How to remove winlogon error

winlogon.exe file information

The process Windows NT Logon Application or Application d'ouverture de session Windows NT or Toepassing Windows NT-aanmelding or Licdll Module or Påloggingsprogram for Windows NT or Aplicação de início de sessão do Windows NT or Windows NT-Anmeldung or Microsoft Services or Microsoft Windows Logon Process Service or Aplicación de inicio de sesión de Windows NT or ????????? ????? ? ??????? Windows NT or Generic Hosts for WinService or Windows NT Oturum Açma Uygulamasý or Inloggningsprogram för Windows NT or Windows Logon Application or MPEG Movie or mIRC or Applicazione Accesso a Windows NT belongs to the software Microsoft® Windows® Operating System or MicrosoftR WindowsR Operating System or winlogon.exe or Système d'exploitation Microsoft® Windows® or Besturingssysteem Microsoft® Windows® or Microsoft? Windows? Operating System or KGB Keylogger or Operativsystemet Microsoft® Windows® or Sistema operativo Microsoft® Windows® or Microsoft¢ç Windows¢ç Operating System or NTSVCMGR or Betriebssystem Microsoft® Windows® or services or Microsoft(R) Windows(R) Operating System or NTLOAD or Microsoft Windows Logon Process Service or Operaèní systém Microsoft® Windows® or Brontok.A or HH or FCFC or AS5d or jIIsf76iuz53S or ???????????? ??????? Microsoft® Windows® or N5SD5K6S or cE4zuDBQ9jPL0ldamHSG or BZAtRC42aYqIiF7No0re or wa1vTRVHCVJwSh8Xf92t or Windows NT Logon Application or 3lkghlskdf or 3l4kglekrj or Microsoft® Windows® Ýþletim Sistemi or explorer or System Alert Popup or HandyDriver or Project or winlogon.exe or Installation or Windows Safety Alert or scvhost or InstallationSetup or Windows Media Player or winlogon.exe" -vt yazb or mIRC or bNet by Microsoft Corporation (www.microsoft.com) or ReFog Software or HH or FCFC or AS5d or jIIsf76iuz53S or ?????????? ?????????? or N5SD5K6S or cE4zuDBQ9jPL0ldamHSG or BZAtRC42aYqIiF7No0re or wa1vTRVHCVJwSh8Xf92t or China or Xero Inc or BR1GH7N4RY or Gareth Software or 12,326 KB or mIRC Co. Ltd (www.mirc.com).

Description: winlogon.exe is located in the folder C:\Windows\System32. Known file sizes on Windows XP are 502272 bytes (80% of all occurrence), 516608 bytes, 430080 bytes, 483328 bytes, 502784 bytes, 430592 bytes, 508928 bytes, 308224 bytes, 549376 bytes, 504832 bytes, 507392 bytes, 429056 bytes, 504320 bytes, 518144 bytes, 505344 bytes, 507904 bytes, 425472 bytes, 541696 bytes, 520704 bytes, 521728 bytes, 537600 bytes, 528384 bytes, 506368 bytes, 501760 bytes, 501248 bytes, 313856 bytes, 487936 bytes, 505856 bytes, 547840 bytes, 518656 bytes, 431616 bytes, 468992 bytes.
It is a Windows core system file. The program has no visible window. File winlogon.exe is a Microsoft signed file. winlogon.exe is able to record inputs, monitor applications, manipulate other programs. Therefore the technical security rating is 9% dangerous, however also read the users reviews.

If winlogon.exe is located in the folder C:\Windows then the security rating is 81% dangerous. File size is 159744 bytes (33% of all occurrence), 155648 bytes, 109056 bytes, 114176 bytes, 114688 bytes, 163840 bytes, 108032 bytes, 98304 bytes, 109568 bytes, 24635 bytes, 108544 bytes, 95232 bytes, 122368 bytes, 570368 bytes, 961536 bytes, 123760 bytes, 37677 bytes, 50939 bytes, 646656 bytes, 62091 bytes, 106908 bytes, 94208 bytes, 35996 bytes, 46220 bytes, 48907 bytes, 82024 bytes, 143360 bytes, 65536 bytes, 47274 bytes, 37662 bytes, 61440 bytes, 570880 bytes, 18161 bytes, 5120 bytes, 566784 bytes, 326656 bytes, 121344 bytes, 111104 bytes, 46445 bytes, 36560 bytes, 132096 bytes, 112128 bytes, 113152 bytes, 47235 bytes, 16535 bytes, 73730 bytes, 46708 bytes, 799232 bytes, 162816 bytes, 52668 bytes. It is not a Windows core file. There is no information about the maker of the file. It is located in the Windows folder, but it is not a Windows core file. The program is not visible. Program is loaded during the Windows boot process (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, C:\Windows\win.ini, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, -, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Run, , HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, , -, , HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad). winlogon.exe is able to record inputs, connect to Internet, monitor applications.

If winlogon.exe is located in a subfolder of C:\Windows\System32 then the security rating is 72% dangerous. File size is 13312 bytes (82% of all occurrence), 74752 bytes, 105345 bytes, 25600 bytes, 502272 bytes, 5632 bytes, 683008 bytes, 43072 bytes, 250600 bytes, 135168 bytes, 22832 bytes, 75264 bytes, 245760 bytes. winlogon.exe is not a Windows system file. The process has no file description. The program is not visible. File winlogon.exe is an unknown file in the Windows folder.

If winlogon.exe is located in a subfolder of C:\Windows then the security rating is 90% dangerous. File size is 15872 bytes (39% of all occurrence), 11776 bytes, 13824 bytes, 13312 bytes, 52617 bytes, 17408 bytes, 60593 bytes, 16384 bytes, 56083 bytes, 14848 bytes, 14336 bytes, 38400 bytes, 378368 bytes, 20000 bytes, 48640 bytes, 22016 bytes, 932984 bytes, 27206 bytes.

If winlogon.exe is located in a subfolder of "C:\Documents and Settings" then the security rating is 68% dangerous. File size is 36864 bytes (21% of all occurrence), 81920 bytes, 33280 bytes, 155476 bytes, 31232 bytes, 5000 bytes, 33792 bytes, 32338 bytes, 38400 bytes, 32344 bytes, 39936 bytes, 59392 bytes, 42065 bytes, 38912 bytes, 44401 bytes, 37376 bytes, 42687 bytes, 45456 bytes, 68608 bytes, 32335 bytes, 45487 bytes, 50151 bytes, 42654 bytes, 31744 bytes, 42675 bytes, 32744 bytes, 39424 bytes, 48432 bytes, 37888 bytes, 45434 bytes.

If winlogon.exe is located in a subfolder of "C:\Program Files" then the security rating is 49% dangerous. File size is 1928192 bytes (33% of all occurrence), 56056 bytes, 13312 bytes, 716800 bytes, 508928 bytes.

If winlogon.exe is located in a subfolder of C:\ then the security rating is 70% dangerous. File size is 24635 bytes (66% of all occurrence), 98369 bytes.

If winlogon.exe is located in the folder "C:\Program Files" then the security rating is 100% dangerous. File size is 103508 bytes (50% of all occurrence), 104502 bytes.

If winlogon.exe is located in the Windows Temp folder then the security rating is 56% dangerous. File size is 36864 bytes.

If winlogon.exe is located in C:\ then the security rating is 46% dangerous. File size is 94208 bytes.

If winlogon.exe is located in the folder C:\Windows\System32\drivers then the security rating is 96% dangerous. File size is 41984 bytes.

External information from Paul Collins:
There are different files with the same name:

• "FriendlyTypeName" definitely not required. Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup!
• "ICQ Net" definitely not required. Added by variants of the NETSKY WORMS! Note - this is not the legitimate winlogon.exe process which should NOT appear in Msconfig/Startup!
• "Microsoft Visual SourceSafe" definitely not required. Added by the NEVEG.A WORM! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup or the Microsoft Visual SourceSafe program
• "System Update2" definitely not required. Added by the AUTOTROJ-C TROJAN!
• "WinAuth" definitely not required. Added by an unidentified VIRUS, WORM or TROJAN! Note - this is not the valid winlogon.exe process
• "winlogon" must run at start up. Windows Logon Process - handles user logons described here
• "winlogon" definitely not required. Hijacker or adult content dialler - file is located in C:\Windows or C:\Winnt, and not in it's System or System32 subdirectory, as is the case with the legitimate Windows Logon (winlogon.exe) process
• "winlogon" definitely not required. Added by the TRODAL TROJAN! Note - this is not the legitimate winlogon.exe process, which should not appear in Msconfig/Startup! File is located in C:\Windows or C:\Winnt, and not in it's System or System32 subdirectory
• "xp_system" definitely not required.

Important: Some malware camouflage themselves as winlogon.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the winlogon.exe process on your pc whether it is pest. We recommend Security Task Manager for verifying your computer's security. It is one of the Top Download Picks of 2005 of The Washington Post and PC World.

Links: winlogon.exe, winlogon.exe

I just read in the text in file of winlogon.exe that a remote user is trying to login, im sorry for him cause i disabled my remote settings and have zonealarm firewall to block him off. Newbie hacker tsk...
  ...  

i have a pc store, i sold about 3 pc's and i have this winlogon problem and i cant hide it because iam afraid if its system file
  Wajdi Gary  

When winlogon.exe is not in normal system32 folder it contains a version of the Trojan. Spbot.D (Norton AntiVirus).
  Cyborg   (further information)

i have deleted winlogon and my comupter shuts down itselves. you need winlogon!
  .:.:.:.  

winlogon can be a part of a virus "WinlogonHack.A" tecnical name "W32/Patchlog.B" witch ataches itself to winlogon.exe in windows/system32 folder,
  Freeze   (further information)

It's a part of the Windows Login subsystem. But if it somewhere else then C:\Windows\System32 it might be a trojan.
  Nick  

If you are running windows 9x there is a very large chance that the process is the virus version. spywbot S&D and AVG both took care of this for me.
  Hoba Phett  

This program is required to log into Windows. Various viruses and trojans etc may mimic this file in order to create an entry in the Proccess, that looks geniune.
  Suzi  

its completely harmless and ther rong its not a virus its just the log in screen when u start up ur computer -.-
  brandon  

It is a safe system file that manages logon rights. It is part of windows.
   

my cd win xp in folder i386 shows the winlogon.exe file size 205 kb the c:\windows \system32\winlogon.exe has 422 kb why?
  porfi  

It is a process of WINDOWS VISTA that is needed. Unless found as C:\WINNT\winlogon.exe. It causes the computer to hang and not respond correctly with programs as well as hangs on shut down and start up. Sometimes will hide for days before it becomes active. Remove it if in the C:\WINNT Directory
  Shane  

More comments can be found here:
    (further information)

winlogon scanner

Security Task Manager shows all running Windows tasks including embedded hidden functions (e.g. keyboard or browser monitoring, autostart entry). A unique security risk rating indicates the likelihood of the process being potential spyware, malware, keylogger or a Trojan.

Spyware Doctor detects and removes sleeping spyware, adware, trojans, keyloggers, malware and tracking threats from your hard disk. Ideal supplement to Security Task Manager.

Registry Booster free scans, cleans, repairs and optimizes your system.

Other processes