Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


winlogon, Rkill, and understanding system files

  • Please log in to reply
No replies to this topic

#1 falcore91


  • Members
  • 50 posts
  • Local time:10:03 AM

Posted 17 March 2011 - 12:08 AM

I know I ramble a bit, so first I'll give the short version.

Application winlogon.exe originally prompted my witch hunt but appears to be legit, however when I ran Rkill it ended wauclt.exe and WMIADAP.EXE. Why?

Hi there, this is my first post so please let me know if I fail to follow any of the procedures that makes this process works. I recently reinstalled Windows XP on our family laptop. From there I updated Windows to service pack 3, installed the Dell drivers and software, installed Kaspersky Internet Security, and finally Microsoft Office (in that general order). From this point I plugged in an external drive with our old data, a scan of which revealed some trojans which I think were deleted.

However, when I rebooted and Kaspersky started doing it's thing in full, it picked up on an application called Windows NT Logon Application. While looking for information on what it could be, I stumbled upon Bleeping Computer. However, I think the issue has questions that cannot be resolved searching old posts. I am aware that there is both an essential program with this name and that malware can take on this name, so I was hoping someone could help

One of the first things I did was to boot up in safe mode and run a full system scan with Kaspersky which found... nothing. OK then. I later ran a malware bytes scan under the instruction of remotely connected Microsoft support, which also found nothing. They provided me with an article describing what the legit application does, and we called it good. However, I was still not satisfied. While the article did say that the program looked in registry entries, Kaspersky indicated that this particular application was changing access rights in places like Group Policy registry files, which weren't addressed in the provided article. Unfortunately I am not very familiar with how programs normally interact with the registry so I'm not sure how to assess that.

Under advice from a classmate I ran Rkill to give it one final go. Malwarebytes and Kaspersky both came up clean after Rkill did its thing. However, I was wondering why it ended the programs wuauclt.exe and WMIADAP.EXE.
(Instructor) You put a Linux machine within a Windows machine within a Mac? That's great! Now where is that paper on BitTorrents vulnerabilities that was due last week?

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users