* Home Help Search Login Register  

Welcome, Guest. Please login or register.
November 19, 2008, 05:17:15 AM

Login with username, password and session length

212383 Posts
24552 Topics
57740 Members
Latest Member: pino

more news...
Search:     Advanced search | Tag Cloud
+  Welcome to the Comodo Forum
|-+  Desktop Security Products
| |-+  Comodo Internet Security - CIS
| | |-+  Virus/Malware Removal Assistance
| | | |-+  winlogon.exe (noob alert )		 « previous next »
Pages: [1] Go Down Print
Author Topic: winlogon.exe (noob alert )  (Read 1842 times)
plaur
Newbie
*
Offline Offline

Posts: 2
« on: February 17, 2007, 10:48:16 AM »
Hi,

I had som nasty trojans and as one countemeasure installed Comodo Firewall Pro.
I get security alerts for winlogon.exe, parent services.exe, "Microsoft Windows Logon Process Service is trying to act as a server"
1: ip listen port 12015 TCP
2: ip listen port 6960 TCP
3: ip listen port 6309 TCP
4: ip listen port 17632 TCP
5: ip listen port 54524 TCP
6: ip listen port 11768 TCP
7: ip listen port 56479 TCP
8: ip listen port 2508 TCP

Should I allow or deny these?

TIA
Peter Laursen
Logged
kail
Autonomous
Global Moderator
Comodo's Hero
*****
Online Online

Posts: 3782


I'm not grumpy, just misunderstood.
« Reply #1 on: February 19, 2007, 11:28:00 AM »
Hi plaur, welcome to the forums.

I don't recognise any of those ports.. and I've no idea why winlogon.exe should be doing that. I recommend that you go to Comodo Support, register on their system & raise a ticket on this.
Logged
Vista Business x32+SP1 with CIS 3.5.55810.432 & Firefox 3.0.4 & Becky! 2.48.02
__
GPLv2: I know my rights. I want my phone call.
DRM: Tell me, Mr. GPLv2.. what good is a phone call, if you're unable to speak?
Soyabeaner
Global Moderator
Comodo's Hero
*****
Offline Offline

Posts: 7455
« Reply #2 on: February 19, 2007, 11:31:46 AM »
Are the trojans completely destroyed?
Logged
kail
Autonomous
Global Moderator
Comodo's Hero
*****
Online Online

Posts: 3782


I'm not grumpy, just misunderstood.
« Reply #3 on: February 19, 2007, 11:35:49 AM »
Mind you, winlogon.exe is the parent process of all the services and a target of Trojans. What Alert Frequency Level are you running CFP on?
Logged
Vista Business x32+SP1 with CIS 3.5.55810.432 & Firefox 3.0.4 & Becky! 2.48.02
__
GPLv2: I know my rights. I want my phone call.
DRM: Tell me, Mr. GPLv2.. what good is a phone call, if you're unable to speak?
plaur
Newbie
*
Offline Offline

Posts: 2
« Reply #4 on: February 19, 2007, 04:16:07 PM »
Hi,

Thanks for helping ! My Alert Frequence Level is unchanged from I installed, it is "Low" and no I dont think the trojans are gone entirely. I just found unvx.exe infected with Downloader.Small.cul and scanning right row with AVG and just found Proxy.Simus.cl.
Ive been doing countless scans by different software (AVG, LavaSoft, HiJackThis and more) and still cant get rid of the buggers ... Angry
Logged
Melih
Comodo's Hero
Administrator
Comodo's Hero
*****
Offline Offline

Posts: 5938



WWW
« Reply #5 on: February 19, 2007, 04:29:45 PM »
Quote from: plaur on February 19, 2007, 04:16:07 PM
Hi,

Thanks for helping ! My Alert Frequence Level is unchanged from I installed, it is "Low" and no I dont think the trojans are gone entirely. I just found unvx.exe infected with Downloader.Small.cul and scanning right row with AVG and just found Proxy.Simus.cl.
Ive been doing countless scans by different software (AVG, LavaSoft, HiJackThis and more) and still cant get rid of the buggers ... Angry

I knot CAVS 2 is beta and you shouldn't really install beta unless you are ready for it etc.. but if you install CAVS 2.. then hips built in will catch all the applications for you and you can always deny execution to them..and you can submit them to us for analysis.

melih
Logged
Who is Melih? What is he trying to do?
Tags:
Pages: [1] Go Up Print 
« previous next »
Jump to:  

SSL Firewall
Page created in 0.166 seconds with 19 queries.
Powered by SMF 1.1.7 | SMF © 2006, Simple Machines LLC
Seo4Smf v0.2 © Webmaster's Talks 		Design by 7dana.com