What is Winlogson.exe?
Winlogson.exe is a malicious program that masquerades as a legitimate system process – Winlogon.exe (Windows Logon is a component of Microsoft Windows OS), so as not to attract attention in the Task Manager. Typically, malicious files such as Winlogson.exe can infect a personal computer when a user runs and installs the infected program as well as cracked games, freeware, key generators and other similar software.
VirusTotal flagged Winlogson.exe as malicious:
QUICK LINKS
Winlogson.exe malware in detail
Winlogson.exe is a cryptojacking malware that runs without your knowledge, hides on your computer and steals computing resources in order to mine for valuable online currencies. Such malware is often designed to mine Monero, a cryptocurrency popular among cybercriminals. Cryptocurrency mining is a resource-intensive process that can cause your computer to overheat. This can lead to computer damage or shorten its lifespan.
Additionally, Winlogson.exe malware can be used to download a variety of threats (spyware, trojans, adware, browser hijackers, etc) onto the computer. Any malware is a serious threat. Trojans usually infect a computer with other types of malware. Trojans can download and run other very dangerous malware such as ransomware and spyware.
Spyware is a malicious program designed to gather and transmit sensitive information without your permission. It can track information about webpages visited, browser and system information, and your computer IP address.
Especially dangerous are ransomware that secretly encrypt the victim’s files and then demand a ransom to decrypt them. The recovery of encrypted files becomes impossible in most cases. Ransomware can lead to the loss of personal documents and important data.
Trojans are also used to infect computers with browser hijackers and adware. This malicious software is less dangerous than ransomware or cryptominers, but it causes intrusive ads and unwanted browser redirects. In some cases, Trojans have capabilities that allow criminals to remotely control the infected computer.
To summarize, Winlogson.exe malware can cause a variety of problems, including: loss of personal data, large financial losses, damage to computer parts, and much more. It can seriously affect your privacy, your computer’s performance and security.
How does Winlogson.exe get on your computer
Most often, malware such as Winlogson.exe gets installed when users visit a scam site and click an Install button, or when users download and run a suspicious program, or when users install freeware that includes a bundled program.
Sometimes it is possible to avoid the setup of any malware: run only reputable software which download from reputable sources, never install any unknown and suspicious apps, keep internet browser updated (turn on automatic updates), use good antivirus software, double check freeware before install it (do a google search, scan a downloaded file with VirusTotal), avoid malicious and unknown web pages.
Threat Summary
| Name | Winlogson.exe, “Winlogson.exe malware”, “Winlogson.exe virus” |
| Type | Cryptojacking malware, Cryptominer, Trojan |
| Detection names | Trojan/Win.Miner.R374094, Application.CoinMiner, Tool.BtcMine.2615, A Variant Of Win64/CoinMiner.IZ Potentially Unwanted, Win32.Application.CoinMiner.Y, RiskWare.BitCoinMiner, HackTool.XMRMiner!1.C2EC (CLASSIC), XMRig Miner, Trojan.Win64.XMR.Miner, W64/CoinMiner, FileRepMalware |
| Symptoms | Decreased performance, Overheating, Central Processing Unit (CPU) usage |
| Distribution methods | Torrents and file-sharing websites, Fake updates, Hacked software, Compromised websites, Rogue online pop-up ads |
| Removal | Winlogson.exe removal guide |
Malware examples
On the Internet, users can come across many malicious programs that perform various malicious actions. Among them there are such as OpenSubtitles Uploader adware, YTStealer virus, Dropbox Update Setup Virus, AnarchyGrabber Stealer and DPD Delivery Email virus, although, of course, there are many more.
Some of the malware designed to collect user data, others install ransomware and trojans on computers, and still others add infected computers to botnets, and so on. In any case, each malicious program is a huge threat to both user privacy and computer security. Therefore, malicious programs must be removed immediately after detection; using an infected computer is very dangerous.
How to protect yourself against Winlogson.exe malware
- Use a good security software. It will help to detect security threats and can provide cryptojacking malware protection. It is also good practice to install the latest software updates and patches for Windows OS and all used applications — especially web browsers.
- Use browser extensions designed to block mining scripts. Mining scripts are often added to compromised websites. You can use specialized browser extensions to stop coin miners, cryptojackers and block mining scripts from your CPU.
