospam.invalid> 12/11/2008 2:00:24 PM Hi Gerry I didn't pick that particular nasty up via email. It came from a dodgy program I downloaded from a p2p website. Regards Bill "Gerry" <gerry[ at ]nospam.com> wrote in message news:OK1NjgvWJHA.4768[ at ]TK2MSFTNGP04.phx.gbl... [Quoted Text] > Bill > > You need to be far more careful with the way you handle email. > http://www.neuber.com/taskmanager/process/winlogon.exe.html > http://www.symantec.com/security_response/writeup.jsp?docid=2004-030110-0232-99&tabid=2 > > What you got was relatively easy to remove but lately there are far more > problematic nasties coming in by the same route. > > -- > > > > Hope this helps. > > Gerry > ~~~~ > FCA > Stourport, England > Enquire, plan and execute > ~~~~~~~~~~~~~~~~~~~ > Bill P wrote: >> "Olórin" <incanus[ at ]erkljrjre890aeraekj4na.com> wrote in message >> news:O2Kfm$tWJHA.552[ at ]TK2MSFTNGP06.phx.gbl... >>> "Bill P" <BillP[ at ]nospam.invalid> wrote in message >>> news:eOQS9ptWJHA.2372[ at ]TK2MSFTNGP03.phx.gbl... >>>> PS >>>> WinXP Home SP3 >>>> >>>> >>>> "Bill P" <BillP[ at ]nospam.invalid> wrote in message >>>> news:uw2RhntWJHA.256[ at ]TK2MSFTNGP06.phx.gbl... >>>>> Hi >>>>> I have WinPatrol installed and it has started to detect a new auto >>>>> startup program / C:\Documents and Settings\HP_Owner\winlogon.exe/ >>>>> and is asking if this prog is approved to run each time I login or >>>>> restart. I am not sure whether or not this is a trojan or whether it >>>>> is >>>>> genuine. I believe the genuine one is in C\Windows\System 32. >>>>> Does anyone have any guidance? At the moment I am not approving it >>>>> when WinPatrol flags it up. >>>>> Regards Bill >>>>> >>>> >>>> >>> >>> What have your researches so far turned up? >>> >>> Did you make any changes to your system just before this started >>> happening? >>> >>> What, if any, anti-virus and anti-malware protection do you have in >>> place? Try uploading the file to www.virustotal.com to see what a wide >>> selection of AVs think of it. >>> >>> How is this file being started - from the Start Menu, registry etc? >>> Does WinPatrol say or can you otherwise find out? >>> >>> If you've made no changes and don't know what this file is, certainly >>> continue blocking it from starting for now. >>> >> >> Hi Olorin >> Thanks for responding. >> I downloaded a prog from the internet from a p2p site (I know it is >> dodgy but I scanned it with Norton before installing and it found >> nothing.) After installation the WinLogon popups started from >> WinPatrol. It was being started from the Start menu. In the Active >> Tasks list the genuine WinLogon in System32 was running, therefore I >> have assumed that the one in C\Documents and settings\HP Owner folder >> was an intruder. I have just done a system restore and low and behold the >> spurious >> file has disappeared and the popups have stopped. >> Regards Bill > >