[Last Call] Learn how to a build a cloud-first strategyRegister Now


Windows XP Home SP3 & WinLogon.exe

Posted on 2009-02-12
Medium Priority
Last Modified: 2012-06-27
Today a laptop was dropped off with me that appears to be acting a little weird.
Symptoms: WinLogon.exe is using 100% of the processor, machine is running very slow and keeps locking up.

My first guess to this was this machine must have a virus or spyware. I pulled the hard drive out, plug it into another machine that is running correctly,and ran a virus scanner and spyware cleaners. A couple of minor bugs were found, but nothing real serious. (Virus scan was ran with Avast, and spyware was ran with SuperAntiSpyware, Adaware, and S&D).

Plugged the drive back into this laptop, booted it up, same problem. WinLogon.exe is using 100% of the processor.

Loaded into Safe mode: Same problem
Used system restore: Same problem
Created a new user account: Same Problem
Ran MSCONFIG, shut off everything (diag mode): Same Problem

I would prefer to try and correct the problem with out having to re-load windows. I am working on getting a friend of mine to send me a copy of his WinLogon.exe from his system (he is running the same ver. of windows w/ sp3), Not sure if I will be able to over-write the current file or not, and not really sure that if I do succeed in over-writting the file, if windows will boot back up correctly.

Short of doing a re-install of windows, would anyone have any other suggestions. If so, please be through in the steps to complete your recommended process.

Question by:miketech04
LVL 22

Expert Comment

ID: 23626053
Have you tried Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php)? Also, can you send us the HijackThis log?

Author Comment

ID: 23626798
I will attempt to run the malwarebytes as suggested, I have been trying over and over to run HiJack, but due to the system resources being tied up, HiJack keeps locking up during the initial scan.
LVL 10

Expert Comment

by:Prester John
ID: 23627079
What happens if you kill WinLogon.exe in TaskManager?

Sometimes I have had a little berrer luck with Kill Process
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

LVL 10

Expert Comment

by:Prester John
ID: 23627085
*better   :-\

Author Comment

ID: 23627111
cant kill WinLogon.exe, its a critical system service (If there was a way to kill it, Windows would automaticlly blue screen and reboot.)

Author Comment

ID: 23627131
Tried to run MalwareBytes, system locked up when trying to install. I currently have the hard drive back out of the laptop, and I am manually running scans on it using one of my working machines.

Accepted Solution

compaq_presario earned 1500 total points
ID: 23636006
There is a way to kill it, you use Sysinternals Process Explorer, found on Microsoft's Technet Site. Here is the link: http://technet.microsoft.com/en-us/sysinternals/default.aspx

You can try replacing the file using Microsoft's Windows File Checker. Get to the Command Prompt, then type without quotation marks the following command. "SFC /scannow" This will make sure that any important system file hasn't been tampered with.
The entire article about it is found here: http://www.microsoft.com/whdc/archive/wfp.mspx#ELD

If the above doesnt help, try using Sysinternals RootkitRevealer. There could be a rootkit attached to Winlogon.exe which explains its maxed out CPU usage. Then I recomend using ESET's NOD32 to scan the system, since it has the most advanced heuristics of any antivirus scanner I have come across. This will most likely find any malware still on the computer, assuming it is actually malware causing the problem and not Winlogon.exe hanging on an instruction.

Hope this helps.
LVL 10

Expert Comment

by:Prester John
ID: 23666323

What worked?

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
MS Outlook undoubtedly is the most widely used email client.Its user-friendliness, cost effectiveness, and availability with Microsoft Office Suite make it the most popular email application.  Its compatibility with Microsoft applications like Exch…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question