winlogin.exe

J

Jamie

I recently contracted the W32.Randex.E virus on my PC.
Upon following Symantecs instructions for removal, i had
to go into the registry and delete winlogin.exe. I have
done that and rescanned for viruses, and everything is OK
now, except, when i log on to windows, a screen pops up
and says that winlogin.exe is missing. It also seems to
take alot longer to log on to windows than it used to.
How do i go about restoring winlogin.exe, does anyone
know?
 
J

Jack Meyhoff

You NEED winlogin.exe. If you kill that process when running windows by
force you will see windows turn into a pile of poop within a few seconds.

Its a required process. You wont go far without it.
 
G

GSV Three Minds in a Can

from the wonderful said:
You NEED winlogin.exe. If you kill that process when running windows by
force you will see windows turn into a pile of poop within a few seconds.

Its a required process. You wont go far without it.
Click to expand...

No, you need WinlogON.exe, WinlogIN.exe is not part of WinXP, afaik.
 
D

Doug Knox MS-MVP

And you're still wrong. Winlogin.exe is the virus. Its already gone, due
to his AV software. What isn't gone is the Registry entry that's still
trying to load it.



Jack Meyhoff said:
Ok ok typo, but you get my meaning...
Click to expand...
 
D

Doug Knox MS-MVP

Jamie,

Click Start, Run and enter REGEDIT Go to:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx

Look in the right pane for any value that references Winlogin.exe If found,
right click the value in question and select Delete. To be on the safe
side, you can highlight the subkey that you're in and right click and select
Export. This will save a copy of that subkey to a file, that can be
re-imported.

Another location to check is in:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

Look in the right pane for the Shell value. It should read Explorer.exe
And nothing else. If it differs, then right click the Shell value and
select Modify. Change it to read Explorer.exe
 
G

GSV Three Minds in a Can

from the wonderful said:
Ok ok typo, but you get my meaning...
Click to expand...

Maybe, but the OP needs to decide what exactly is missing. WinlogIN is,
iirc, a real virus/trojan/badguy .. WinlogON is needed. If his system is
still running, but bleating about lack of WinlogIN, then the virus
removal is incomplete .. it's still being referenced somewhere. If he
has removed WinlogON, then, as you said, I don't see how his system is
working at all.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

missing winlogin.exe file 2
I (still) Have a Worm! Please Help! W32.Randex.E aka RPCSDBOT.A 12
winlogin.exe 2
winlogin.exe 1
windows cannot find 'winlogin.exe' 1
winlogin.exe 1
Winlogin.exe file missing - Help 1
winlogin.exe and viruses 3

Top