winlogon.exe

[XtremeMaC]

Hi sorry the title doesn't make any sense

but here's what i'm trying to explain.

I remember some ppl have asked why they have stupid folders in program files folder

like movie maker

netmeeting

msn gaming zone

xerox although they are all emtpy

well i haven't yet found the answer but for some reason winlogon.exe is using them

I've other blank folders like all pchealth folder but winlogon also uses helpctr and uploadlb folders which are also empty.

and for some reason the most annoying one is it uses the help\Tours\mmTour which is the tour when u get at first logon.

well i don't want any of these files

[kevinmwells]

Don't know if you're aware but the famous netsky.xxx virus uses winlogon.exe to mess up your e-mails.

When W32.Netsky.K@mm runs, it does the following:

Creates a mutex named "LK[skyNet.cz]SystemsMutex." This mutex allows only one instance of the worm to execute.

Copies itself %Windir%\winlogon.exe.

--------------------------------------------------------------------------------

Note: %Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.

--------------------------------------------------------------------------------

Adds the value:

"ICQ Net"="%Windir%\winlogon.exe -stealth"

[XtremeMaC]

hi there

this is totally a different thing I'm talking about.

though thanks for the response.

I had not known about what that virus did.

(ps this is a new clean sp2 install with virus support. so no virus can get near me )

[Datalore]

Basically they're just protected by those SFC dll's for no apparent reason. A while ago, I researched them extensively, found out the xerox folder's purpose (summary: nothing) and decided to delete them. No harm done. Just follow any SFC disable guide and the OS won't bug you about them again.

Unless you're trying to figure out why they're in winlogon.exe- in that case, it's probably because you always need winlogon.exe, so you wouldn't be able to just kill that process and delete them.

[likuidkewl]

Good point Datalore, this looks like a typical Microsoft way to make "everyday users" have to keep these folders. As for thier actual use, that one is up in the air, one would assume that they wanted to keep them in the same dir's for somesort of refference or something along those lines.

[newdles]

Are you sure they're empty? What operating system are you running?

It could be because of what you installed with Windows. If you created one of those custom unattended cds then that could be the reason why. Winlogon.exe is basically just a service in a way. It initiates all user settings and such as well as user names and passwords. Since Netmeeting, MSN Gaming Zone, etc.. are all part of Windows Xp (for example), they're all installed and part of each user account created. Therefore, it checks those folders to ensure everything is properly initialized amongst other things yet it doesn't ever "stop" using them.

Another thing though is that maybe you have your Windows Explorer settings wrong? Check to make sure you have Show all Hidden Files & Folders selected in tools > folder options > view tab. Even though the stated files/folders aren't considered hidden files & folders, you never know.

newdles

http://www.webzila.com

[XtremeMaC]

r u refering to me?

if so i've customized my cd by myself no errors of anysort. yes I removed those components (not removed, just not installed)

no explorer problems all files (system files as well) are shown.

they are 100% empty. I'm very sure!

and its xp.

sfc_os.dll is hacked and sfc is disabled.

the point that i'm trying to reach is to remove those folders...

now winlogon uses the folders. i haven't checked the sfc yet but my sfc is already disabled. so i dunno.

that part i don't understand why are they part of xp? they are optional components and its just nonsense to have folders for them especially xerox folder does it dump paper in there

[newdles]

You can't remove those folders period if they ever get installed. The only way to prevent this it to prevent the call for them. How you do this is beyond my knowledge though. You "could" remove them possibly though. It's a roundabout way but it would work maybe.

Ever heard of Knoppix? It's Linux on a cd that requires no installation and is free. Works great for silly things like this. You could download and burn the cd image to a cd and then attempt to delete the files after booting into Knoppix. The downfall is possible side effects. It might cause issues with Windows but could easily be fixed by reverting the steps above to what they were before you touched anything.

However, upon doing this (even if no errors within Windows), it may still create the folders itself. I'm pretty sure it will even if you could delete them. Kind of the same thing and situation as that pesky wutemp folder that I hate. Guess I need to stop using Windows Updates huh?

newdles

http://www.webzila.com