winlogon in system start run

Using Spybot 1.3.1 I looked in Tools/System start run and saw these winlogon things. Never saw them before. Somebody out there who can tell me what these are and if they are needed?
Regards,

Gerard

 

Gerard;

The bold text means that those entries are new, I would disable those. Then I would reboot the machine and see if they come back. I would also send one of the files listed to DiamondCS (submit@diamondcs.com.au) and ask them to look at the files. They will tell you if the files are malicious.

Close Hauled

 

Hi Close,

Thanks for answering. Though those files didnt upset me, I was just curious it has something to do with the Spybot upgrade. Personally I dont have a clue what these Windows things means.
Will sent some over your advice and some elswhere
Greetz,

Gerard

 

Also, go to the "Uninistall info" section within spybot and look for any entries that are bold. Those are new installs since the last snapshot that Spybot took.

 

Gerard;

Those entries are not right. Something is definately up. By the way, you say that you have Spybot Search & Destroy v1.3.1. Where did you get it from? I can only find v1.3.

Close Hauled

 

Hi,

Got it just via the update button within SB.

 

Gerard;

Where did you download the original? I downloaded mine from CNET's Download.com. I cannot find v1.3.1 referenced anywhere on the Spybot home page.

Close Hauled

 

Saw this one:

http://images/avatars/brad_pitt.jpg nadirah http://images/statusicon/user_offline.gif vbmenu_register("postmenu_232136", true);
Senior Member
Join Date: Oct 2003
Location: On the small island of Singapore - The lion city
Posts: 367


http://images/icons/icon1.gif Spybot-S&D main application update.
I've seen no news about this update yet, but it updates your Spybot-S&D version from 1.3 to 1.3.1. The update was released today. unquote

This was 2 days ago

I think but not for sure downloaded the original from here:

http://www.safer-networking.org/en/download/index.html

Gerard

 

Gerard;

I just sent Patrick M. Kolla an e-mail asking him the latest version. I still cannot find any references to v1.3.1. The latest version update was July 29, and that was just to the detection files, not the program. What version of the detection files do you have?

Close Hauled

 

Detections from 28-07.

 

I have version SBs&d 1.3.1 also and am running xp pro and I don't have one of those entries at all.

 

I think those entries are related to this:

 

I am not running that app so it is possible that is what is causing them to be there.

 

Hi,

I send an e-mail to the support with the attached wlogons just to make sure its theirs.
Thanks,

Gerard

 

Guys to be able to view the Beta 1.3.1 you have to go to Settings and under Update enable the download of Beta Definitions and Programs.

 

Thanks Brent.

 

Hey, i have those entries too, do those belong to this process called: winlogon.exe?
I sure like to find out if they are legit.
Here's a screen shot of the update from FanJ.

 

i have almost the same. i was looking to take ewido out of the system tray. could it be to do with ewido?

 

What is patrick kolla up to? Nobody here seems to know about this mysterious winlogon thing! No news at all, no info. What are those winlogon entries anyway!? I'm still waitin' for a damn good answer.

 

The Winlogon entries is just one of the changes in the beta version of the main application(version 1.3.1).

* system startup now sees WinLogon section as well

They are found in the below reg key.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\

 

Thanks for info Bubba.
Cheers

 

Looks pretty legimate to me.

 

Thread moved to Privacy Software forum.

 

Hi all,

I too have the same new and strange entries for Winlogon in the autostart section of this latest Spybot update 1.3.1.

But I have neither ewido SS nor the Internet Security Alliance application mentioned running.

I use XP home for my OS.

IMHO, this seems to be certainly related to Spybot's update- no other startup manager/viewer shows these entries, and extensive checks with a variety of other security applications does not indicate the presence of any malware.

Looks like a false alert to me....?

regards,

Chris

 

The registry entries *do* exist. Your other startups managers are probably not looking at these though.

The concept of false alarm does not apply here, since Spybot is not saying these are malware, just that these keys are present.