[filename.info logo]
[cn winlogon.exe][de winlogon.exe][es winlogon.exe][fr winlogon.exe][gb winlogon.exe][it winlogon.exe][jp winlogon.exe][kr winlogon.exe][nl winlogon.exe][pt winlogon.exe][ru winlogon.exe][us winlogon.exe]
 

winlogon.exe (5.1.2600.1106)

Contained in software

Name:Windows XP Home Edition, Deutsch
License:commercial
Information link:http://www.microsoft.com/windowsxp/

File details

Filepath:C:\WINDOWS\system32 \ winlogon.exe
Filedate:2002-08-29 14:00:00
Version:5.1.2600.1106
Filesize:521.728 bytes

Checksum and file hashes

CRC32:EFFDF5E1
MD5:6168 96B7 0828 6DA9 8D6A 0992 93F1 81D7
SHA1:3185 27E4 C475 E203 B220 2C43 7482 EACC C542 0195

Version resource information

CompanyName:Microsoft Corporation
FileDescription:Windows NT-Anmeldung
FileOS:Windows NT, Windows 2000, Windows XP, Windows 2003
FileType:Application
FileVersion:5.1.2600.1106
InternalName:winlogon
LegalCopyright:© Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename:WINLOGON.EXE
ProductName:Betriebssystem Microsoft® Windows®
ProductVersion:5.1.2600.1106

winlogon.exe was found in the following malware reports:

W32.Neveg.A@mm

Technical details
...Copies itself as %Windir%systemwinlogon.exe. Note: %Windir% is a variable...
...".Prog" = "%Windir%systemwinlogon.exe" "BuildLab" = "%Windir%systemwinlogon.exe"...
..."ccApps" = "%Windir%systemwinlogon.exe" "FriendlyTypeName"...
..."Microsoft Visual SourceSafe"= "%Windir%systemwinlogon.exe" "RegDone" = "%Windir%systemwinlogon.exe"...
..."TEXTCONV" = "%Windir%systemwinlogon.exe" "WMAudio" = "%Windir%systemwinlogon.exe"...
Removal instructions
...".Prog" = "%Windir%systemwinlogon.exe" "BuildLab" = "%Windir%systemwinlogon.exe"...
..."ccApps" = "%Windir%systemwinlogon.exe" "FriendlyTypeName"...
..."Microsoft Visual SourceSafe"= "%Windir%systemwinlogon.exe" "RegDone" = "%Windir%systemwinlogon.exe"...
..."TEXTCONV" = "%Windir%systemwinlogon.exe" "WMAudio" = "%Windir%systemwinlogon.exe"...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html

Backdoor.Graybird

Technical details
...%System%Svch0st.exe %System%Winlogon.exe %System%Explorer.exe...
..."winlogon"="%System%Winlogon.exe" "system"="%System%Explorer.exe"...
Removal instructions
..."winlogon"="%System%Winlogon.exe" "system"="%System%Explorer.exe"...
Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.html

W32.Marol@mm

Technical details
...itself as the following files: %Windir%Winlogon.exe %Windir%Marisol.exe...
..."Apnt" = "%Windir%winlogon.exe" "WorksCache" = "%Windir% empWkCVX.exe"...
Removal instructions
..."Apnt" = "%Windir%winlogon.exe" "WorksCache" = "%Windir% empWkCVX.exe"...
Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.marol@mm.html

Backdoor.Trodal

Technical details
...Copies itself to %Windir%Winlogon.exe. Note: %Windir% is a variable....
...Creates the registry value "winlogon"="%windir%winlogon.exe"...
...Sets the file timestamp of %Windir%Winlogon.exe to the same values as the file, %Windir%win.ini....
Removal instructions
...right pane, delete the value: "winlogon"="%windir%winlogon.exe"...
Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trodal.html

Backdoor.Dsklite

Technical details
...Copies itself as %Windir%Winlogon.exe. NOTE: %Windir% is a variable....
..."Windows Logon Application"="%Windir%winlogon.exe" to the registry key:...
Removal instructions
...Scroll through the list and look for winlogon.exe. If you find the file, click...
..."Windows Logon Application"="%Windir%winlogon.exe" Exit the Registry Editor....
Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dsklite.html

Trojan.Hazzer

Technical details
...or: "winlogon"=<path to trojan>...
...L2logon.exe Winlogon.exe Tries to delete C:Msdos.exe....
Removal instructions
...or: "winlogon"=<path to trojan>...
Source: http://securityresponse.symantec.com/avcenter/venc/data/trojan.hazzer.html

Spyware.TrueActive

Technical details
..._.exe; tamset.exe; sem.dll; winsdoc.dll; winlogon.exe When Spyware.TrueActive is...
...detected as Spyware.TrueActive) %Windir%winlogon.exe (main logger, detected as Spyware.TrueActive)...
Source: http://securityresponse.symantec.com/avcenter/venc/data/spyware.trueactive.html

Backdoor.Prorat

Technical details
...%System%Sservice.exe %Windir%Winlogon.exe Notes:...
...HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon from:...
...May inject a .dll file into the Winlogon process as a thread, which will end the processes of various security products....
Removal instructions
...HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon In the right pane, modify...
Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html

Backdoor.Beasty.H

Technical details
...Systray.exe Winlogon.exe NOTE:...
Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.h.html

Intruder Alert 3.6 W32_Netsky_D_Worm Policy

following file to be monitored: #windirwinlogon.exe Last modified on:...
......
Source: http://securityresponse.symantec.com/avcenter/security/Content/2004.03.01.html



Valid HTML 4.01!