How to remove the winlogon virus

Most antivirus programs identify winlogon.dll as malware—for example Microsoft identifies it as Program:Win32/Antivirus2008 or Adware:Win32/Clickspring.C, and TrendMicro identifies it as TROJ_QHOST.YF or ADW_PURITYSCA.Y.

The winlogon.dll file is a software component of Windows Logon Application by Microsoft.
The Windows Logon Dynamic Link Library file is part of The WinLogon service and is needed for the WinLogon.exe file to function. This DLL file has been included in the OS installation, as well as in software like the filter/WinLogon Suite by Research-Lab Inc. and PixView software for scanning and imaging applications.WinLogon.exe handles user logins and system information upon startup. Viruses have been known to manipulate the files in the WinLogon process.

WinLogon stands for Windows Logon

The free file information forum can help you find out how to remove it. If you have additional information about this file, please leave a comment or a suggestion for other users.

Click to Run a Free Virus Scan for the winlogon.dll malware

Winlogon.dll file information

The file does not contain indication of the product name or copyright holder. In Windows Task Manager, it appears simply as winlogon.dll.

Description: Winlogon.dll is not essential for Windows and will often cause problems. Winlogon.dll is located in the C:\Windows\System32 folder. Known file sizes on Windows 10/8/7/XP are 81,920 bytes (76% of all occurrences), 1,302,212 bytes or 15,872 bytes. 
A .dll file (Dynamic Link Library) is a special type of Windows program containing functions that other programs can call. This .dll file can be injected to all running processes and can change or manipulate their behavior. Winlogon.dll is a file with no information about its developer. The program has no visible window. There is no detailed description of this service. It can change the behavior of other programs or manipulate other programs. Winlogon.dll is not a Windows core file. The software starts upon Windows startup (see Registry key: AppInit_DLLs, MACHINE\Run, Run). Winlogon.dll is able to record keyboard and mouse inputs. Therefore the technical security rating is 84% dangerous, however you should also read the user reviews.

Recommended: Identify winlogon.dll related errors

Important: You should check the winlogon.dll process on your PC to see if it is a threat. If winlogon.dll has changed your browser's search engine and start page, you can recover your browser's default settings as follows:

Reset default browser settings for Internet-Explorer ▾
  1. In Internet Explorer, press the key combination Alt + X to open the Tools menu.
  2. Click Internet options.
  3. Click the Advanced tab.
  4. Click the Reset... button.
  5. Enable the Delete personal settings option.
This will reset your Internet Explorer to its default settings. Your browser will start with the familiar start page and search engine—without popups, ads, cookies, but all browser add-ons are deleted too [1]. Make cleaning up your browser and your computer simpler and safer with Security Task Manager.


User Comments

Non system file
Next to nothing except that my computer's anti-virus software(AVG) detected a winlogon.dll and named it a threat and trojan horse.

Summary: Average user rating of winlogon.dll: based on 2 votes with 2 user comments. One user suspects danger. One user thinks winlogon.dll is dangerous and recommends removing it.

Do you have additional information? Help other users!
What do you know about winlogon.dll:
How would you rate it:
Link for more info:
Your Name:

Best practices for resolving winlogon issues

The following programs have also been shown useful for a deeper analysis: Security Task Manager examines the active winlogon process on your computer and clearly tells you what it is doing. Malwarebytes' well-known anti-malware tool tells you if the winlogon.dll on your computer displays annoying ads, slowing it down. This type of unwanted adware program is not considered by some antivirus software to be a virus and is therefore not marked for cleanup.

A clean and tidy computer is the key requirement for avoiding PC trouble. This means running a scan for malware, cleaning your hard drive using cleanmgr and sfc /scannow, uninstalling programs that you no longer need, checking for Autostart programs (using msconfig) and enabling Windows' Automatic Update. Always remember to perform periodic backups, or at least to set restore points.

Should you experience an actual problem, try to recall the last thing you did, or the last thing you installed before the problem appeared for the first time. Use the resmon command to identify the processes that are causing your problem. Even for serious problems, rather than reinstalling Windows, you are better off repairing of your installation or, for Windows 8 and later versions, executing the DISM.exe /Online /Cleanup-image /Restorehealth command. This allows you to repair the operating system without losing data.

Other processes

winlogon.dll [all]