Posted 18 August 2011 - 12:35 AM
I don't know what the heck I downloaded, but now there is an additional 'winlogon.exe' in my task manager that isn't being run by the system.
What I know:
Image Name: winlogon.exe ...
When I right click and go to the location it is in AppData/Roaming/Install
There is another winlogon.exe being run by the system and it is in the correct folder. I understand that you should only have one running at any given time. If there is a winlogon.exe that is NOT in the system folder... it means trouble.
What I have tried doing:
Ending the process. It says something about bad things happening etc etc etc system death.
Deleting directly from the folder. Can't because it is running in another program.
System restore. Can't restore to a date when my compute wasn't affected by this thing. The 5 points it gives me are after the event.
Several websites random malware and antivirus programs that people say work against this thing... but no help.
Browsing forums, but so far nothing has been located in this folder. Also, there is no distortion in the name, it is 'winlogon.exe'
It if helps, the icon that it is using is a little speedometer looking thing.
Other maybe useful information?
Property details gave me this: Product Name: WVQSAHRRX
Original Filename: srcozns.exe
I've tried searching these things and found nothing.
Any help would be appreciated.