×
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
afjensen
Former Member
Message 1 of 8

Mcafee did not find winlogon.exe .. trojan

Hi, 

I have this morning found that my PC was compromised by avirus / trojan.

Fore more than a year  I have used Mcafee Security Center, currently version 11.0 Build 11.0.654 Affld 662-23 with weekly full scan.

Latest manual full scan was yesterday when I found that there were five winlogon.exe in the task manager, four with the username "plkpddbgzbeexui" and one without a username.

Mcafee said that everything was ok!. But, In windows 7 resourcemonitor I could find at least two Winlogon processes that had network connection to this ip address: 105,122,122.96!!

Winlogon.exe should NOT have access to the network!

I search for winlogon.exe and found  it in c:/users/MyUserName/AppData/Roaming.

I shredded that file and it solved the problem. There was only one Winlogon process width no network connection.

I am somewhat disappointed by McAfee. You should have found and solved this problem.

Thanks.

7 Replies
exbrit
MVP
MVP
Message 2 of 8

Re: Mcafee did not find winlogon.exe .. trojan

No antivirus will catch everything that is out there unfortunately.   That's why it's recommended to have some extra tools and strategies handy just in case.  The first being System Restore and some of the rest can be found here: https://community.mcafee.com/docs/DOC-2168

Keep your machine totally up to date, even parts of it you may not use and be careful what you click on or download.

hannamcafee
Former Member
Message 3 of 8

Re: Mcafee did not find winlogon.exe .. trojan

I just installed McAfee as part of my AT&T high speed internet service and McAfee has the following processes provided with FULL ACCESS where I am COMPLETELY LOCKED out of modifying or deleting any of these ACCESS rights granted.  I have purchased Symantec’s Norton 2012 Internet Security package and am seriously considering changing over to their product as McAfee dumped me back on AT&T for answers where they remotely checked my McAfee set up and how the programs were being granted FULL ACCESS while locking me out of any control over these and no RED FLAGS were ever raised as if ALL WAS WELL.  I am doing research on the net to see what I can learn about this situation and found this post.  I am greatly APPALLED at McAfee and think this is a deliberate OVERSIGHT on their part as I performed the McAfee installation on a CLEAN computer freshly reformatted along with the hard drive given a special overwriting cleaning - not from any known infection other than problems caused with the first installation of McAfee where these same issues arose.  McAfee YOU NEED TO FIX THIS NOW!!! -- and stop dumping your users onto AT&T who obviously do not fully understand this circumstance.  I am reading other reports such as this and am VERY CONCERNED.  All during my trial period with Symantec I NEVER HAD ONE ISSUE SUCH AS I have with McAfee.  This is SCARY!!!

‘Services and Controller app’ Access – Full

File name: C\Windows\system32\services.exe

Company: Microsoft Corporation

‘Host Process for Windows Services’ Access – Full

File name: C\Windows\system32\svchost.exe

Company: Microsoft Corporation

‘Host Process for Windows Services’ Access – Full

File name: C\Windows\syswow64\svchost.exe

Company: Microsoft Corporation

‘Local Security Authority Process’ Access – Full

File name: C\Windows\system32\lsass.exe

Company: Microsoft Corporation

‘Userinit Logon Application’ Access – Full

File name: C\Windows\system32\userinit.exe

Company: Microsoft Corporation

‘Userinit Logon Application’ Access – Full

File name: C\Windows\syswow64\userinit.exe

Company: Microsoft Corporation

‘Windows Start-Up Application’ Access – Full

File name: C\Windows\system32\wininit.exe

Company: Microsoft Corporation

‘Windows Start-Up Application’ Access – Full

File name: C\Windows\syswow64\wininit.exe

Company: Microsoft Corporation

‘Windows Logon Application’ Access – Full

File name: C\Windows\system32\winlogon.exe

Company: Microsoft Corporation

I found in the ‘Roaming’ folder the following:

C:\Users\(mycomputername)\AppData\Roaming\McAfee\Supportability\MVTLogs\Results

The lack of support from McAfee on this after I had to reformat my hard drive four times just to be sure I was ‘clean’ and with NO PROBLEMS AT ALL with Symantec’s Norton Internet Security product and I am wondering just how many of us who have only our own private computer hooked up trough McAfee to the public internet are at risk that we are not even aware of.  I am new to understanding security related issues in any depth but if this is an obvious flaw in the McAfee product which is NOT BEING ADDRESSED by their tech support staff then it needs to be FIXED!!!

Also, if these are problems in this product someone at McAfee needs to address this with AT&T as they are supporting McAfee’s Internet security product to ALL of their High Speed internet customers putting them at risk.

Thank you.

Message was edited by: hannamcafee on 5/23/12 3:50:07 AM CDT
afjensen
Former Member
Message 4 of 8

Re: Mcafee did not find winlogon.exe .. trojan

Well, after the absence of response to my post, I shortly after I deleted McAfee, since they obviously do not want satisfied customers.

hannamcafee
Former Member
Message 5 of 8

Re: Mcafee did not find winlogon.exe .. trojan

I try to update my McAfee Software at their site but they want the product serial number and that is given when I do the download from the AT&T site which links me into McAfee's site for the download.  This given serial number soon expires and I have been given no assistance from McAfee on how I may gain authorization to download updates to my installed McAfee Internet Security software as I think there is perhaps an issue with my using a 64-bit system where it, perhaps, conflicts from my having a 32-bit McAfee software download installed on my computer.  I don't understand the underlying issues and without good support I remain at BLIND RISK - which is the WORST kind of RISK to be exposed to.  It seems McAfee completely DUMPS AT&T customers and does not want anything to do with us in a way that would address our needs to freely update our installed products. 

Just VERY SAD!!!

I hope, over time, AT&T figures out how awful we, as AT&T customers' are treated by McAfee.  They get paid by AT&T so we end users of the product can drop dead for all McAfee seems to care.

exbrit
MVP
MVP
Message 6 of 8

Re: Mcafee did not find winlogon.exe .. trojan

The subject line of this thread has little to do with your problem I suspect.   Problems with serial numbers can be sorted out by Customer Service on the phone free of charge, just click the link in Useful Links at the top of this page.   They deal with any account issues.

Technical Support can escalate your other problems on request and that is probably the best thing to do.  Again it's a free phone call.

exbrit
MVP
MVP
Message 7 of 8

Re: Mcafee did not find winlogon.exe .. trojan

afjensen wrote:

Well, after the absence of response to my post, I shortly after I deleted McAfee, since they obviously do not want satisfied customers.

You got a response within minutes of posting.    It was you who never responded.

exbrit
MVP
MVP
Message 8 of 8

Re: Mcafee did not find winlogon.exe .. trojan

hannamcafee, I re-read your first post in this thread.  I don't understand your concern as those items are all Windows processes and must have full access to function properly.   McAfee software automatically does that and should not be meddled with.   The way software firewalls behaves towards Windows processes is dictated by Microsoft to the various manufacturers of said software, hence the inability to change them.

That item:

I found in the ‘Roaming’ folder the following:

C:\Users\(mycomputername)\AppData\Roaming\McAfee\Supportability\MVTLogs\Results

simply means you ran the Virtual Technician at some stage.   What's the problem?

Message was edited by: Ex_Brit on 23/05/12 7:30:38 EDT AM
How Many Badges Can You Collect?
Ready for a little competition? Members like you are earning badges and unlocking perks for their helpful answers. Are you? Click here to find out.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community