|Attention Before you read this tutorial, I highly recommend you check out my resources page for access to the tools and services I use to not only maintain my system but also fix all my computer errors, by clicking here!|
Winlogon.exe is a very important component of Microsoft’s operating system, as it handles the security and loading of the user profile, during the log in phase. It also handles desktop locking, when the screensaver has been activated, requiring the user to re-authenticate. Because of the importance of this component, it is a very common target by hackers, as they use malicious files and programs to modify its function and resource usage.
A Closer Look
The Winlogon component is responsible for implementing time-out operations, loading the desktop, and configuring user Group Policy in older versions of Windows (prior to Windows Vista).
This component also checks your copy of Windows to ensure that it’s legitimate.
Synopses of this components responsibility are:
- Protection for Desktop and Windows
- Loading User Profile
- Screensaver Control
- Network Provider Support
The Dangers of Winlogin.exe
Winlogon.exe is a component that was created primarily for handling the login and logout process of the operating system, which is why it’s so important, and is also why Winlogon.exe errors tend to be so severe.
There are a number of different catalysts, responsible for errors in this component, however the most popular are:
- System File Corruption
When it comes to viruses/malware/Trojans, typically the computer hacker will attempt to disguise the malicious file on your system by naming it Winlogon.exe; however the biggest giveaway is the fact that the file will be stored in a totally unique location on your hard drive, as opposed to the original files default location (%SystemRoot%\System32).
Other malware/viruses/Trojans may have filenames that on first glance appear to be the same as the original component, only to have a digit or letter altered. The particular malicious files that you should be on the watch out for are:
This is an email worm virus that automatically distributes itself across the internet using the email addresses stored in mail client software.
This is a backdoor Trojan horse virus, which, once on your system, enables the hacker to gain access to its files.
This is another Trojan horse virus, which enables the hacker to download files off your computer, once it’s established a presence on your computer.
Symptoms of Winlogon.exe Errors
When you encounter a Winlogon.exe related error, usually you’ll see one of the following error messages:
“Winlogon.exe has encountered a problem and needs to close”
“The instruction at XXXXXXX referenced memory at XXXXXXX. The memory could not be written”
These error messages may appear while the computer is booting up and lead to the following:
1. The computer crashes while booting up, forcing it to shut down. The random crashing may also result in data corruption, effectively deteriorating system performance.
2. When you leave the computer idle for extensive periods of time, the computer becomes unresponsive and the Winlogon.exe file starts using 100% of your CPU resources.
3. While using your computer, you receive a BSOD message, rendering your computer inoperable.
Fixing These Errors
When it comes to fixing these errors, there are a number of things you have to consider, such as, the type of symptoms you are receiving. Error messages during boot up are strong indications of a malware infection, whereas BSOD messages are usually due to system file corruption.
When the file uses 100% of the CPU usages, that’s usually an indication of several things, such as a program conflict or hardware incompatibility issues, all of which I cover in this section; which is why I recommend you go through everything, until you find a solution that works for you.
Use System File Checker
System File Checker is a tool that comes as standard with all Microsoft Windows versions. Of all the various methods, using this particular tool is amongst the quickest and most convenient ways for you to tackle this error. Basically, this tool will go through all your system files and replace any that are corrupt or missing.
For information on how to use this tool, I suggest you check out my post on fixing Winsock errors.
Run Antivirus Scan
If the above method didn’t work, then it’s very likely that you have a virus on your computer. To remove this virus, there are a number of steps you will have to take. However, the first will be to actually run the appropriate antivirus software.
1. If you are unable to boot into your computer, then you will have to boot into Safe Mode, for information on how to do this, I suggest you check out my post on removing the Trojan virus.
Note: If you do boot into Safe Mode, make sure you select Safe Mode with Networking, so that you can access the internet.
2. Once you’ve booted into your system, you will need to download and install SpyHunter from here: http://www.compuchenna.co.uk/go/spyhunter
Note: The program, once installed, should automatically update itself and run a scan of your system. However, in the event that it does not, do the following:
3. Click on Start New Scan, then un-tick the box next to Quick Scan, then click on Scan Computer Now.
Once you’ve run the malware scan, I recommend you run an anti-rootkit tool to remove any lingering files attached to the virus. To do this, simply do the following.
1. First, download TDSSKiller: http://media.kaspersky.com/
Note: Save the file to any location on your hard drive.
2. Once you’ve saved it, double click on the tdsskiller.exe file, to run it.
3. Once it’s running, click on Start scan, to begin the scanning process.
Run Registry Scan
To round up the virus removal process, you’ll want to run a registry scan. This is because viruses of this magnitude will usually cause severe damage to your computers registry. The effects of which manifest themselves in a number of ways, such as degraded system performance, and certain applications ceasing to work.
Fixing the registry is as simple as downloading the appropriate software and running it, however, there’s also a second option, which entails manually fixing the registry; a method I do not recommend.
With that said, I recommend you use SpeedyPC Pro to complete this part of a process. This tool has a number of functions, in addition to its ability to repair your registry, making it an ideal system optimisation suite. Anyway, you can access this tool here: http://www.compuchenna.co.uk/go/speedypcpro
Run Repair Installation
If the steps mentioned above, did not fix your error, then you may want to consider running a repair installation. The main advantage of doing a repair installation is the fact that your personal data is not removed during the reinstallation process. However, the drawback is that, if your computer does have a virus, this method will not remove it.
Anyway, for more information on how to utilise this method, I suggest you checkout my post on speeding up your computer.
Alternatively you could use the Windows repair tool called Reimage, which is capable of reinstalling your operating system without the requirement of a Windows CD, while repairing the lingering effects of viruses to your system, all with a simple click of a button, so very little expertise are required.
For more information on this excellent tool, I suggest you visit the following link: http://www.compuchenna.co.uk/go/reimage
Reset BIOS Settings
If you’re still battling with the error even after reinstalling Windows, then the problem could be due to a hardware setting. In which case, setting your BIOS back to default, could fix the problem. This can be done by doing the following.
1. First, turn on your computer and press either the Del or F1 key, during the POST (Power on Self Test).
Note: The key you need to press varies, depending on your motherboard brand. I recommend reading your computer manual for more information on how to access the BIOS.
2. Once in the BIOS simply select Load Optimised Defaults and exit.
Disconnect USB Devices
If there are any USB devices connected to your computer, then you may want to consider disconnecting them, as a last resort. Once you’ve done that, restart your computer. If the problem no longer persists, then you will have to update the drivers for the specific device(s) that you disconnected before reconnecting them.