- Use ad blockers. Since coin miners, cryptojackers and mining scripts are often delivered through compromised websites and online ads, installing an ad blocker can be an effective means of stopping them. Using an ad blocker like Ad Guard can both detect and block malicious mining scripts.
- Disable JavaScript. It can prevent cryptojacking code from infecting your computer. However, although that interrupts the drive-by cryptojacking, but this can also block necessary functions as well.
- Stay up to date with the latest cryptojacking malware threats and trends. It can help you detect cryptojacking on your computer and avoid other types of security threats.
How to remove Winlogson.exe malware from computer (Virus removal guide)
We can help you remove Winlogson.exe from your computer without the help of a professional. Just follow the removal guide below if you currently have Cryptojacking malware installed on your PC and you want to remove it. If you are having difficulty trying to get rid of the malware, feel free to contact us for help in the comments section below. Read it once and then bookmark this page (or open it on your smartphone) as you may need to exit your web browser or restart your computer.
To remove Winlogson.exe, use the following steps:
- Kill Winlogson.exe malware
- Disable Winlogson.exe start-up
- Uninstall Winlogson.exe related software
- Scan computer for malware
- Reset Google Chrome
- Reset Internet Explorer
- Reset Firefox
Kill Winlogson.exe malware
Press CTRL, ALT, DEL keys together.
Click Task Manager. Select the “Processes” tab, look for “Winlogson.exe” then right-click it and select “End Task” or “End Process” option. If your Task Manager does not open or the Windows reports “Task manager has been disabled by your administrator”, then follow the guide: How to Fix Task manager has been disabled by your administrator.
This malware masks itself to avoid detection by imitating legitimate Microsoft Windows processes. A process is particularly suspicious: it’s taking up a lot of memory (despite the fact that you closed all of your applications), its name is not familiar to you (if you’re in doubt, you can always check the program by doing a search for its name in Google, Yahoo or Bing).
Disable Winlogson.exe start-up
Select the “Start-Up” tab, look for something suspicious that is the Winlogson.exe malware, right click to it and select Disable.
Close Task Manager.
Uninstall Winlogson.exe related software
Check the list of installed apps on your computer and remove all unknown and recently installed apps. If you see an unknown program with incorrect spelling or varying capital letters, it have most likely been installed by malware and you should clean it off first with a malware removal utility such as MalwareBytes Anti-Malware.
 Windows 7 |
 Windows 8 |
|---|---|
|
|
 Windows 10 |
 Mac OS |
|
|
Scan computer for malware
Antimalware tools differ from each other in many features, such as performance, scheduled scans, automatic updates, virus signature database, technical support, compatibility with other antivirus programs, and so on.
We recommend you use the following free malware removal tools: MalwareBytes Anti-Malware and Kaspersky virus removal tool. Each of these programs has all of needed features, but most importantly, they can be used to identify the Winlogson.exe malware and remove it from the computer.
You can remove Winlogson.exe virus automatically with the help of MalwareBytes AntiMalware. We recommend this malware removal utility because it can easily remove spyware, trojans, browser hijackers, adware, PUPs and toolbars with all their components such as files, folders and registry entries for free.
First, visit the page linked below, then click the ‘Download’ button in order to download the latest version of MalwareBytes.
327099 downloads
Author: Malwarebytes
Category: Security tools
Update: April 15, 2020
Once the downloading process is complete, run it and follow the prompts. Once installed, MalwareBytes will try to update itself and when this procedure is done, click the “Scan” button to perform a system scan with this utility for the Winlogson.exe malware. A scan can take anywhere from 10 to 30 minutes, depending on the count of files on your computer and the speed of your personal computer. During the scan MalwareBytes will locate threats exist on your computer. Make sure all threats have ‘checkmark’ and click “Quarantine” button.
The MalwareBytes AntiMalware is a free malware removal tool that you can use to remove all detected folders, files, services, registry entries and so on. To learn more about this software, we advise you to read the guide or follow the video guide below.
There is another anti–malware tool that can remove malware for free – Kaspersky virus removal tool (KVRT). It can remove crypto malware, adware, spyware, trojans, worms, potentially unwanted programs, malicious software and other security threats from your computer. You can use this tool to search for threats even if you have an antivirus or any other security program.
Download Kaspersky virus removal tool by clicking on the following link. Save it directly to your Windows Desktop.
