WinLogon.exe is a process without which Windows is not launched and its further functioning. But sometimes a viral threat is lied under his laper. Let's deal with what is the tasks of winlogon.exe and what danger can come from it.
Process information
This process can always be seen by running the "Task Manager" in the Processes tab.
What functions does he perform and why do you need?
Main goals
First of all, we will focus on the main tasks of this object. Its primary feature is to entail login, as well as exit. However, it is not difficult to understand even from his very name. WinLogon.exe also refer to the login program. It responds not only for the process itself, but also for dialogue with the user during the entry procedure through the graphical interface. Actually, screensavers when entering and output from Windows, as well as a window when changing the current user, which we see on the screen are the product of the specified process. The responsibility of WinLogon includes a field display for entering a password, as well as the authentication of the entered data if the login is in the system under the specific user name.
Runs the WinLogon.exe process SMS.EXE (Session Manager). It continues to function in the background throughout the session. After that, the activated WinLogon.exe itself launches lsass.exe (Local Security System Authentication Service) and Services.exe (Service Manager Manager).
To call the active window of the WinLogon.exe program, depending on the Windows version, the Ctrl + SHIFT + ESC or Ctrl + Alt + Del combinations are used. Also, the application activates the window when you run the yaser output from the system or with a hot reboot.
With an emergency or forced completion of WinLogon.exe, various versions of Windows are reacting differently. In most cases, this leads to a blue screen. But, for example, in Windows 7, only a way out of the system occurs. The most common cause of the emergency stop of the process is the overcrowability of the C disc. After cleaning it, as a rule, the login program works normally.
Placement file.
Now let's find out where the WinLogon.exe file is physically posted. This will be needed in the future to celebrate the present object from viral.
- In order to determine the location of the file using the task manager, first of all you need to switch to it in the display mode of all user processes, making pressure on the appropriate button.
- After that, by clicking the right mouse button on the item name. In the discontinuing list, select "Properties".
- In the Properties window, go to the General tab. Opposite the inscription "Location" is the address of the placement of the search file. Almost always this address is as follows:
C: \ Windows \ System32
In very rare cases, the process can refer to the following directory:
C: \ Windows \ Dllcache
In addition to these two directories, it is impossible to place the search file anywhere else.
In addition, from the task manager, it is possible to go to the direct location of the file.
- In the display mode of all user processes, click on the right mouse button item. In the context menu, select "Open File Storage".
- After that, the conductor will open in the directories of the Winchester, where the desired object is located.
Malicious program substitution
But sometimes the WinLogon.exe process observed in the task manager may be a malicious program (virus). Let's see how to distinguish the real process from the fake.
- First of all, you need to know that only one WinLogon.exe process can be in the task manager. If you are watching more, then one of them is a virus. Note that in front of the element being studied in the "User" field stood the "System" ("System" field). If the process starts on behalf of any other user, for example, on behalf of the current profile, you can state the fact that we are dealing with viral activity.
- Also check the location of the file to any of those methods that were listed above. If it differs from those two options for addresses for this element, which are allowed, then, again, before us, the virus. Quite often, the virus is in the root of the "Windows" directory.
- Your alertness should cause a high level of use of the system resources to this process. Under normal conditions, it is almost inactive and activated only at the time of entry / exit from the system. Therefore, it consumes extremely few resources. If WinLogon begins to ship the processor and consume a large number of RAM, we are dealing or with a virus or with some kind of failure in the system.
- If at least one of the listed suspicious features is available, then download and run on the PC at your doctor. Dr.Web Cureit. She scanning the system and in the case of viruses detection will be treated.
- If the utility did not help, but you see that WinLogon.exe objects in the Task Manager two or more, then stop the object that does not meet the standards. To do this, click on it with the right mouse button and select "End Process".
- A small window will open, where you will need to confirm your intentions.
- After the process is completed, move to the location folder of the file to which it referenced, click on this file with the right mouse button and select "Delete" in the menu. If the system needs, confirm your intentions.
- After that, clean the registry and re-check the computer to the utility, since quite often the files of this type are loaded by the command from the registry prescribed by the virus.
If you cannot stop the process or demolish the file, then go to the system in safe mode and execute the removal procedure.
As you can see, WinLogon.exe plays an important role in the functioning of the system. He directly responsible for the entrance and for the way out of it. Although, almost all the time until the user works on a PC, the specified process is in a passive state, but when it is enforced completion, the continuation of work in Windows becomes impossible. In addition, there are viruses that have a similar name, masking under this object. They are important to calculate and destroy them as soon as possible.