Winlogon.exe

I woke up this morning to BitDefender having detected 3 trojan generics with a file name of 'winlogon.exe'. It deleted two of them which were located in the system32 folder and another one was moved into quarantine, which was in a ServicePackFiles folder.

Are these legit and should I restore the one it did not delete?

Thanks

Find more posts tagged with

Comments

unknown

Yes this is a false-positive that was already fixed.

This is the link to the KB: http://kb.bitdefender.com/KB519-en--Faulty...nlogon.exe.html

harryphinney

The KB states that no user action is required. Does this mean that Bitdefender is going to restore the files it erroneously deleted?

Harry Phinney

gdobbs23

The KB states that no user action is required. Does this mean that Bitdefender is going to restore the files it erroneously deleted?

Harry Phinney

I'm interested in this question as well. When I try to restore the quarantined items, it says the file already exists and if I want to replace it. I click 'okay' and it then says it cannot find the specified path.

In any case, winlogon.exe is running (and it was still running before the fix came out), so perhaps the operating systems took care if it being deleted/quarantined?

redangus

I have been running BitDefender for about 3 years since I built this computer with Windows XP Media Center SP2 for an operating system. At the time I found your software on line, took a chance on it, purchased and installed it and found it to be very good keeping my computer protected and virus free. Not one virus infection. However on last Friday Feb 13, a virus alert appeared informing me that a virus infected a file in windows system (I can't remember the exact name of the file but it had the terms "winlogon , and 386"). This file was quarantined and deleted, prompting a message box telling me to re-install the said file from the Windows XP CD's. I tried this but the file could not be found here, likely because my computer was auto-updated to XP SP3 and I did not have backup files for this version. After unsuccessfully trying to get files from windows update, to correct this, some other updates were installed, requiring a reboot. That's when my problems started. Windows was unable to start, and I had to reinstall the operating system. Got things going the next day, and when tying to get windows updated,. another virus warning appeared infecting another critical file. This time the file was replaced successfully. I thought by using System Restore, the problem would be corrected, but the virus warning reappeared again offline, so I reversed it. Today, again the virus warning pops up so I decided to search the net for answers and came across this message board, and registered. Finally I found out what the problem was.

Please note that up until now , I thought my computer was being under attack from several different virus. Glad that it isn't, but dealing with situations like this where I am not sure what to do when it does happens, caused me a whole lot of grief. I now have to get all the updates back and reinstall taking up a lot of time. Your software should provide more visible instructions and warnings about what to do when critical operating files are infected and modified or deleted.

dbm

I was also receiving the false positive winlogon.exe error. I ran a full virus scan Thursday, and at BitDefender's suggestion moved the winlogon.exe to quarantine. I then reran the virus scan to make sure that my system was clean. Approximately five minutes into the scan, my system crashed. Since then, it cannot be rebooted. I receive a BSOD error message each time. I've tried to boot in safe mode, last known good configuration, and every other option.

System Info

XP Service Pack 2

BitDefender Total Security 2009

Due to the fact that the system was purchased from Dell, I do not have an XP CD to attempt to repair my XP installation.

Using a different PC, I was online for thirty minutes yesterday using the chat function with a customer service rep who promised me an e-mail solution that he never sent. I have not had access to my system or data for four days due to this error, and I am desperate for assistance.

support@macduffie.org

I was also receiving the false positive winlogon.exe error. I ran a full virus scan Thursday, and at BitDefender's suggestion moved the winlogon.exe to quarantine. I then reran the virus scan to make sure that my system was clean. Approximately five minutes into the scan, my system crashed. Since then, it cannot be rebooted. I receive a BSOD error message each time. I've tried to boot in safe mode, last known good configuration, and every other option.

System Info

XP Service Pack 2

BitDefender Total Security 2009

Due to the fact that the system was purchased from Dell, I do not have an XP CD to attempt to repair my XP installation.

Using a different PC, I was online for thirty minutes yesterday using the chat function with a customer service rep who promised me an e-mail solution that he never sent. I have not had access to my system or data for four days due to this error, and I am desperate for assistance.

I have seen several different manifestations of this problem - affected over 50 PCs here with over 40 having Blue Screen of Death. The differences for me have been in the order updates and scans took place during the night.

To Fix,

1) Find a good version of C:\windows\system32\winlogon.exe on a different PC with the same OS and copy it to a CD or floppy. Our latest version is 5.1.2600.5512, size is 496K.

2) Enable boot from CD in the BIOS if not already enabled.

3) Since you don't have an OS reinstall CD from Dell (it is a chea.p available option), use any Win XP OS reinstall disk you get hold of.

You may be able to do the file copy using a Linux tool bootable CD also such as Killdisk or Super FDisk. It just has to support NTFS

filesystem. The instructions below refer to a reinstallation CD but the others would be similar.

4) Boot from it, select Recovery Console, keyboard and login if needed. You should end up at:

C:\windows> prompt.

5) Put CD or floppy containing winlogon.exe in drive. If you have 2 CD drives put it in the 2nd one, otherwise eject the 'Reinstall CD' (use a paperclip in the hole if neccesary) or use a floppy. USB drives wouldn't work for us.

6) Do the following at the commandline prompts:

CD system32<Enter> (moves current directory to C:\Windows\system32)

copy D:winlogon.exe<Enter> (assuming D drive contains CD, might be A: for floppy or other

You can chane current drive E:<Enter> dir<Enter> to find drive.)

exit<Enter>

7) During reboot, remove CD/floppy.

8) System should reboot to login screen.

9) Login.

10) As soon as BD shows up in taskbar, update it so it won't delete winlogon again.

11) Check BD quarantine and restore winlogon if there. If the new copy is still in c:\windows\system32 dirctory from step 6 BD won't restore the old copy.

12) Check for the Winlogon.exe file in C:\Windows\System32 for safety.

There is also a copy in C:\Windows\ServicePackFiles\I386.

Good luck.

dbm

Thank you for your assistance. I have finally resolved this issue. Since it was so difficult for me (probably easy for others), I wanted to respond with how I fixed it so that someone else can hopefully benefit.

The primary problem was that no software boot program was recognizing my NTFS drive or file system. This was solved by downolading the Windows Automated Installation Kit from the Microsoft website and installing it on another computer. From there, I followed the instructions at //itsvista.com/2006/12/toss-dos-install-vista-with-free-winpe/ to create a boot disk image. This boot disk booted to a DOS prompt that recognized my C:\ drive and file structure, as well as a USB Key with the winlogon.exe file. From there, I was able to copy the winlogon.exe file to my hard drive and follow the instructions above.