Winlogon.Exe keeps calling out

D

Dave Neve

Hello

I get automatic updates so occasionally, my system seems to change behavoiur
without me knowing why

Having said that, I have also installed Windows Live in the last week.

Anyway, now c:\WINDOWS\system32\winlogon.exe keeps on calling out and
getting blocked by my firewall (Kerio)

It's becoming impossible to work with all these windows appearing every few
seconds at time.

Below, I have recorded three attemps which were blocked.

The second one worries me as the address seems strange
(custblock.intercage.com )

Any ideas please as to why this increased activity?

Thanks

Dave Neve


[26/06/2006 11:59:59]

Direction: sortant
Point local: 84.98.113.35, port 1382
Matériel: N/A
Point distant: 85.255.113.238 [85.255.113.238], port http [80]
Protocole: TCP

Fichier: c:\WINDOWS\system32\winlogon.exe
Description: Application d'ouverture de session Windows NT
Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Créé le: 2002/8/29, 09:45:16
Modifié le: 2004/8/19, 15:10:06
Accédé le: 2006/6/26, 06:20:40

RuleId = 603980587[26/06/2006 12:03:20]

---------------------------------------------------------------------------------------------

Direction: sortant
Point local: 84.98.113.35, port 1385
Matériel: N/A
Point distant: 69.50.164.53-custblock.intercage.com [69.50.164.53], port
http [80]
Protocole: TCP

Fichier: c:\WINDOWS\system32\winlogon.exe
Description: Application d'ouverture de session Windows NT
Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Créé le: 2002/8/29, 09:45:16
Modifié le: 2004/8/19, 15:10:06
Accédé le: 2006/6/26, 06:20:40

RuleId = 603980587
[26/06/2006 12:00:08]

-----------------------------------------------------------------------------------------------------------------------------
Direction: sortant
Point local: 84.98.113.35, port 1386
Matériel: N/A
Point distant: 85.255.118.6 [85.255.118.6], port http [80]
Protocole: TCP

Fichier: c:\WINDOWS\system32\winlogon.exe
Description: Application d'ouverture de session Windows NT
Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Créé le: 2002/8/29, 09:45:16
Modifié le: 2004/8/19, 15:10:06
Accédé le: 2006/6/26, 06:20:40

RuleId = 603980587
 
R

Roberto

Dave Neve said:
Hello

I get automatic updates so occasionally, my system seems to change
behavoiur without me knowing why

Having said that, I have also installed Windows Live in the last week.

Anyway, now c:\WINDOWS\system32\winlogon.exe keeps on calling out and
getting blocked by my firewall (Kerio)

It's becoming impossible to work with all these windows appearing every
few seconds at time.

Below, I have recorded three attemps which were blocked.

The second one worries me as the address seems strange
(custblock.intercage.com )

Any ideas please as to why this increased activity?

Thanks

Dave Neve
Click to expand...

c:\WINDOWS\system32\winlogon.exe is legit, however if you see a
reference to it in msconfig /startup tab then you are infected.

Do a scan from safe mode with the following
sysclean http://www.trendmicro.com/download/dcs.asp
latest patern files here
http://www.trendmicro.com/download/viruspattern.asp

smifraud http://www.ik-cs.com/programs/virtools/SmitFraud.exe

Ad-Aware http://www.lavasoft.de

rgds
Roberto
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Burning DVD problems -- System lock-up 3
Safe to permit in firewall? 2
Unknown Icon Update Tasks List + Picture of Icon 7
dvd tray won't open 5
Driver Conflict 2
SIDEBYSIDE ERROR 4
generic host process for win32 3
Only one CD/RW drive can be set to record 4

Top