winlogon.exe

system · May 28, 2009, 1:44pm

I have a problem with winlogon.exe. When my Avast is running this process takes 30-60% of my CPU.When i turn off Avast the process stays at 0%.Why is that? I reinstalled the Windows and now Avast says that some DLLs in my C\Windows\system32\ are trojans and sometimes my PC restarts when Avast is on. :‘( :’( Here are 2 screenshots.

http://img32.imageshack.us/img32/276/25733892.png -Avast! is ON

http://img38.imageshack.us/img38/6445/72605898.png -Avast! is OFF

system · May 28, 2009, 3:12pm

What are the names and locations of the dll’s, avast says are trojans ?

mkis · May 28, 2009, 3:44pm

Which Windows operating system are you running?

XP, Vista or other?

system · May 29, 2009, 10:35am

Im with XP SP 2

25.5.2009 г. 14:12:23	Marto	1660	Sign of "Win32:Virtumonde-KH [Adw]" has been found in "D:\Program Files\BitComet\Downloads\AvastKeygen.exe\[PECompact]" file.  
25.5.2009 г. 14:14:45	Marto	1660	Sign of "Win32:Virtumonde-KH [Adw]" has been found in "C:\WINDOWS\system32\xxyvurqn.dll" file.  
25.5.2009 г. 14:25:13	Marto	1616	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\jkkJdDVP.dll" file.  
25.5.2009 г. 14:27:22	Marto	1616	Sign of "Win32:Virtumonde-KH [Adw]" has been found in "C:\WINDOWS\system32\xxyvurqn.dll" file.  
25.5.2009 г. 14:38:14	SYSTEM	1608	Sign of "Win32:Virtumonde-KH [Adw]" has been found in "C:\WINDOWS\system32\xxyvurqn.dll" file.  
25.5.2009 г. 15:48:43	SYSTEM	1608	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\hgGwXqRJ.dll" file.  
25.5.2009 г. 15:50:13	SYSTEM	1608	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\hgGwXqRJ.dll" file.  
25.5.2009 г. 16:48:43	SYSTEM	1608	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\ssqNFUMD.dll" file.  
25.5.2009 г. 18:51:43	SYSTEM	1664	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\yaywvvwX.dll" file.  
25.5.2009 г. 18:59:55	SYSTEM	1640	Sign of "Win32:Virtumonde-KH [Adw]" has been found in "C:\WINDOWS\system32\xxyvurqn.dll" file.  
25.5.2009 г. 20:15:43	SYSTEM	1640	Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\ygsktt.dll" file.  
25.5.2009 г. 20:54:13	SYSTEM	1640	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\opnklijH.dll" file.  
25.5.2009 г. 20:57:53	SYSTEM	1640	Sign of "Win32:Virtumonde-KH [Adw]" has been found in "C:\WINDOWS\system32\xxyvurqn.dll" file.  
26.5.2009 г. 15:43:01	SYSTEM	1648	Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\ygsktt.dll" file.  
26.5.2009 г. 16:12:52	Marto	1640	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\xxyvtSll.dll" file.  
26.5.2009 г. 16:25:16	Marto	1640	Sign of "Win32:Virtumonde-KH [Adw]" has been found in "C:\WINDOWS\system32\xxyvurqn.dll" file.  
27.5.2009 г. 16:15:01	SYSTEM	1628	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\qoMcyxvu.dll" file.  
27.5.2009 г. 16:22:19	SYSTEM	1628	Sign of "Win32:Virtumonde-KH [Adw]" has been found in "C:\WINDOWS\system32\xxyvurqn.dll" file.  
27.5.2009 г. 17:06:21	SYSTEM	1636	Sign of "Win32:Virtumonde-KH [Adw]" has been found in "C:\WINDOWS\system32\xxyvurqn.dll" file.  
27.5.2009 г. 21:23:35	SYSTEM	1640	Sign of "Win32:Virtumonde-KH [Adw]" has been found in "C:\WINDOWS\system32\xxyvurqn.dll" file.  
27.5.2009 г. 21:35:20	SYSTEM	1616	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\opnonMCv.dll" file.  
27.5.2009 г. 21:35:28	SYSTEM	1616	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\opnonMCv.dll" file.  
27.5.2009 г. 21:35:30	SYSTEM	1616	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\opnonMCv.dll" file.  
28.5.2009 г. 13:25:32	SYSTEM	1608	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\khfgFWmN.dll" file.  
28.5.2009 г. 13:25:34	SYSTEM	1608	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\khfgFWmN.dll" file.  
28.5.2009 г. 13:25:35	SYSTEM	1608	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\khfgFWmN.dll" file.  
28.5.2009 г. 13:29:12	SYSTEM	1608	Sign of "Win32:Virtumonde-KH [Adw]" has been found in "C:\WINDOWS\system32\xxyvurqn.dll" file.  
28.5.2009 г. 15:16:12	SYSTEM	1608	Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\dtkzno.dll" file.  
28.5.2009 г. 15:28:23	SYSTEM	1608	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\tuvSmLCt.dll" file.  
28.5.2009 г. 15:40:18	SYSTEM	1608	Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\dtkzno.dll" file.  
28.5.2009 г. 15:43:42	SYSTEM	1608	Sign of "Win32:Virtumonde-KH [Adw]" has been found in "C:\WINDOWS\system32\xxyvurqn.dll" file.  
28.5.2009 г. 15:53:20	SYSTEM	1608	Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\dtkzno.dll" file.  
28.5.2009 г. 15:53:25	SYSTEM	1608	Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\dtkzno.dll" file.  
28.5.2009 г. 15:54:33	SYSTEM	1608	Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\dtkzno.dll" file.  
28.5.2009 г. 15:54:35	SYSTEM	1608	Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\dtkzno.dll" file.  
28.5.2009 г. 15:55:15	SYSTEM	1608	Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\dtkzno.dll" file.  
28.5.2009 г. 15:55:18	SYSTEM	1608	Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\dtkzno.dll" file.  
28.5.2009 г. 15:55:38	SYSTEM	1608	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\tuvSmLCt.dll" file.  
28.5.2009 г. 16:13:57	SYSTEM	1608	Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\dtkzno.dll" file.  
28.5.2009 г. 16:17:42	SYSTEM	1608	Sign of "Win32:Virtumonde-KH [Adw]" has been found in "C:\WINDOWS\system32\xxyvurqn.dll" file.  
28.5.2009 г. 16:22:01	SYSTEM	1608	Sign of "Win32:Parite" has been found in "E:\Program Files\Microsoft Office\OFFICE11\GRAPH.EXE" file.  
28.5.2009 г. 16:22:11	SYSTEM	1608	Sign of "Win32:Parite" has been found in "E:\Program Files\Microsoft Office\OFFICE11\MSACCESS.EXE" file.  
28.5.2009 г. 16:22:20	SYSTEM	1608	Sign of "Win32:Parite" has been found in "E:\Program Files\Microsoft Office\OFFICE11\PPTVIEW.EXE" file.  
28.5.2009 г. 17:51:13	SYSTEM	1608	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\SYSTEM32\TUVSMLCT.DLL" file.  
29.5.2009 г. 13:30:39	SYSTEM	1616	Sign of "Win32:Virtumonde-KH [Adw]" has been found in "C:\WINDOWS\system32\xxyvurqn.dll" file.  
29.5.2009 г. 13:30:40	SYSTEM	1616	Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\dtkzno.dll" file.  
29.5.2009 г. 13:31:12	SYSTEM	1616	Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\DOCUME~1\Marto\LOCALS~1\Temp\gqdinaax.dll" file.  
29.5.2009 г. 13:31:20	SYSTEM	1616	Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\gqdinaax.dll" file.  
29.5.2009 г. 13:31:21	SYSTEM	1616	Sign of "Win32:Rootkit-gen [Rtk]" has been found in "C:\WINDOWS\system32\gqdinaax.dll" file.  
29.5.2009 г. 13:31:32	SYSTEM	1616	Sign of "Win32:Trojan-gen {Other}" has been found in "C:\WINDOWS\system32\tuvSmLCt.dll" file.

