What is winlogon32.exe?

winlogon32.exe is usually located in the 'C:\WINDOWS\system32\' folder.

If you have additional information about the file, please share it with the FreeFixer users by posting a comment at the bottom of this page.

Vendor and version information [?]

winlogon32.exe does not have any version or vendor information.

Digital signatures [?]

winlogon32.exe is not signed.

Hashes [?]

PropertyValue
MD522e0568b90d69f3c8168c0a449fe1e42
SHA2568ce1b4217f25ba456c25877db5ca01f2af07c62938201ca7282fa4deb639220d

Error Messages

These are some of the error messages that can appear related to winlogon32.exe:

winlogon32.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

winlogon32.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.

winlogon32.exe has stopped working.

End Program - winlogon32.exe. This program is not responding.

winlogon32.exe is not a valid Win32 application.

winlogon32.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.

What will you do with winlogon32.exe?

To help other users, please let us know what you will do with winlogon32.exe:



What did other users do?

The poll result listed below shows what users chose to do with winlogon32.exe. 67% have voted for removal. Based on votes from 39 users.

User vote results: There were 26 votes to remove and 13 votes to keep

NOTE: Please do not use this poll as the only source of input to determine what you will do with winlogon32.exe.

Malware or legitimate?

If you feel that you need more information to determine if your should keep this file or remove it, please read this guide.

Please select the option that best describe your thoughts on the information provided on this web page


Free online surveys

And now some shameless self promotion ;)

A screenshot of FreeFixer's scan result.Hi, my name is Roger Karlsson. I've been running this website since 2006. I want to let you know about the FreeFixer program. FreeFixer is a freeware tool that analyzes your system and let you manually identify unwanted programs. Once you've identified some malware files, FreeFixer is pretty good at removing them. You can download FreeFixer here. It runs on Windows 2000/XP/2003/2008/2016/2019/Vista/7/8/8.1/10. Supports both 32- and 64-bit Windows.

If you have questions, feedback on FreeFixer or the freefixer.com website, need help analyzing FreeFixer's scan result or just want to say hello, please contact me. You can find my email address at the contact page.

Comments

Please share with the other users what you think about this file. What does this file do? Is it legitimate or something that your computer is better without? Do you know how it was installed on your system? Did you install it yourself or did it come bundled with some other software? Is it running smoothly or do you get some error message? Any information that will help to document this file is welcome. Thank you for your contributions.

I'm reading all new comments so don't hesitate to post a question about the file. If I don't have the answer perhaps another user can help you.

Roger Karlsson writes

1 thumb

winlogon32.exe is malware. Here's the scan result from virustotal:
http://www.virustotal.com/analisis/8ce1b4217f25ba456c25877db5ca01f2af07c62938201ca7282fa4deb639220d-1263202975

# 11 Jan 2010, 1:44

Roger Karlsson writes

1 thumb

I've posted removal instructions for winlogon32.exe here:
http://www.freefixer.com/library/file/48525/#comment1951

Hope that helps.

# 15 Jan 2010, 5:22

Roger Karlsson writes

1 thumb

When the winlogon32.exe malware installs on the computer, it copies itself to c:\windows\system32\winlogon32.exe. It also replaces the following registry value:

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, Userinit = c:\windows\system32\userinit.exe,"

This is an important registry value. If it's missing or set incorrectly it will result in being logged off right after logging in.

I've previously proposed solution to this problem using the UBCD4Win software. The UBCD4Win software builds a bootable CD from your Windows installation files. These files are available on your Windows installation CD/DVD. Sometimes they are available in c:\I386 or on a hidden partition on your hard drive. For more info on the UBCD4Win fix, please see: http://www.freefixer.com/library/file/44908/#comment1551


If you cannot find your installation CD, or if you didn't get one when you bought your computer I'm going show another solution. This involves running "chntpw" from a bootable CD. chntpw is mainly used to reset Windows passwords, but it also contains a registry editor. This procedure is much more complicated than using UBCD4Win. If you feel uncomfortable using command-line tools in a Linux shell, maybe you can ask one of your hacker friends to assist you during these instructions.

This is how I restored the Userinit registry value. It worked on my Windows XP system. I have not tried it on any other Windows OSes. Proceed at your own risk:

1 .Download the chntpw bootable CD ISO file: http://pogostick.net/~pnh/ntpasswd/
I downloaded the cd080802.zip file which seems to be the latest version of the tool.

2 .Unzip the .ISO file.

3. Burn the .ISO to a CD.

4. Insert the CD-ROM you used burnt into the computer with logon problem. Restart the computer. The computer should now boot from the CD-ROM rather than the hard drive. (If it still boots from your hard-drive, you can configure your BIOS to boot from the CD-ROM. You can usually configure the BIOS by tapping F2 during the boot.)

5. When the computer boots from the CD-ROM the first question it will ask you is to "select partition by number". On my computer there was only one partition, and it was preselected, to I just pressed ENTER.

6. Then next question it will ask you is to specify the "path to the registry directory". On my system, "WINDOWS/system32/config" was preselected, so I just had to press ENTER.

7. Then it will ask you "select which part of the registry to load". Choose option 2 (Recovery console parameters [software])

8. Then choose option 9 (Registry editor, now with full write support)

9. type:

cd Microsoft <ENTER>
cd Windows NT <ENTER>
cd CurrentVersion <ENTER>
cd Winlogon <ENTER>
ed Userinit <ENTER>
c:\windows\system32\userinit.exe, <ENTER>
q <ENTER>
q <ENTER>

10. Now you will be asked "About to write file(s) back, Do it?". Type y and press ENTER.

Eject the CD-ROM and press CTRL ALT DEL.

The system should now boot normally from the hard-drive.

Hope this helped.

# 22 Jan 2010, 5:04

chillhaZe writes

1 thumb

Roger Karlsson, thanks for your very very nice post. this helped me so much! THX!! :)

# 22 Mar 2011, 2:08

Leave a reply