Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A Second Winlogon.exe File...


  • Please log in to reply
4 replies to this topic

#1 mikerox

mikerox

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Columbus, Ohio
  • Local time:07:27 AM

Posted 23 July 2008 - 05:29 PM

I found out that I had an infected "system" file though the Comodo Firewall Pro's virus scan. I went to Yahoo Answers, searching for solution to my problem, where I was informed that if the winlogon.exe file wasn't located in the system32 folder, that it was in fact a virus, and would be safe to delete. Here's the path to the file in question:

C:\WINNT\$hf_mig$\KB840987\SP1QFE\winlogon.exe

I checked the system32 folder to verify, and I do in fact have a winlogon file in that folder.

Would it in fact be safe to delete this file?
A Christian and proud of it.

Those who use the Posted Image Button will suffer the wrath of Neapolitan!

BC AdBot (Login to Remove)

 


m

#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,571 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:27 PM

Posted 23 July 2008 - 05:33 PM

You could upload that file at Jotti for analysis.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 PropagandaPanda

PropagandaPanda


  • Malware Response Team
  • 10,433 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:27 AM

Posted 23 July 2008 - 05:34 PM

Hello Mikerox.

Are you using Windows XP? The %windir% should be WINDOWS for XP not WINNT.

The folders in your Windows direcory that start with "$" are usually backups made when you install updates.

With Regards,
The Panda

Edited by PropagandaPanda, 23 July 2008 - 05:38 PM.


#4 usasma

usasma

    Still visually handicapped (avatar is memory developed by my Dad


  • BSOD Kernel Dump Expert
  • 25,074 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:06:27 AM

Posted 23 July 2008 - 08:07 PM

The WINNT directory is standard for certain upgrade paths for XP (I believe it was the upgrade from Windows 2000)
The directory that you mention is likely to be a backup of the original winlogon.exe (that was replaced by that update). Submitting it to Jotti is probably a good thing to do. Deleting it won't hurt anything since the good copy is in C:\Winnt\System32\winlogon.exe
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

#5 mikerox

mikerox
  • Topic Starter

  • Members
  • 89 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Columbus, Ohio
  • Local time:07:27 AM

Posted 23 July 2008 - 10:54 PM

Just sent the file in. I also tried it on VirusTotal. Both sites report it as a safe file.

I guess it was a false alarm. Nonetheless, thanks for the assistance.

:thumbsup:

Edited by mikerox, 23 July 2008 - 10:55 PM.

A Christian and proud of it.

Those who use the Posted Image Button will suffer the wrath of Neapolitan!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users