Video Screencast Help

How to Remove winlogon.exe Virus?

Created: 15 Apr 2013 | 5 comments


I have SEPM 12 on over than 500 pcs and Symentec EndPoint Can't detect winlogon.exe virus in my network, how can i remove the virus??


Operating Systems:

Comments 5 CommentsJump to latest comment

Ambesh_444's picture


Please update the system with latest antivirus definition and then.

To remove Trojan Winlogon.exe ,just download this small utility and run it..

Thank& Regards,


"Your satisfaction is very important to us. If you find above information helpful or it has resolved your issue. Please don't forget to mark the thread as solved."

W007's picture


Does the system are latest virus defination update ?

You can download the symhelp tool and collect the data symantec support and also raise support ticket

Using SymHelp, How to collect Full Support Logs for Symantec Support.

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

Brɨan's picture

Use the Symantec Power Eraser and scan the system. This utility is more aggressive in catching unknown malware.

If SPE doesn't find anything than you may need to try a third party tool such as malwarebytes or hitman pro. If something is found, than you can submit to Symantec response so definitions can be created.

Have you submitted the winlogon.exe file to security response yet?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mick2009's picture

This article may help:

Eliminating viruses and security risks

Also: if you have SEP 12.1, you can increase the sensitivity of the Insight-based heuristics.  That will make SEP 12.1 more aggressive in its approach to unknown files.

With thanks and best regards,


Mithun Sanghavi's picture


You could try running the SERT Utility on one of the client machines.

If you have access to Fileconnect, the SERT (Symantec Endpoint Recovery Tool) is useful in situations where computers are too heavily infected for the Symantec Endpoint Protection client installed upon them to clean effectively.

Symantec Endpoint Recovery Tool (SERT)

The Consumer version of this tool is the Norton Bootable Recovery Tool.  

The tool is free, so there is no need for a Fileconnect account to download the software.

You could also try working on the steps provided below on collecting the suspicious files and submitting the same to the Symantec Security Response Team.

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

I would also recommend you to make sure you create a case with Symantec Technical Support.

You could either Create a Case OR contact Symantec Technical Support.

How to create a new case in MySupport

How to update a support case and upload diagnostic files with MySupport


Regional Support Telephone Numbers:

  • United States: 800-342-0652 (407-357-7600 from outside the United States)
  • Australia: 1300 365510 (+61 2 8220 7111 from outside Australia)
  • United Kingdom: +44 (0) 870 606 6000

Additional contact numbers:

Hope that helps!!

Mithun Sanghavi
Associate Security Architect


Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.