winlogon in system start run

Discussion in 'other anti-malware software' started by gerardwil, Aug 6, 2004.

Thread Status:
Not open for further replies.
  1. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Using Spybot 1.3.1 I looked in Tools/System start run and saw these winlogon things. Never saw them before. Somebody out there who can tell me what these are and if they are needed?
    Regards,

    Gerard
     

    Attached Files:

  2. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    Gerard;

    The bold text means that those entries are new, I would disable those. Then I would reboot the machine and see if they come back. I would also send one of the files listed to DiamondCS (submit@diamondcs.com.au) and ask them to look at the files. They will tell you if the files are malicious.

    Close Hauled
     
  3. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Hi Close,

    Thanks for answering. Though those files didnt upset me, I was just curious it has something to do with the Spybot upgrade. Personally I dont have a clue what these Windows things means.
    Will sent some over your advice and some elswhere :D
    Greetz,

    Gerard
     
  4. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    Also, go to the "Uninistall info" section within spybot and look for any entries that are bold. Those are new installs since the last snapshot that Spybot took.
     
  5. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    Gerard;

    Those entries are not right. Something is definately up. By the way, you say that you have Spybot Search & Destroy v1.3.1. Where did you get it from? I can only find v1.3.

    Close Hauled
     
  6. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Hi,

    Got it just via the update button within SB.
     

    Attached Files:

  7. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    Gerard;

    Where did you download the original? I downloaded mine from CNET's Download.com. I cannot find v1.3.1 referenced anywhere on the Spybot home page.

    Close Hauled
     
  8. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Saw this one:

    http://images/avatars/brad_pitt.jpg nadirah http://images/statusicon/user_offline.gif vbmenu_register("postmenu_232136", true);
    Senior Member
    Join Date: Oct 2003
    Location: On the small island of Singapore - The lion city
    Posts: 367


    http://images/icons/icon1.gif Spybot-S&D main application update.
    I've seen no news about this update yet, but it updates your Spybot-S&D version from 1.3 to 1.3.1. The update was released today. unquote

    This was 2 days ago

    I think but not for sure downloaded the original from here:

    http://www.safer-networking.org/en/download/index.html

    Gerard
     
  9. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    Gerard;

    I just sent Patrick M. Kolla an e-mail asking him the latest version. I still cannot find any references to v1.3.1. The latest version update was July 29, and that was just to the detection files, not the program. What version of the detection files do you have?

    Close Hauled
     
  10. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Detections from 28-07.
     

    Attached Files:

  11. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I have version SBs&d 1.3.1 also and am running xp pro and I don't have one of those entries at all.
     
  12. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    I think those entries are related to this:
     

    Attached Files:

  13. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I am not running that app so it is possible that is what is causing them to be there.
     
  14. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Hi,

    I send an e-mail to the support with the attached wlogons just to make sure its theirs.
    Thanks,

    Gerard
     
  15. Brent

    Brent Registered Member

    Joined:
    Jun 22, 2004
    Posts:
    71
    Guys to be able to view the Beta 1.3.1 you have to go to Settings and under Update enable the download of Beta Definitions and Programs.
     
  16. Close_Hauled

    Close_Hauled Registered Member

    Joined:
    Apr 24, 2004
    Posts:
    1,015
    Location:
    California
    Thanks Brent.
     
  17. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    Hey, i have those entries too, do those belong to this process called: winlogon.exe?
    I sure like to find out if they are legit.
    Here's a screen shot of the update from FanJ.
     

    Attached Files:

  18. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    i have almost the same. i was looking to take ewido out of the system tray. could it be to do with ewido?
     

    Attached Files:

  19. nadirah

    nadirah Registered Member

    Joined:
    Oct 14, 2003
    Posts:
    3,647
    What is patrick kolla up to? Nobody here seems to know about this mysterious winlogon thing! No news at all, no info. What are those winlogon entries anyway!? I'm still waitin' for a damn good answer.
     
  20. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    The Winlogon entries is just one of the changes in the beta version of the main application(version 1.3.1).

    * system startup now sees WinLogon section as well

    They are found in the below reg key.

    HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\
     
    Last edited: Aug 8, 2004
  21. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    Thanks for info Bubba.
    Cheers
     
  22. Ronin

    Ronin Guest

    Looks pretty legimate to me.
     
  23. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Thread moved to Privacy Software forum.
     
  24. dqa

    dqa Registered Member

    Joined:
    Mar 17, 2002
    Posts:
    33
    Location:
    London
    Hi all,

    I too have the same new and strange entries for Winlogon in the autostart section of this latest Spybot update 1.3.1.

    But I have neither ewido SS nor the Internet Security Alliance application mentioned running.

    I use XP home for my OS.

    IMHO, this seems to be certainly related to Spybot's update- no other startup manager/viewer shows these entries, and extensive checks with a variety of other security applications does not indicate the presence of any malware.

    Looks like a false alert to me....?

    regards,

    Chris
     
  25. Ronin

    Ronin Guest

    The registry entries *do* exist. Your other startups managers are probably not looking at these though.

    The concept of false alarm does not apply here, since Spybot is not saying these are malware, just that these keys are present.
     
Loading...
Thread Status:
Not open for further replies.