I just came from another forum that looks strikingly similar to yours. The "expert" there who did the troubleshooing stated "I don't see anything" when done although the issues still persists. Thought maybe you could give me a second opinion please? I sent him screenshots showing these two items running in processes and they still are. Windows task manager shows the basic winlogon.
My question is whether these executables are malware because they have questionmarks in the path almost like they are designed to be hidden. They also are the only items that run as high priority. Do you concur that I am not infected as the other person does?
hey show up in the Glarysoft Pro 3 process manager but cannot be deleted. In windows task manager, they cannot be deleted either as they are critical system processes.My windows system32 folder has the real winlogon.exe that is only 496kb versus the infection file which shows memory of 2554 kb. Same deal for csrss.exe which is 6kb versus the infection at 2764kb. Perhaps the memory doesn't reflect the actual file size so maybe that isn't a factor. I read that malware files are much larger than the real windows files.
My understanding is that winlogon.exe only runs at startup then stops shortly thereafter. These items are running constantly.
Here is the troubleshooting that was already done with nothing found: