Using Spybot 1.3.1 I looked in Tools/System start run and saw these winlogon things. Never saw them before. Somebody out there who can tell me what these are and if they are needed?
Regards,

Gerard

-{ Quote: "Using Spybot 1.3.1 I looked in Tools/System start run and saw these winlogon things. Never saw them before. Somebody out there who can tell me what these are and if they are needed?
Regards,

Gerard" }-Gerard;

The bold text means that those entries are new, I would disable those. Then I would reboot the machine and see if they come back. I would also send one of the files listed to DiamondCS (submit@diamondcs.com.au) and ask them to look at the files. They will tell you if the files are malicious.

Close Hauled

Hi Close,

Thanks for answering. Though those files didnt upset me, I was just curious it has something to do with the Spybot upgrade. Personally I dont have a clue what these Windows things means.
Will sent some over your advice and some elswhere ;D
Greetz,

Gerard

Also, go to the "Uninistall info" section within spybot and look for any entries that are bold. Those are new installs since the last snapshot that Spybot took.
-{ Quote: "New feature added in version 1.3: entries that have changed since the last snapshot (the first has been created the first time you started Spybot-S&D for the first time, later on you can create snapshots by right-clicking the list and selecting the corresponding menu item) are displayed in bold letters. This allows you to see changes to the list at once." }-

-{ Quote: "Hi Close,

Thanks for answering. Though those files didnt upset me, I was just curious it has something to do with the Spybot upgrade. Personally I dont have a clue what these Windows things means.
Will sent some over your advice and some elswhere ;D
Greetz,

Gerard" }-Gerard;

Those entries are not right. Something is definately up. By the way, you say that you have Spybot Search & Destroy v1.3.1. Where did you get it from? I can only find v1.3.

Close Hauled

Hi,

Got it just via the update button within SB.

-{ Quote: "Hi,

Got it just via the update button within SB." }-Gerard;

Where did you download the original? I downloaded mine from CNET's Download.com (http://www.download.com/Spybot-Search-Destroy/3000-8022-10122137.html?part=dl-spybot&subj=dl&tag=but). I cannot find v1.3.1 referenced anywhere on the Spybot home page (http://www.safer-networking.org/en/index.html).

Close Hauled

Saw this one:

images/avatars/brad_pitt.jpg (member.php?u=6960) nadirah (member.php?u=6960) images/statusicon/user_offline.gif vbmenu_register("postmenu_232136", true);
Senior Member
Join Date: Oct 2003
Location: On the small island of Singapore - The lion city
Posts: 367


images/icons/icon1.gif Spybot-S&D main application update.
I've seen no news about this update yet, but it updates your Spybot-S&D version from 1.3 to 1.3.1. The update was released today. unquote

This was 2 days ago

I think but not for sure downloaded the original from here:

http://www.safer-networking.org/en/download/index.html

Gerard

Gerard;

I just sent Patrick M. Kolla an e-mail asking him the latest version. I still cannot find any references to v1.3.1. The latest version update was July 29, and that was just to the detection files, not the program. What version of the detection files do you have?

Close Hauled

Detections from 28-07.

I have version SBs&d 1.3.1 also and am running xp pro and I don't have one of those entries at all.

-{ Quote: "I have version SBs&d 1.3.1 also and am running xp pro and I don't have one of those entries at all." }-
I think those entries are related to this:

I am not running that app so it is possible that is what is causing them to be there.

Hi,

I send an e-mail to the support with the attached wlogons just to make sure its theirs.
Thanks,

Gerard

Guys to be able to view the Beta 1.3.1 you have to go to Settings and under Update enable the download of Beta Definitions and Programs.

-{ Quote: "Guys to be able to view the Beta 1.3.1 you have to go to Settings and under Update enable the download of Beta Definitions and Programs." }-Thanks Brent.

Hey, i have those entries too, do those belong to this process called: winlogon.exe?
I sure like to find out if they are legit.
Here's a screen shot of the update from FanJ.

i have almost the same. i was looking to take ewido out of the system tray. could it be to do with ewido?

What is patrick kolla up to? Nobody here seems to know about this mysterious winlogon thing! No news at all, no info. What are those winlogon entries anyway!? I'm still waitin' for a damn good answer.

-{ Quote: " No news at all, no info. What are those winlogon entries anyway!?" }-The Winlogon entries is just one of the changes in the beta version of the main application(version 1.3.1).

* system startup now sees WinLogon section as well

They are found in the below reg key.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

Thanks for info Bubba.
Cheers

Looks pretty legimate to me.

Thread moved to Privacy Software forum.

Hi all,

I too have the same new and strange entries for Winlogon in the autostart section of this latest Spybot update 1.3.1.

But I have neither ewido SS nor the Internet Security Alliance application mentioned running.

I use XP home for my OS.

IMHO, this seems to be certainly related to Spybot's update- no other startup manager/viewer shows these entries, and extensive checks with a variety of other security applications does not indicate the presence of any malware.

Looks like a false alert to me....?

regards,

Chris

-{ Quote: "Hi all,

IMHO, this seems to be certainly related to Spybot's update- no other startup manager/viewer shows these entries, and extensive checks with a variety of other security applications does not indicate the presence of any malware.

Looks like a false alert to me....?

regards,

Chris" }-

The registry entries *do* exist. Your other startups managers are probably not looking at these though.

The concept of false alarm does not apply here, since Spybot is not saying these are malware, just that these keys are present.

For those still confused/worried about those entries, see
http://forums.net-integration.net/index.php?showtopic=20936

For XP, the basic normal subkeys at

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
are

crypt32chain
cryptnet
cscdll
ScCertProp
Schedule
sclgntfy
SensLogn
termsrv
wlballoon

You may have one or two other legitimate ones, depending on your system, e.g. I have one related to my ATI Radeon card, AtiExtEvent

Don't delete or uncheck these from the startup, your system either won't start or not function as expected without most of them, anyway!

Thanks JR

Below is a link that lists the new additions to the beta version of the main application found at the Official Spybot Search & Destroy Forums (http://forums.net-integration.net/index.php?c=7) for those interested in what "patrick kolla up to" or Announcements about Spybot and it's releases.

This Link---> Spybot S&d Update Information 8-6-2004 (http://forums.net-integration.net/index.php?showtopic=20938&st=0&#entry95090)

Thanks for the info bubba! ;) My questions are finally answered.

Hi all,

Thanks for that- I have now located these entries with Sysinternals autostart viewer too and can see that they refer to nothing untoward.

Assistance appreciated.

regards,

Chris

This one belongs to PCInternetPatrol