Winlogon Firedaemon

[Guest]

I've got a disabled FireDaemon Service: Winlogon. It lists the path to
executable as c:\winnt\system32\drivers\svc\FireDaemon.EXE.
The executable does not exist in that directory. I believe it was already
removed.
In the registry under HKLM\System\CurrentControlSet\Services\Winlogon, I
have a Display Name: FireDaemon Service: Winlogon, Image Path:
c:\winnt\system32\drivers\svc\FireDaemon.exe. Under Winlogon, I have
Paraemeters with FireStarter: c:\winnt\system32\drivers\svc\svchost.exe.

I would like to finish cleaning this up, but I am afriad to just delete
these keys. Which keys can I delete, or do I need to modify them to say
something correct?

 

[Vincent Xu [MSFT]]

Hi ,

I don't know your situation but I'd like to know why you try to remove
them? They are all system executables. Please let me know the symptom in
detail that I can provide assistance.

Thanks.


Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------

 

[Guest]

Firedaemon, Serv-U FTP and another service were not installed by me, but most
likely by a virus about a year ago. At the time, I removed the virus
infected files, but three services still appeared in the Services list. They
were disabled and not running, but still in the list.
I removed Serv-U FTP and the other service (Dameware Mini Remote Control?),
but I am concerned that the Firedaemon service is referencing Winlogon. I do
not know if I can just delete the Winlogon registry key that is referencing
Firedaemon, or if I need to fix the Winlogon registry key instead.
My question is do I:
1. delete the Winlogon registry keys referencing Firedaemon.
2. change the Winlogon registry keys referencing Firedaemon to something not
referencing Firedaemon, and if so, what should I change them to?

This is a remote server, and I would rather not delete a registry key,
reboot, and find out I can't log in any more.

 

[John John]

You might want to ask them here: http://www.firedaemon.com/

Unfortunately for them, their tool has been commandeered by many virus
and malware writers. Most often users who have this component on their
computers have it due to a viral or malware infection. It may be a
valid file used by a valid application but it is not a Windows System file.

John

 

[Vincent Xu [MSFT]]

Hi,

I think it has a start entry in the startup group, you can cancel it. Click
Start -> Run -> msconfig, find the related entry on the startup tab and
uncheck it!

In Windows 2000, there is no msconfig, you can copy msconfig.exe from a
Windows XP client. It works well on win2000 client. The location is:

C:\WINDOWS\pchealth\helpctr\binaries


In additioni, for Virus issue, call 1-866-pcsafety if you are in USA, it is
no charge.

Best regards,

Vincent Xu
Microsoft Online Partner Support

======================================================
Get Secure! - www.microsoft.com/security
======================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others
may learn and benefit from this issue.
======================================================
This posting is provided "AS IS" with no warranties,and confers no rights.
======================================================



--------------------