129243 downloads
Author: Kaspersky® lab
Category: Security tools
Update: March 5, 2018
After the downloading process is complete, double-click on the KVRT icon. Once initialization procedure is complete, you’ll see the KVRT screen as displayed below.
Click “Change Parameters” and set a check near all your drives. Click OK to close the Parameters window. Next click “Start scan” button to scan your computer for the Winlogson.exe malware and other known infections. This task can take quite a while, so please be patient. While the tool is scanning, you can see how many objects and files has already scanned.
As the scanning ends, Kaspersky virus removal tool will create a list of malware found, as displayed in the figure below.
All detected threats will be marked. You can delete them all by simply clicking Continue.
Reset Google Chrome
In this step we are going to show you how to reset Google Chrome settings. Malware such as Winlogson.exe can make changes to your web-browser settings, add toolbars and unwanted extensions. By resetting Chrome settings you will reset unwanted changes caused by malicious software. However, your saved passwords and bookmarks will not be changed, deleted or cleared.
First launch the Chrome. Next, click the button in the form of three horizontal dots (
).
It will open the Google Chrome menu. Select More Tools, then press Extensions. Carefully browse through the list of installed addons. If the list has the extension signed with “Installed by enterprise policy” or “Installed by your administrator”, then complete the following steps: Remove Google Chrome extensions installed by enterprise policy.
Open the Chrome menu once again. Further, press the option named “Settings”.
The web browser will display the settings screen. Another method to display the Chrome’s settings – type chrome://settings in the internet browser adress bar and press Enter
Scroll down to the bottom of the page and click the “Advanced” link. Now scroll down until the “Reset” section is visible, as shown in the following example and click the “Reset settings to their original defaults” button.
The Google Chrome will display the confirmation dialog box as displayed on the image below.
You need to confirm your action, click the “Reset” button. The web browser will run the process of cleaning. Once it is finished, the internet browser’s settings including search provider by default, home page and newtab back to the values which have been when Google Chrome was first installed on your personal computer.
Reset Firefox
If your Firefox web browser is hijacked by Winlogson.exe, then it may be time to perform the browser reset. Keep in mind that resetting your web-browser will not remove your history, bookmarks, passwords, and other saved data.
Start the Firefox and click the menu button (it looks like three stacked lines) at the top right of the internet browser screen. Next, click the question-mark icon at the bottom of the drop-down menu. It will open the slide-out menu.
Select the “Troubleshooting information”. If you are unable to access the Help menu, then type “about:support” in your address bar and press Enter. It bring up the “Troubleshooting Information” page as displayed in the following example.
Click the “Refresh Firefox” button at the top right of the Troubleshooting Information page. Select “Refresh Firefox” in the confirmation prompt. The Firefox will start a process to fix your problems that caused by the Winlogson.exe malware. Once, it is finished, click the “Finish” button.
How to stay safe online
If you browse the Internet, you can’t avoid malicious ads and scam sites. But you can protect your internet browser against it. Download and use an ad blocking program. AdGuard is an ad-blocker which can filter out a huge number of of the malicious advertising, blocking dynamic scripts from loading harmful content.
- First, visit the following page, then click the ‘Download’ button in order to download the latest version of AdGuard.
Adguard download
26854 downloads
Version: 6.4
Author: © Adguard
Category: Security tools
Update: November 15, 2018
- When the downloading process is complete, start the downloaded file. You will see the “Setup Wizard” window. Follow the prompts.
- After the installation is complete, press “Skip” to close the installation program and use the default settings, or press “Get Started” to see an quick tutorial which will help you get to know AdGuard better.
- In most cases, the default settings are enough and you don’t need to change anything. Each time, when you run your computer, AdGuard will launch automatically and stop unwanted advertisements, block harmful and misleading webpages. For an overview of all the features of the program, or to change its settings you can simply double-click on the icon called AdGuard, which can be found on your desktop.
Finish words
We suggest that you keep MalwareBytes (to periodically scan your device for new malware) and AdGuard (to stop malicious pop-ups and scam sites). Moreover, to prevent any malware, please stay clear of unknown and third party programs, make sure that your antivirus software, turn on the option to search for potentially unwanted programs.
If you need more help with Winlogson.exe virus related issues, go to here.
