Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
2628 Views 7 Replies Latest reply: May 23, 2012 6:19 AM by Ex_Brit RSS
afjensen Newcomer 2 posts since
Feb 20, 2012
Currently Being Moderated

Feb 20, 2012 5:48 AM

Mcafee did not find winlogon.exe .. trojan

Hi, 

I have this morning found that my PC was compromised by avirus / trojan.

Fore more than a year  I have used Mcafee Security Center, currently version 11.0 Build 11.0.654 Affld 662-23 with weekly full scan.

Latest manual full scan was yesterday when I found that there were five winlogon.exe in the task manager, four with the username "plkpddbgzbeexui" and one without a username.

Mcafee said that everything was ok!. But, In windows 7 resourcemonitor I could find at least two Winlogon processes that had network connection to this ip address: 105,122,122.96!!

 

Winlogon.exe should NOT have access to the network!

 

I search for winlogon.exe and found  it in c:/users/MyUserName/AppData/Roaming.

I shredded that file and it solved the problem. There was only one Winlogon process width no network connection.

 

I am somewhat disappointed by McAfee. You should have found and solved this problem.

 

Thanks.

  • Ex_Brit Volunteer Moderator 59,597 posts since
    May 6, 2004
    Currently Being Moderated
    1. Feb 20, 2012 6:37 AM (in response to afjensen)
    Re: Mcafee did not find winlogon.exe .. trojan

    No antivirus will catch everything that is out there unfortunately.   That's why it's recommended to have some extra tools and strategies handy just in case.  The first being System Restore and some of the rest can be found here: https://community.mcafee.com/docs/DOC-2168

     

    Keep your machine totally up to date, even parts of it you may not use and be careful what you click on or download.


    https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-143933-5189/78-49/Peter.gif
    Toronto • Canada
    Volunteer Moderator
    I can't help you privately - please post in the Forums
    Use Advanced Forum Search To Find Answers
    Beta Test McAfee Products For PC & MAC
    How To Fix File Associations in Windows
    XP & Office 2003 End-Of-Life - 08 April, 2014
    Anti-Spyware/Malware & Hijacker Tools
  • hannamcafee Newcomer 3 posts since
    May 1, 2012
    Currently Being Moderated
    2. May 23, 2012 3:50 AM (in response to afjensen)
    Re: Mcafee did not find winlogon.exe .. trojan

    I just installed McAfee as part of my AT&T high speed internet service and McAfee has the following processes provided with FULL ACCESS where I am COMPLETELY LOCKED out of modifying or deleting any of these ACCESS rights granted.  I have purchased Symantec’s Norton 2012 Internet Security package and am seriously considering changing over to their product as McAfee dumped me back on AT&T for answers where they remotely checked my McAfee set up and how the programs were being granted FULL ACCESS while locking me out of any control over these and no RED FLAGS were ever raised as if ALL WAS WELL.  I am doing research on the net to see what I can learn about this situation and found this post.  I am greatly APPALLED at McAfee and think this is a deliberate OVERSIGHT on their part as I performed the McAfee installation on a CLEAN computer freshly reformatted along with the hard drive given a special overwriting cleaning - not from any known infection other than problems caused with the first installation of McAfee where these same issues arose.  McAfee YOU NEED TO FIX THIS NOW!!! -- and stop dumping your users onto AT&T who obviously do not fully understand this circumstance.  I am reading other reports such as this and am VERY CONCERNED.  All during my trial period with Symantec I NEVER HAD ONE ISSUE SUCH AS I have with McAfee.  This is SCARY!!!

     

    ‘Services and Controller app’ Access – Full

    File name: C\Windows\system32\services.exe

    Company: Microsoft Corporation

     

    ‘Host Process for Windows Services’ Access – Full

    File name: C\Windows\system32\svchost.exe

    Company: Microsoft Corporation

     

    ‘Host Process for Windows Services’ Access – Full

    File name: C\Windows\syswow64\svchost.exe

    Company: Microsoft Corporation

     

    ‘Local Security Authority Process’ Access – Full

    File name: C\Windows\system32\lsass.exe

    Company: Microsoft Corporation

     

    ‘Userinit Logon Application’ Access – Full

    File name: C\Windows\system32\userinit.exe

    Company: Microsoft Corporation

     

    ‘Userinit Logon Application’ Access – Full

    File name: C\Windows\syswow64\userinit.exe

    Company: Microsoft Corporation

     

    ‘Windows Start-Up Application’ Access – Full

    File name: C\Windows\system32\wininit.exe

    Company: Microsoft Corporation

     

    ‘Windows Start-Up Application’ Access – Full

    File name: C\Windows\syswow64\wininit.exe

    Company: Microsoft Corporation

     

    ‘Windows Logon Application’ Access – Full

    File name: C\Windows\system32\winlogon.exe

    Company: Microsoft Corporation

     

    I found in the ‘Roaming’ folder the following:

    C:\Users\(mycomputername)\AppData\Roaming\McAfee\Supportability\MVTLogs\Results

     

    The lack of support from McAfee on this after I had to reformat my hard drive four times just to be sure I was ‘clean’ and with NO PROBLEMS AT ALL with Symantec’s Norton Internet Security product and I am wondering just how many of us who have only our own private computer hooked up trough McAfee to the public internet are at risk that we are not even aware of.  I am new to understanding security related issues in any depth but if this is an obvious flaw in the McAfee product which is NOT BEING ADDRESSED by their tech support staff then it needs to be FIXED!!!

