We help IT Professionals succeed at work.

Windows XP Home SP3 & WinLogon.exe

Medium Priority
1,514 Views
Last Modified: 2012-06-27
Today a laptop was dropped off with me that appears to be acting a little weird.
Symptoms: WinLogon.exe is using 100% of the processor, machine is running very slow and keeps locking up.

My first guess to this was this machine must have a virus or spyware. I pulled the hard drive out, plug it into another machine that is running correctly,and ran a virus scanner and spyware cleaners. A couple of minor bugs were found, but nothing real serious. (Virus scan was ran with Avast, and spyware was ran with SuperAntiSpyware, Adaware, and S&D).

Plugged the drive back into this laptop, booted it up, same problem. WinLogon.exe is using 100% of the processor.

Loaded into Safe mode: Same problem
Used system restore: Same problem
Created a new user account: Same Problem
Ran MSCONFIG, shut off everything (diag mode): Same Problem

I would prefer to try and correct the problem with out having to re-load windows. I am working on getting a friend of mine to send me a copy of his WinLogon.exe from his system (he is running the same ver. of windows w/ sp3), Not sure if I will be able to over-write the current file or not, and not really sure that if I do succeed in over-writting the file, if windows will boot back up correctly.

Short of doing a re-install of windows, would anyone have any other suggestions. If so, please be through in the steps to complete your recommended process.

Thanks.
Comment
Watch Question

Have you tried Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam.php)? Also, can you send us the HijackThis log?

Author

Commented:
I will attempt to run the malwarebytes as suggested, I have been trying over and over to run HiJack, but due to the system resources being tied up, HiJack keeps locking up during the initial scan.
CERTIFIED EXPERT

Commented:
What happens if you kill WinLogon.exe in TaskManager?

Sometimes I have had a little berrer luck with Kill Process
http://www.softpedia.com/get/System/OS-Enhancements/Kill-Process.shtml
CERTIFIED EXPERT

Commented:
*better   :-\

Author

Commented:
cant kill WinLogon.exe, its a critical system service (If there was a way to kill it, Windows would automaticlly blue screen and reboot.)

Author

Commented:
Tried to run MalwareBytes, system locked up when trying to install. I currently have the hard drive back out of the laptop, and I am manually running scans on it using one of my working machines.
There is a way to kill it, you use Sysinternals Process Explorer, found on Microsoft's Technet Site. Here is the link: http://technet.microsoft.com/en-us/sysinternals/default.aspx

You can try replacing the file using Microsoft's Windows File Checker. Get to the Command Prompt, then type without quotation marks the following command. "SFC /scannow" This will make sure that any important system file hasn't been tampered with.
The entire article about it is found here: http://www.microsoft.com/whdc/archive/wfp.mspx#ELD

If the above doesnt help, try using Sysinternals RootkitRevealer. There could be a rootkit attached to Winlogon.exe which explains its maxed out CPU usage. Then I recomend using ESET's NOD32 to scan the system, since it has the most advanced heuristics of any antivirus scanner I have come across. This will most likely find any malware still on the computer, assuming it is actually malware causing the problem and not Winlogon.exe hanging on an instruction.

Hope this helps.

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
CERTIFIED EXPERT

Commented:

What worked?
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.