Winlogon.exe

Winlogon.exe keeps asking to connect to a certain IP address. The weird thing about it is that the location of winlogon.exe is in the format of..

\??\C:\WINDOWS\system32\winlogon.exe

..anyone know what the "\??\" is for? I currently am using Filseclab's firewall and have created a rule to block it. Oh, I don't know if it'll help but here's the IP Address and Port # it's trying to connect to..

IP Address: 69.50.188.51
Direction: Out
Protocol: Http

Thanks in advance..

 

It's strange. It should be c:/windows/system32/winlogon.exe
The IP 69.50.188.51 is from a computer located in Concord city if I am not wrong (USA). I think is good you created a rule for not allowing the file to connect to that IP. It happend for me too but the IP was from Australia.

You should also run few antivirus on your computer. That's all I know.

Lucian

www.glasshop.ro

 

Take a look here and here, seems you are in trouble...

 

Hhhmmm....wonder how I a trojan got past NOD..first time ever for me. Well since this post is pretty old, I did the ol' format already. But thanks for the references to fix it..

 

Maybe Eset is reading with us?

 

Rawr would you mind to post your HijackThis Log, please?