     

    Also, if these are problems in this product someone at McAfee needs to address this with AT&T as they are supporting McAfee’s Internet security product to ALL of their High Speed internet customers putting them at risk.

     

    Thank you.

     

    Message was edited by: hannamcafee on 5/23/12 3:50:07 AM CDT
  • hannamcafee Newcomer 3 posts since
    May 1, 2012
    Currently Being Moderated
    4. May 23, 2012 5:10 AM (in response to afjensen)
    Re: Mcafee did not find winlogon.exe .. trojan

    I try to update my McAfee Software at their site but they want the product serial number and that is given when I do the download from the AT&T site which links me into McAfee's site for the download.  This given serial number soon expires and I have been given no assistance from McAfee on how I may gain authorization to download updates to my installed McAfee Internet Security software as I think there is perhaps an issue with my using a 64-bit system where it, perhaps, conflicts from my having a 32-bit McAfee software download installed on my computer.  I don't understand the underlying issues and without good support I remain at BLIND RISK - which is the WORST kind of RISK to be exposed to.  It seems McAfee completely DUMPS AT&T customers and does not want anything to do with us in a way that would address our needs to freely update our installed products. 

     

    Just VERY SAD!!!

     

    I hope, over time, AT&T figures out how awful we, as AT&T customers' are treated by McAfee.  They get paid by AT&T so we end users of the product can drop dead for all McAfee seems to care.

  • Ex_Brit Volunteer Moderator 59,597 posts since
    May 6, 2004
    Currently Being Moderated
    5. May 23, 2012 5:36 AM (in response to hannamcafee)
    Re: Mcafee did not find winlogon.exe .. trojan

    The subject line of this thread has little to do with your problem I suspect.   Problems with serial numbers can be sorted out by Customer Service on the phone free of charge, just click the link in Useful Links at the top of this page.   They deal with any account issues.

     

    Technical Support can escalate your other problems on request and that is probably the best thing to do.  Again it's a free phone call.


    https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-143933-5189/78-49/Peter.gif
    Toronto • Canada
    Volunteer Moderator
    I can't help you privately - please post in the Forums
    Use Advanced Forum Search To Find Answers
    Beta Test McAfee Products For PC & MAC
    How To Fix File Associations in Windows
    XP & Office 2003 End-Of-Life - 08 April, 2014
    Anti-Spyware/Malware & Hijacker Tools
  • Ex_Brit Volunteer Moderator 59,597 posts since
    May 6, 2004
    Currently Being Moderated
    6. May 23, 2012 5:39 AM (in response to afjensen)
    Re: Mcafee did not find winlogon.exe .. trojan

    afjensen wrote:

     

    Well, after the absence of response to my post, I shortly after I deleted McAfee, since they obviously do not want satisfied customers.

    You got a response within minutes of posting.    It was you who never responded.


    https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-143933-5189/78-49/Peter.gif
    Toronto • Canada
    Volunteer Moderator
    I can't help you privately - please post in the Forums
    Use Advanced Forum Search To Find Answers
    Beta Test McAfee Products For PC & MAC
    How To Fix File Associations in Windows
    XP & Office 2003 End-Of-Life - 08 April, 2014
    Anti-Spyware/Malware & Hijacker Tools
  • Ex_Brit Volunteer Moderator 59,597 posts since
    May 6, 2004
    Currently Being Moderated
    7. May 23, 2012 6:30 AM (in response to Ex_Brit)
    Re: Mcafee did not find winlogon.exe .. trojan

    hannamcafee, I re-read your first post in this thread.  I don't understand your concern as those items are all Windows processes and must have full access to function properly.   McAfee software automatically does that and should not be meddled with.   The way software firewalls behaves towards Windows processes is dictated by Microsoft to the various manufacturers of said software, hence the inability to change them.

     

    That item:

    I found in the ‘Roaming’ folder the following:

    C:\Users\(mycomputername)\AppData\Roaming\McAfee\Supportability\MVTLogs\Results

    simply means you ran the Virtual Technician at some stage.   What's the problem?

     

    Message was edited by: Ex_Brit on 23/05/12 7:30:38 EDT AM

    https://community.mcafee.com/servlet/JiveServlet/downloadImage/2-143933-5189/78-49/Peter.gif
    Toronto • Canada
    Volunteer Moderator
    I can't help you privately - please post in the Forums
    Use Advanced Forum Search To Find Answers
    Beta Test McAfee Products For PC & MAC
    How To Fix File Associations in Windows
    XP & Office 2003 End-Of-Life - 08 April, 2014
    Anti-Spyware/Malware & Hijacker Tools

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points