Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Message Comes On When Opening Computer


  • Please log in to reply
25 replies to this topic

#1 uncfingers

uncfingers

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 30 May 2008 - 04:25 AM

:thumbsup: Hi all when my compuetr has loaded i keep getting this message on screen.....windows cant find "c\winlogon.exe" make sure you typed the name correctly and then try again..to search file click start and then click search...dont know why this has happened i have tried to do wot it said but to no avail...any suggestions please i am using widows xp home edition...

BC AdBot (Login to Remove)

 


#2 dc3

dc3

    Bleeping Treehugger


  • Members
  • 30,393 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:35 PM

Posted 30 May 2008 - 04:32 AM

Have you tried to do a System Restore?

Start> All Programs> Accessories> System Tools> System Restore.

Just follow the prompts.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#3 uncfingers

uncfingers
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 03 June 2008 - 12:01 PM

:thumbsup: hi yes i have tried system restore but it dosnt make ny difference..and it wont change to earlier settings most of the time... i have since found out that it is related to windows not being installed properly...dont know why it was fine for years ...

#4 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 03 June 2008 - 04:17 PM

Hello.

Let's search for registry for where this file is trying to be started from.
  • Please download regfind.xip and extract regfind.exe to your desktop. You can delete the zip folder.
  • Copy the following into a notepad. Do not copy the word "Code".
    @ECHO OFF
    ECHO Please wait.
    regfind "c:\winlogon.exe" >Results.txt
    regfind "c\winlogon.exe" >>Results.txt
    del regfind.exe
    start Results.txt
    del %0
  • Click File, then Save As... .
  • Click Desktop on the left.
  • Under the Save as type dropdown, select All Files.
  • In the box File Name, input regfind.bat.
  • Hit OK.
Double click regfind.bat. When the script is finished, a notepad will open with Results.txt. Please copy the contents of that file into your reply.

Many malware try to copy names of legit windows files, such as winlogon.exe. The legit version of this file should not be located at C:\.

Could I ask what antivirus and antispyware program you are using?

With Regards,
The Panda

#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 03 June 2008 - 06:50 PM

Hi,
c:\winlogon.exe is most likely bad. The Legitimate file should be located at C:\Windows\system32\winlogon.exe
Did you do any scans with your antivirus/spyware programs and did they find anything related to that error?
Follow Panda's suggustion first and see where it is being started from.

Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 uncfingers

uncfingers
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 05 June 2008 - 02:54 AM

:thumbsup: hi i downloaded the programme you said but i dont think i did it right i followed your instructions but when the script finished it just disappeared so i know that i have done something wrong....sorry for being thicko...

#7 ComputerWhizz7

ComputerWhizz7

  • Members
  • 408 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Zealand
  • Local time:07:35 PM

Posted 05 June 2008 - 03:48 AM

From what I gather the system has lost winlogon.exe. Now can you login in safe mode? I believe a virus has altered your computer. If so make sure C:\Windows\system32\winlogon.exe is there then delete C:\winlogon.exe because that is NOT the location for it. Then when you start the computer in normal mode see what the computer does. If the same thing, re-install windows on the system.

Format C:\ fixes all LOL.

Edited by ComputerWhizz7, 05 June 2008 - 03:49 AM.

I came, I saw, I conquered. - Julius Caeser

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 05 June 2008 - 07:03 AM

Hi,
The script should dissapear,because after the process is done, that batch file will be deleted. Did Notepad open though?
Let's make sure you did the steps correctly.
First download the .Zip folder that the Panda mentioned above.
Extract it by right clicking on it and press Extract all.
There will be the new folder of the extracted folder.
Then copy and paste everything that was in the Code box and paste it on notepad.
REmeber save it on your desktop, Under the Save as type dropdown, select All Files and then save the file name as regfind.bat Double click that .bat file and notpad should open after it is done.

Regards,
Extremboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 05 June 2008 - 11:03 AM

Hello.

I think there is something wrong with the regfind application. When I tried it on my computer, something is making it hang.

Alternatively, you can use autoruns to disable winlogon.exe from starting. The legit winlogon should not be shown as it's whitelisted.

If you have any doubts about using the program, please ask. Disabling startups incorrectly could cause problems.

With Regards,
The Panda

#10 uncfingers

uncfingers
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 05 June 2008 - 03:02 PM

:thumbsup: hi guys i am getting stuck..i downloaded prog run it and pasted the stuff from the code box onto notebook ..this is where i get stuck after the prog has finished the results text is there but there is nothing in it i saved the notebook file but nothing happens ...so frustrating.....must be me nothing to do with you...

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 05 June 2008 - 03:13 PM

Hi,
Did you follow Panda's suggustion by disabling winlogon.exe from starting?
Are you sure that winlogon.exe is in C:\winlogon.exe and not in another folder?
If notepad was blank that means it didn't find anything.
I want you to try this and see what comes up.

Copy and paste the following code on Notepad(don't copy quote)

@ECHO OFF
cd c:\
vfind *winlogon.exe*>SearchResults.txt
notepad SearchResults.txt

Once you copied it on Notepad, save it to your desktop and call it find.bat, Make sure that under Save as type dropdown change it to All Files. Now run that batch by double clicking on it. Once it is finished notepad will open. Please copy down the contents of what was in Notepad.

Regards
Extremeboy

Edited by extremeboy, 05 June 2008 - 03:15 PM.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 uncfingers

uncfingers
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 06 June 2008 - 04:13 AM

:thumbsup: Hi...first off no i didn't do what panda suggested as i am not that comfortable with doing that i done what you suggested and i got this message...vfind is not reconized as an internal or external command,operable program or batch file...hope you understand this as i aint got a clue...many thanks again :flowers:

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:35 AM

Posted 06 June 2008 - 06:41 AM

Ok,
I see, it seems that vfind isn't in your System32 folder.
Please download vfind from here: Vfind
DON'T double click that file, just cut and paste that file to your System32 folder.
To do that Navigate to C:\Windows\System32
Once you done that, now run that batch file again please.

Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#14 uncfingers

uncfingers
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Local time:01:35 AM

Posted 06 June 2008 - 11:37 AM

:thumbsup: sorry extremeboy..how do i get to c:\windows\system32 i dont want to do anything that will muck up the comp completely..thanks again

#15 OldGrumpyBastard

OldGrumpyBastard

  • Members
  • 781 posts
  • OFFLINE
  •  
  • Location:"Way South of 'da Bridge"
  • Local time:01:35 AM

Posted 06 June 2008 - 11:50 AM

Left click vfind link previously posted...Select Save...Click on My computer (on the right) open...Click on C: open...Look for WINDOWS open...system32...save...and it should now be there...Then do the procedure previously tried before you got the failed message.
Does this look like an OldGrumpyBastard or what?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users