[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 562
  • Last Modified:

Winlogon.exe infected with Virus

Malwarebytes has scanned the system and found virus backdoor.bot on the winlogo.exe file and found trojan.backdoor virus on csrss.exe.   Before I answer yes for malwarebytes to do remove selected I want to make sure this will not crash the system.  Any thoughts please.
0
Kevin Caldwell
Asked:
Kevin Caldwell
  • 2
  • 2
  • 2
  • +1
3 Solutions
 
skywalker39Commented:
Hi kevinecaldwell,

If you remove Winlogon.exe it should not crash your computer however, having a virus on your computer isn't doing you any good. If you want to be safe backup any of your important data before removing the virus.
0
 
ThickmanCommented:
I've had the exact same thing on several systems and nothing bad came from removing them.
0
 
ThickmanCommented:
Make sure you disable the system restore before you remove.  You can re enable it after you reboot.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
warturtleCommented:
Can you please tell us what locations are they at? Have you done the scan in normal mode? or safe mode?
0
 
Kevin CaldwellOwner of RUseeingRed Tech SolutionsAuthor Commented:
both files are in c:\windows
Malwarebytes scan was in normal mode, quick scan, not the full scan.
0
 
warturtleCommented:
The normal location of these files is c:\windows\system32 and if they are present in c:\windows and are flagged as malicious by MalwareBytes scanner then they are malicious and removing them shouldn't do anything to your PC.

Have a look at this thread for more information:

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Windows/XP/Q_21991525.html

Hope it helps.
0
 
Kevin CaldwellOwner of RUseeingRed Tech SolutionsAuthor Commented:
The file was a fake just as warturtle said, so it was removed.  Thanks for all the help. Kevin
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now