winlogon.exe (noob alert )


I had som nasty trojans and as one countemeasure installed Comodo Firewall Pro.
I get security alerts for winlogon.exe, parent services.exe, “Microsoft Windows Logon Process Service is trying to act as a server”
1: ip listen port 12015 TCP
2: ip listen port 6960 TCP
3: ip listen port 6309 TCP
4: ip listen port 17632 TCP
5: ip listen port 54524 TCP
6: ip listen port 11768 TCP
7: ip listen port 56479 TCP
8: ip listen port 2508 TCP

Should I allow or deny these?

Peter Laursen

Hi plaur, welcome to the forums.

I don’t recognise any of those ports… and I’ve no idea why winlogon.exe should be doing that. I recommend that you go to Comodo Support, register on their system & raise a ticket on this.

Are the trojans completely destroyed?

Mind you, winlogon.exe is the parent process of all the services and a target of Trojans. What Alert Frequency Level are you running CFP on?


Thanks for helping ! My Alert Frequence Level is unchanged from I installed, it is “Low” and no I dont think the trojans are gone entirely. I just found unvx.exe infected with Downloader.Small.cul and scanning right row with AVG and just found
Ive been doing countless scans by different software (AVG, LavaSoft, HiJackThis and more) and still cant get rid of the buggers … (:AGY)

I knot CAVS 2 is beta and you shouldn’t really install beta unless you are ready for it etc… but if you install CAVS 2… then hips built in will catch all the applications for you and you can always deny execution to them…and you can submit them to us for analysis.