Thank you, I believe this to be a nasty… 1 big reason is because Winlogon.exe should be found in
C:\windows\system32\winlogon.exe
Can you please do a search on your computer and look for “winlogon” and see what locations you find,
Also you can try submitting C:\WINDOWS$hf_mig$\KB840987\SP1QFE\winlogon.exe to http://camas.comodo.com/cgi-bin/submit
Can you please → right click → properties and see when the file was created?
As stated in my first ‘post’, the file is dated 2004.
I do have winlogon.exe in C:\windows\system32 (dated 2008) … and in C:\WINDOWS\system32\dllcache (dated 2008)
But I’m now getting confused.
I think that the file that is giving the ‘threat’ (C:\WINDOWS$hf_mig$\KB840987\SP1QFE\winlogon.exe) is part of the Windows ‘rollback’ function, and therefore not currently in use.
Is this file therefore only a problem if I ‘rollback’ to SP1 2004, which I am never going to do?
Can this file safely be deleted from C:\WINDOWS$hf_mig$
I’m not convinced, Been doing alot of looking into this with a friend and every instance of
C:\WINDOWS$hf_mig$\KB840987\SP1QFE\winlogon.exe seems to be related to some form of infection.
If those come clean then it’s might be a False positive, The odd thing is that you are the only user to report this in that file location.
Quote From Comodus on msn
I think nobody gets alerted because almost all of us have SP3 or SP2 intergrated
No one has updated from SP1 to SP2 and then SP3
That could be the problem
I did an SP2 upgrade using a MS SP2 cd, and the SP3 upgrade using a ‘slipstreamed’ WinXP Pro cd.
Statements on Google seem to suggest that the Service Pack installs do not remove the then redundant files; although many of the files in this folder no longer appear in Add/Remove programs.
I have had AVG (7.0, 7.5, 8) installed; have on many occasions run Trend Housecall online scan; and never had this file ‘flagged’.
Is it safe to allow CAVS to remove this file, as it wants to do?
Is the file Microsoft signed? When it is signed it is not malware.
On a sidenote. I just did a reinstall of XP with SP 3 slipstreamed. I have no uninstall folder for KB840987 in either the Windows folder or the $hf_mig$ folder. So the KB840987 folder is prior to SP3 and can be safely deleted.
In my install the lowest KB number is KB898461. So I think you can delete all uninstal folders with number lower than KB898461 as they are pre SP3. This way you can get some extra disk space.
You probably also still have %systemroot%$NtServicePackUninstall$ folder. That is there in case you want to uninstall the latest service pack. After a while you don’t need it anymore. You can delete it and get 0,5 GB disk space back. Read this aricle: Microsoft Support . Read this article carefully and remember to never delete %systemroot%\Servicepackfiles Folder.