Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

wVnlogin.exe, or w?nlogin.exe

Status
Not open for further replies.
zebratech

zebratech

IS-IT--Management
Jul 17, 2003
92
0
0
US
Hi all,

wVnlogin.exe, or w?nlogin.exe keeps popping up in the process list on only one account on my xp pro machine. Can't find any useful info on the net about it but my instincts say that it is malware of some form. Anybody encounter this yet or know anything about it?

Thanks,



Unix IS user friendly... It's just selective about who its friends are.
 
Sort by date Sort by votes
I haven't seen that one yet. But, I suspect they are mimacking winlogin.exe a legit process.

I would run:

AdwareSE
Spybot S&D
Microsoft's Beta Antispyware
Hijack This

Also, check your msconfig startup and see if there something there that is starting the process. These tools should fix you up.

Hope this helps.

Erik
 
Upvote 0 Downvote
I had a similar process once, except it was ??plorer.exe. File analysis showed that it popped up ads and pretended the OS crashed on every boot up (in the Run key), and sent the data to a certain site. Sounds like this one is using non-standard characters that Windows will see as winlogin.exe instead of w?nlogin.exe that it should be. So yes, I second Erik's suggestions. Be sure to turn off System Restore first.

----------------------------
"Will work for bandwidth" - Thinkgeek T-shirt
 
Upvote 0 Downvote
re system restore,
Could also check system restore for a good restore point prior to start of problem.

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
??plorer.exe etc are quite common, they are using characters from the russian alphabet as replacements for originals(because they look similar).
Windows will show the characters when browsing so it is hard to spot, other than "explorer.exe" not being sorted by name properly.
Do file find and search *plorer.exe . Its easy to spot the fake ones, or at worst, the one that has no file properties.
 
Upvote 0 Downvote
Thanks for the help, I have tried running the above programs and AVG, but no help, it shows up in when I run sysinternals Processexplorer but not in task manager. I have removed it manually several times (c:\windows\system32\w?nlogin.exe), but it keeps on showing up in my daughters account, on her process list, on our home pc. Don't know what site she is getting it from, and I'm trying to track down what ports it uses as I suspect it may be a trojan.




Unix IS user friendly... It's just selective about who its friends are.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Olumighty
  • Locked
  • Question
BIOS PASSWORD WIPE OR CLEAR ON COMPUTER LAPTOP 1
Replies
1
Views
57
SamBones
SamBones
shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
79
2ffat
2ffat
Shimmy613
  • Locked
  • Question
Avira Free: "Your computer is not secure! A Service is not working correctly"
Replies
14
Views
173
ChrisHirst
ChrisHirst
DrB0b
  • Locked
  • Question
True Crypt / Crypto-ware / Firewalls 1
Replies
14
Views
109
goombawaho
goombawaho
johncp
  • Locked
  • Question
A Warning: DON'T LET EMOTION SUSPEND CREDIBILITY.
Replies
1
Views
59
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top