|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| HijackThis Log Help Get Rid Of Malware With Help From Our Analysts. Follow the "First Steps" link at the top right of each page before posting for help. |
 |
|
|
Thread Tools |
05-16-2008, 09:55 AM
|
#1 (permalink) |
|
Registered User
Join Date: May 2008
Location: Chicagoland/Milwaukee area
Posts: 1
OS: XP Pro SP2
|
WinLogon.exe runs 99% CPU Utilization
With all Microsoft security and Norton antivirus updates thought to be in place, one PC running XP Pro, was taking forever to login.
What I have found out is that WinLogon.exe is running at 99 % CPU usage as a process in Task Manager. WinLogon.exe, being a real "system" process, runs at "high" (i.e., 24) process priority. I can't kill it (in Task Manager), because it is a system process. I can't lower the priority (in Task Manager), because it is a system process. If I kill it (with KILLBOX), a few seconds later I get a blue screen. I tried other special "kill process" programs with similar (negative or disastrous) results; besides, if I kill it, I can't access the Internet, nor the network. Obviously, when a High Priority process is running at 99% CPU operations, you can't do much else (i.e., for debugging procedures) - or you develop a lot of patience. Obviously, I can get into Safe mode (without networking) and I so I deleted C:\Windows\System32\WinLogon.exe and then copied it back into \System32 from the ServicePack directory. Re-starting showed the same 99% utilization. (File sizes with the same and were reasonable to other WinLogon.exe that I saw on other PCs. I tried the Norton Antivirus and SpyBot scans (with the latest updated tables) and nothing special was found. I had infrequently run into long Login times (10-25 minutes) over the years with various versions of SBS (currently 2k3R2) with this client and I found that if I unchecked and uninstalled the Client/TCP IP connections in the Control Panel/Local Area Connection Properties, I would (magically almost) fix the problem. I was able to use a Dalphine program to lower the priority (but not kill WinLogon.exe), so I could get into Control Panel/Local Area Connection Properties to uncheck and uninstall "Client for Microsoft Networks", whereas WinLogon.exe went away (to 0% utilitization); but as soon as I installed it, WinLogon.exe went back to 97-99% CPU utilitization. I know this happened at the start of this week and it was OK at the end of last week. I believe there were some massive amounts of Microsoft security updates that I did over the weekend. (Please do not suggest that I back them out, one by one, as I do not believe this will solve the problem - and I am looking far a less brute force, more elegant, solution.) Any thoughts - or similar experiences? P.S. This is not my expertise; but I believe that these are classic symptoms of an adware or trojan attack (similar to May, 2004, Netsky and Sasser virus occurrences); but I can't get any virus detector to detect it. If I had to, I can re-install on this one PC, but if it really is a virus, it is liable to be in other of the networked computers. It has been fun and interesting for a while; but I am rapidly losing what little patience I normally have. PPS I have run Panda scan and only 2 "questionable" incidents found. |
|
     
|
|
| Thread Tools | |
|
|
