18 total posts
Do you want it back? (trojan?)
Use The System Restore Function With XP
Since you are running Windows XP, just use the System Restore feature and that will fix your problem. If you don't know how to do this, click start>accessories>system tools>system restore. Once you get here there will two options which are 1.) To restore your OS to an earlier date 2.) Create a Restore point. Select option 1; after you select option 1 it will ask you select a bold date from the calender, so just pick the date you wish to restore your computer from. However, Be warned, whatever you have created or any software that has been installed maybe lost. So just be careful of your time of restoration (Depending on what restore point you choose). From my experience however, a system restore does not effect data files, but it will effect certain software programs, which may need to be reinstalled. The system restore should give back your winlogon.exe that you lost.
I advise against this. If winlogon was really missing...
The system would not operate.
System Restore if successful could restore the trojan.
nothing works ..system restore didnt work it still pops up
it still pops up saying its not able to find the location and i think i delted it so how do i get it back i treid system restore...?
DO NOT PUT IT BACK!
The trojan drops a "run" entry in the registry.
Please read the link I supplied.
Fix The Malware Entry In The Registry
Per the link Bob provided earlier:
5. Reversing the changes made to the registry
CAUTION: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
Click Start, and then click Run. (The Run dialog box appears.)
Then click OK. (The Registry Editor opens.)
Navigate to the key:
In the right pane, delete the value:
"Windows Logon Application"="%Windir%\winlogon.exe"
Exit the Registry Editor.
HOpe this helps.
hey i tried doing whwat symantec site did and i went and checked many times but the winlogon wasnt there it was probably already deleted what do i do now?
Sounds like your problem is solved...did you read any of those posts ???
the thing you want is a TROJAN !!! trojan is a bad thing...you don't want it back
There is winLogon......
winlogon can be a legitimate Windows process. What Torgans do is to drop a similar named file. Try a Google for winlogon for more information.
...better results if you put in winlogon+trojan
Why it's some minor damage now.
If it was the Windows' Logon program, you would not able to get onto the machine. Please do not replace the trojan file.
...and the system would not allow it to be removed from startup processes, because "it is needed".
Boyasian, If The Error Is Still There. Other Places To Look
If you checked the specific registry location previously mentioned, then there is still a start up "call" from the registry occuring..Check these other paths in the registry:
(Remember...You're looking for the ""Windows Logon Application"="%Windir%\winlogon.exe"" or similar, in the right pane of the registry keys listed below. If it's not there, then move to the next location.)
These are the most commonly used registry startup locations for the variety of trojans and malware that use this file name.
Hope this helps.
Winlogon is the exe that as far as I know carries out 2 critical functions. 1st your start up/system processes and secondly Windows Product Activation. However you can get into windows without winlogon in Safe Mode. If you replace the Winlogon file you can do it from ANY XP computer its just that your activation will be undone. I would reccomend this :
1. Get Winlogon.exe from any XP system you have in reach. Its like 400 kb so no issues. Even a Floppy would work
2. Boot up in Safe Mode, access System32 and dump the file there.
3. Boot windows in normal mode...Your activation should be disabled. Use your Product Activation Key that I assume you have on that sticker.
4. If that doesnt work call Microsoft and do it officially.
I had a very similar problem once....Thats how I got through it...Good luck
Winlogon 50% CPU fixed (if you can't find Virus)
I know this thread is old, but I wasn't able to find the solution anywhere, I happened acrossed it when I noticed that in the window registry
under the key:
There was WgaLogon that was not on another computer. I think that this program was "stuck" and that is why the winlogon.exe was running at 50% CPU. Under my key I have the following Keys only now:
Once I removed WgaLogon everything went back to normal. I think it was just a botched install of Windows Genuine Advantage. Or maybe our firewall is preventing this traffic from happening, so it keeps trying to send Data to Microsoft, thus the 50% CPU. I hope this helps someone, because My issue was definately not a virus.
mdm.exe is another possible cause
The solutions reported above didnt work for me.
I solved the problem closing the "mdm.exe" program by pressing control+alt+del.
It can interfere on winlogon.exe.