Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

6.3.9600.16384 (winblue_rtm.130821-1623) 1.66%
6.3.9600.16384 (winblue_rtm.130821-1623) 2.70%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.22%
6.3.9431.0 (winmain_bluemp.130615-1214) 0.04%
6.2.9200.16384 (win8_rtm.120725-1247) 0.74%
6.2.9200.16384 (win8_rtm.120725-1247) 0.57%
6.2.9200.16384 (win8_rtm.120725-1247) 0.13%
6.2.9200.16384 (win8_rtm.120725-1247) 11.54%
6.2.9200.16384 (win8_rtm.120725-1247) 1.44%
6.2.9200.16384 (win8_rtm.120725-1247) 0.74%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.09%
6.2.8400.0 (winmain_win8rc.120518-1423) 0.09%
6.2.8250.0 (winmain_win8beta.120217-1520) 0.04%
6.2.8102.0 (winmain_win8m3.110823-1455) 0.09%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 32.67%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 16.94%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 0.09%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 0.04%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 0.04%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 0.04%
6.1.7601.17514 (win7sp1_rtm.101119-1850) 0.04%
6.1.7600.16385 (win7_rtm.090713-1255) 2.87%
6.1.7600.16385 (win7_rtm.090713-1255) 2.35%
6.1.7600.16385 (win7_rtm.090713-1255) 2.44%
6.1.7600.16385 (win7_rtm.090713-1255) 1.00%
View more

Relationships

Child processes
Related files

winlogon.exe

Windows Logon Application by Microsoft

Remove winlogon.exe
Version:   5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
MD5:   e853481fef64a5be3fc3732d9d3d926a
SHA1:   3bc3f70bae2fbda88641a1e9dda1a4829fb1d87b
SHA256:   16a889f78308d8819d8dbf930949f995c14adbdf0e14a36c5466ac7db1058537
This is a Windows system installed file with Windows File Protection (WFP) enabled.
Warning 7 antivirus scanners has detected malware.

What is winlogon.exe?

Winlogon is the component of Windows that is responsible for handling the secure attention sequence, loading the user profile on logon, and optionally locking the computer when a screensaver is running (requiring another authentication step).

About winlogon.exe (from Microsoft)

Winlogon handles interface functions that are independent of authentication policy. It creates the desktops for the window station, implements time-out operations, and provides a set of support functi

DetailsDetails

File name:winlogon.exe
Publisher:Microsoft Corporation
Product name:Windows Logon Application
Description:Microsoft® Windows® Operating System
Typical file path:C:\Windows\System32\winlogon.exe
Original name:WINLOGON.EXE.MUI
File version:5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Product version:5.1.2600.2180
Size:494 KB (505,856 bytes)
Digital DNA
Entropy:6.338183
File packed:No
Code language:Microsoft Visual C++
.NET CLR:No
More details

BehaviorsBehaviors

Windows firewall allowed program
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\Windows\system32\winlogon.exe'

MalwareMalware detections

Based on 40+ industry antivirus scanners, 7 of them detected the following malware.
Antivirus engineEngine versionDetection
Avira AntiVir 7.11.57.138 TR/Patched.CX.155
Comodo Internet Security 14936 UnclassifiedMalware
Ikarus T3.1.3.5.0 Trojan.Win32.Patched
Kingsoft 2013.1.5.217 Win32.Troj.Patched.c.(kcloud)
The Hacker None Trojan/Patched.cx
Trend Micro HouseCall 9.700.0.1001 TROJ_GEN.USHRH30
VIPRE Antivirus 15056 Trojan-Downloader.Win32.Small

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00023039%
0.028634%
Kernel CPU:0.00013552%
0.013761%
User CPU:0.00009488%
0.014873%
Kernel CPU time:13,953 ms/min
100,923,805ms/min
Memory
Private memory:7.7 MB
21.59 MB
Private (maximum):5.12 MB
Private (minimum):116 KB
Non-paged memory:7.7 MB
21.59 MB
Virtual memory:55.6 MB
140.96 MB
Virtual memory (peak):59.82 MB
169.69 MB
Working set:1.29 MB
18.61 MB
Working set (peak):15.45 MB
37.95 MB
Page faults:25,717/min
2,039/min
I/O
I/O read transfer:1.46 KB/sec
1.02 MB/min
I/O read operations:1/sec
343/min
I/O write transfer:29 Bytes/sec
274.99 KB/min
I/O write operations:1/sec
227/min
I/O other transfer:694 Bytes/sec
448.09 KB/min
I/O other operations:31/sec
1,671/min
Resource allocations
Threads:20
12
Handles:618
600
GUI GDI count:46
103
GUI USER count:14
49

BehaviorsProcess properties

Integrety level:Undefined
Platform:32-bit
Command line:winlogon.exe
Owner:SYSTEM
Parent process:smss.exe (Windows NT Session Manager by Microsoft)

ResourcesThreads

Averages
 
sfc_os.dll
Total CPU:0.00190696%
0.272967%
Kernel CPU:0.00159515%
0.107585%
User CPU:0.00031180%
0.165382%
Memory:168 KB
1.16 MB
WINMM.dll
Total CPU:0.00021073%
Kernel CPU:0.00020583%
User CPU:0.00000490%
Memory:180 KB
RPCRT4.dll
Total CPU:0.00015629%
Kernel CPU:0.00007815%
User CPU:0.00007815%
Memory:584 KB
USERENV.dll
Total CPU:0.00006517%
Kernel CPU:0.00005595%
User CPU:0.00000923%
Memory:716 KB

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 8.1 23.00%
Windows 7 Home Premium 23.00%
Windows 8.1 Pro 10.50%
Windows 7 Ultimate 10.50%
Windows 8 5.50%
Windows 8.1 Single Language 5.00%
Windows 8 Single Language 3.50%
Windows 8 Pro 3.50%
Windows 8.1 Pro with Media Center 2.50%
Windows Vista Home Premium 2.50%
Windows 7 Professional 2.50%
Windows 7 Home Basic 1.50%
Windows 8 Enterprise N 1.00%
Windows 8 Enterprise 1.00%
Windows 8.1 N 0.50%
Windows Seven Black Edition 0.50%
Windows 8.1 Enterprise Evaluation 0.50%
Windows 7 Starter 0.50%
Windows 8.1 Enterprise 0.50%
Windows 8.1 Pro Preview 0.50%
Windows Vista Home Basic 0.50%
23 other Windows OS version

Distribution by countryDistribution by country

United States installs about 39.50% of Windows Logon Application.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 19.62%
Dell 18.11%
Hewlett-Packard 14.72%
Lenovo 12.08%
Acer 11.70%
Toshiba 9.06%
Intel 3.02%
Sony 3.02%
GIGABYTE 2.64%
Alienware 2.26%
Samsung 1.89%
Medion 1.51%
Sahara 0.38%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE