winlogon.exe (5.1.2600.1106)

Contained in software
Name:	Windows XP Home Edition, Deutsch
License:	commercial
Information link:	http://www.microsoft.com/windowsxp/
File details
Filepath:	C:\WINDOWS\system32 \ winlogon.exe
Filedate:	2002-08-29 14:00:00
Version:	5.1.2600.1106
Filesize:	521.728 bytes
Checksum and file hashes
CRC32:	EFFDF5E1
MD5:	6168 96B7 0828 6DA9 8D6A 0992 93F1 81D7
SHA1:	3185 27E4 C475 E203 B220 2C43 7482 EACC C542 0195
Version resource information
CompanyName:	Microsoft Corporation
FileDescription:	Windows NT-Anmeldung
FileOS:	Windows NT, Windows 2000, Windows XP, Windows 2003
FileType:	Application
FileVersion:	5.1.2600.1106
InternalName:	winlogon
LegalCopyright:	© Microsoft Corporation. Alle Rechte vorbehalten.
OriginalFilename:	WINLOGON.EXE
ProductName:	Betriebssystem Microsoft® Windows®
ProductVersion:	5.1.2600.1106

winlogon.exe was found in the following malware reports:


W32.Neveg.A@mm
Technical details ...Copies itself as %Windir%systemwinlogon.exe. Note: %Windir% is a variable... ...".Prog" = "%Windir%systemwinlogon.exe" "BuildLab" = "%Windir%systemwinlogon.exe"... ..."ccApps" = "%Windir%systemwinlogon.exe" "FriendlyTypeName"... ..."Microsoft Visual SourceSafe"= "%Windir%systemwinlogon.exe" "RegDone" = "%Windir%systemwinlogon.exe"... ..."TEXTCONV" = "%Windir%systemwinlogon.exe" "WMAudio" = "%Windir%systemwinlogon.exe"... Removal instructions ...".Prog" = "%Windir%systemwinlogon.exe" "BuildLab" = "%Windir%systemwinlogon.exe"... ..."ccApps" = "%Windir%systemwinlogon.exe" "FriendlyTypeName"... ..."Microsoft Visual SourceSafe"= "%Windir%systemwinlogon.exe" "RegDone" = "%Windir%systemwinlogon.exe"... ..."TEXTCONV" = "%Windir%systemwinlogon.exe" "WMAudio" = "%Windir%systemwinlogon.exe"... Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.neveg.a@mm.html
Backdoor.Graybird
Technical details ...%System%Svch0st.exe %System%Winlogon.exe %System%Explorer.exe... ..."winlogon"="%System%Winlogon.exe" "system"="%System%Explorer.exe"... Removal instructions ..."winlogon"="%System%Winlogon.exe" "system"="%System%Explorer.exe"... Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.graybird.html
W32.Marol@mm
Technical details ...itself as the following files: %Windir%Winlogon.exe %Windir%Marisol.exe... ..."Apnt" = "%Windir%winlogon.exe" "WorksCache" = "%Windir% empWkCVX.exe"... Removal instructions ..."Apnt" = "%Windir%winlogon.exe" "WorksCache" = "%Windir% empWkCVX.exe"... Source: http://securityresponse.symantec.com/avcenter/venc/data/w32.marol@mm.html
Backdoor.Trodal
Technical details ...Copies itself to %Windir%Winlogon.exe. Note: %Windir% is a variable.... ...Creates the registry value "winlogon"="%windir%winlogon.exe"... ...Sets the file timestamp of %Windir%Winlogon.exe to the same values as the file, %Windir%win.ini.... Removal instructions ...right pane, delete the value: "winlogon"="%windir%winlogon.exe"... Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trodal.html
Backdoor.Dsklite
Technical details ...Copies itself as %Windir%Winlogon.exe. NOTE: %Windir% is a variable.... ..."Windows Logon Application"="%Windir%winlogon.exe" to the registry key:... Removal instructions ...Scroll through the list and look for winlogon.exe. If you find the file, click... ..."Windows Logon Application"="%Windir%winlogon.exe" Exit the Registry Editor.... Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.dsklite.html
Trojan.Hazzer
Technical details ...or: "winlogon"=<path to trojan>... ...L2logon.exe Winlogon.exe Tries to delete C:Msdos.exe.... Removal instructions ...or: "winlogon"=<path to trojan>... Source: http://securityresponse.symantec.com/avcenter/venc/data/trojan.hazzer.html
Spyware.TrueActive
Technical details ..._.exe; tamset.exe; sem.dll; winsdoc.dll; winlogon.exe When Spyware.TrueActive is... ...detected as Spyware.TrueActive) %Windir%winlogon.exe (main logger, detected as Spyware.TrueActive)... Source: http://securityresponse.symantec.com/avcenter/venc/data/spyware.trueactive.html
Backdoor.Prorat
Technical details ...%System%Sservice.exe %Windir%Winlogon.exe Notes:... ...HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon from:... ...May inject a .dll file into the Winlogon process as a thread, which will end the processes of various security products.... Removal instructions ...HKEY_LOCAL_MACHINESoftwareMicrosoftWindows NTCurrentVersionWinlogon In the right pane, modify... Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.prorat.html
Backdoor.Beasty.H
Technical details ...Systray.exe Winlogon.exe NOTE:... Source: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.beasty.h.html
Intruder Alert 3.6 W32_Netsky_D_Worm Policy
following file to be monitored: #windirwinlogon.exe Last modified on:... ...... Source: http://securityresponse.symantec.com/avcenter/security/Content/2004.03.01.html

Navigation

Browse files

• by name

winlogon.exe (5.1.2600.1106)

Contained in software

File details

Checksum and file hashes

Version resource information

winlogon.exe was found in the following malware reports:

W32.Neveg.A@mm

Backdoor.Graybird

W32.Marol@mm

Backdoor.Trodal

Backdoor.Dsklite

Trojan.Hazzer

Spyware.TrueActive

Backdoor.Prorat

Backdoor.Beasty.H

Intruder Alert 3.6 W32_Netsky_D_Worm Policy

Navigation