Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


special logon into users

  • Please log in to reply
2 replies to this topic

#1 mikeddhs


  • Members
  • 2 posts
  • Local time:12:56 AM

Posted 22 March 2011 - 02:55 PM

Hello there.

I believe that I have a rootkit or malware. Please look at the picture I attached:

Thank you in advance

Attached Files

  • Attached File  pic1.jpg   201.61KB   5 downloads

Edited by Andrew, 22 March 2011 - 03:19 PM.
Mod Edit: Moved to MRL From AII - AA

BC AdBot (Login to Remove)


#2 Andrew


    Bleepin' Night Watchman

  • Moderator
  • 8,260 posts
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:12:56 AM

Posted 22 March 2011 - 03:19 PM

This is perfectly normal.

The "special logon" event is recorded every time an account with Administrative rights logs on (you'll notice how these "special logon" events usually occur right after a standard logon event.) Your screenshot is of the NT_AUTHORITY\SYSTEM account which is the built-in highest level account (higher even than Administrator) where Windows runs all of its really important code. The SYSTEM account has user rights up to and exceeding Administrator level rights, which is why you see this event every time even a non-admin user logs on. In short: it's perfectly normal and nothing to worry about.

Have you observed any other symptoms or odd behavior that might be caused by an infection? If you haven't then you're probably not infected at all.

#3 mikeddhs

  • Topic Starter

  • Members
  • 2 posts
  • Local time:12:56 AM

Posted 25 March 2011 - 09:30 PM

Ive ran a rootrepeal partially until there are errors and it closes out. But before it errors out i see things that look like malware. On Sunday when i have time ill post some more info

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users