FreewheelinFrank · May 29, 2009, 10:40am

Try a boot time scan with avast! Right click the scanner screen, select ‘schedule a boot time scan’ and reboot when requested. (Or open the tab at the top left of the scanner screen and select the boot time option from there.)

Try a scan with DrWeb CureIT!

Try the usual free adware/spyware scanners.

Malwarebytes’ Anti-Malware
SUPERAntiSpyware Free
Spybot Search & Destroy
a-Squared Free

What is the red Security Centre notification warning you of?

system · May 29, 2009, 11:25am

Bit of a cheek, asking for help Sign of “Win32:Virtumonde-KH [Adw]” has been found in “D:\Program Files\BitComet\Downloads\AvastKeygen.exe[PECompact]” file. :o

FreewheelinFrank · May 29, 2009, 11:28am

:

system · May 29, 2009, 2:31pm

Im on trial.And avast keeps saying that my dlls are trojans

system · May 29, 2009, 2:51pm

Hi martomst!

Is it possible that your Windows installation CD is also cracked?
It would be possible that there are already some trojans on it…
(Just a guess and I’m sorry if I’m wrong ;))

yours
onlysomeone

system · May 29, 2009, 2:57pm

It wasn’t cracked. ???

DavidR · May 29, 2009, 3:15pm

Rubbish, avast doesn’t have a key generator file, legitimate keys are sent directly to the user, so the only purpose of this avastkeygen.exe file would be to try to generate a key to avoid payment for the Pro version.

So why download it in the first place ???

Keygens and cracks, etc. frequently come bearing unwanted gifts in the forum of trojans.

system · May 29, 2009, 3:30pm

Beware of geeks bearing gifs ;D

system · May 29, 2009, 3:44pm

I tried some other antivirus programs and yep my windows realy has some trojans…
10x m8!

system · May 29, 2009, 4:00pm

Why use some cracks when there is a better one(or two)?^^

There is a FREE one…

And there is another one which isnt a big trouble if u throw off some bucks…

Just be on the safe side than on the risky side^^

Better be safe than sorry^^

-AnimeLover^^

winlogon.exe

Announcements