anyone know where winIogon.exc file comes from

  • Thread starter Thread starter webberdog
  • Start date Start date
W

webberdog

using a captial i not an l in logon ? it was hard to spot....
i had it on my first computer i'm newbie....
my friend went thru the registry on windows 2000 pro and found it....my
cpu was running 100% i couldn't surf was 21k on dialup......my pc was
sending out like crazy and receiving orders whenever i
connected......from whoever...file was a little bit bigger than real
windows logon not much 2.7k....he googled it but found no info on that
file......i put in spybot,ad-adare and bunch of other free
ad,spyware,virus detect/clean downloads......i hope i didnt get it from
one of them.i'm going to uninstall all of them.....my friend going to
put in free bsd and take out windows and close ports except port 80 and
email etc ones.....i'm learning......watching him...any info on this exc
file appreciated.....what a miserable experience.......it was in windows
32/ not in run, run start and bunch of 95% places he said usual bad
stuff is.
 
(e-mail address removed) wrote in 3338.bay.webtv.net:
using a captial i not an l in logon ? it was hard to spot....
i had it on my first computer i'm newbie....
my friend went thru the registry on windows 2000 pro and found it....my
cpu was running 100% i couldn't surf was 21k on dialup......my pc was
sending out like crazy and receiving orders whenever i
connected......from whoever...file was a little bit bigger than real
windows logon not much 2.7k....he googled it but found no info on that
file......i put in spybot,ad-adare and bunch of other free
ad,spyware,virus detect/clean downloads......i hope i didnt get it from
one of them.i'm going to uninstall all of them.....my friend going to
put in free bsd and take out windows and close ports except port 80 and
email etc ones.....i'm learning......watching him...any info on this exc
file appreciated.....what a miserable experience.......it was in windows
32/ not in run, run start and bunch of 95% places he said usual bad
stuff is.
Click to expand...

There is no such directory as Windows32 and it could be a deception if that
truly is a directory on the machine. If winlogon.exe is not running out of
Winnt/System32 directory on the Win 2K O/S, then it could be a Trojan.

Google is your friend.

http://www.liutilities.com/products/wintaskspro/processlibrary/winlogon/

You can use Process Explorer and right-click winlogon.exe to see what
directroy winlogon.exe is running out of when it's running. Keep in mind
that malware can use a program like winlogon.exe on its behalf as a host.

http://tinyurl.com/klw1

Duane :)
 
%SYSTEM ROOTS% =C:/WINDOWS

i said windows 32 but your right he says its window/system 32 ...my
mistake

my sysyem directory is C:/WINDOWS and file is located in
C:/WINDOWS/SYSTEM32

he says its not a virus but a program....
he curious wanted to know where it came
 
From: <[email protected]>

| %SYSTEM ROOTS% =C:/WINDOWS
|
| i said windows 32 but your right he says its window/system 32 ...my
| mistake
|
| my sysyem directory is C:/WINDOWS and file is located in
| C:/WINDOWS/SYSTEM32
|
| he says its not a virus but a program....
| he curious wanted to know where it came

The "/" is Unix syntax for a directory. The "\" is Win32 syntax. Now some Windows versions
"will" interpret "/" as a directory but the "/" is usually used as a designator of a switch
parameter in a Windows environment.

The correct syntax is...
C:\WINDOWS\SYSTEM32

The correct environmental variable is %SYSTEMROOT% NOT %SYSTEM ROOTS%

%SYSTEMROOT% points to C:\WINDOWS in WinXP and C:\WINNT in Win2K
( caveat: the user chose a different folder at installation or the OS was upgraded )
 
my friend can't search worth a darn

winiogon.exc (with capital i) not winlogon.exc (the real password logon
windows uses) i had two of them one was the fake trojan due to text
style microsoft uses its hard to spot.friend says free bsd uses better
text one full space for each letter has name for it i can't remember....

its backdoor armageddon a trojan see link

Symantec Security Response - Backdoor.Armageddon
Address:http://securityresponse.symantec.com/avcenter/venc/data/backdoor.armageddon.html

sorry its \ for windows
not /
i had it backwards
in other post my mistake......
tnx
 
From: <[email protected]>

| my friend can't search worth a darn
|
| winiogon.exc (with capital i) not winlogon.exc (the real password logon
| windows uses) i had two of them one was the fake trojan due to text
| style microsoft uses its hard to spot.friend says free bsd uses better
| text one full space for each letter has name for it i can't remember....
|
| its backdoor armageddon a trojan see link
|
| Symantec Security Response - Backdoor.Armageddon
| Address:http://securityresponse.symantec.com/avcenter/venc/data/backdoor.armageddon.html
|
| sorry its \ for windows
| not /
| i had it backwards
| in other post my mistake......
| tnx


Is the infector still there ?

Do you need help in removing it ?
 
Back
Top