winlogon.exe detected by Norton

Discussion in 'Malware Help (A Specialist Will Reply)' started by phoisheaven, Jun 23, 2005.

  1. phoisheaven

    phoisheaven Private E-2

    Hi guys, first off i love this site. You guys are doing a great service helping everyone with their computer problems.

    I am pretty good at keeping viruses and spyware off my computer, but am no means an expert, so I thought I would ask the major geeks about this one...

    I am running Windows XP on an IBM PC. I have Norton Antivirus 2005. I was going through the Norton Log Viewer to see if I had any threats, when I noticed that under the heading "Symantec Resource Protector" there were a whole bunch of "Unauthorized Access Logged" logs; one for almost every day since I got Norton Antivirus.

    This is what every log says, except for the dates and times are different of course:

    Time: 6/22/2005 4:14:08 PM
    Actor: C:\WINDOWS\system32\winlogon.exe (PID=692)
    Target: C:\Program Files\Norton AntiVirus\SAVScan.exe (PID=192)
    Action: Unauthorized access
    Reaction: Unauthorized access stopped

    Now I know that winlogon.exe is a real system file, but I also heard it could be a variant of a trojan, so I don't know what to think about this little friend. Nothing comes up when I scan with Norton or AdAware. So how do I make sure that it's not a trojan.

    I ran HijackThis, but you guys said not to post logs unless you ask. Let me know if I should post my log.

    Thank yoU!

    DpR
     
    phoisheaven, Jun 23, 2005
    #1
  2. phoisheaven

    phoisheaven Private E-2

    Ahh i see, thanks for the reply. Any idea why Norton is logging it as "unauthorized access" every day? Should I just leave it alone and let it keep logging?
     
    phoisheaven, Jun 23, 2005
    #2
  3. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    As Star indicated already, if you want piece of mind, follow the steps below completely. The first sticky thread is what he was referring to.

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps below:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Jun 24, 2005
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds