Because logging on is a complex process



  • Windows told me I was running low on virtual memory, which was surprising because I wasn't doing anything unusual. So I thought I'd see what was using it. I never realised logging on was such a complex thing.

    winlogon process has VM size of 1.6GB



  • If I recall correctly winlogin.exe is the target of a lot of virus/spyware... maybe it's bugged but I'd recommend a scan ;)



  •  BTW- try PNG next time.  That BMP is huge.



  •  Spyware... with a memory leak.  Gotta love Script Kiddies!



  • @operagost said:

     BTW- try PNG next time.  That BMP is huge.

    And hey, it even is appropriately named "memory hog". Now we know where all his memory is going! Huge Bitmap screenshots!



  •  @fyjham said:

    If I recall correctly winlogin.exe is the target of a lot of virus/spyware... maybe it's bugged but I'd recommend a scan ;)


    @Albatross said:

     Spyware... with a memory leak.  Gotta love Script Kiddies!


     Could be, and most likely is indeed malware. It could however also be the standard windows process (just look in a clean process manager, it's there)

    What's you current AV? [url=http://www.av-comparatives.org/seiten/ergebnisse_2008_08.php]A lot[/url] of malware doesn't get picked up by scanners immediatly (altough there's a lot of difference between them) so a new scan with updated signatures might detect something.

    A spyware-scanner like [url=http://www.safer-networking.org/]Spybot[/url] might detect something too.



  • @operagost said:

     BTW- try PNG next time.  That BMP is huge.

     

    And utterly clueless.



  • @Zylon said:

    @operagost said:

     BTW- try PNG next time.  That BMP is huge.

     

    And utterly clueless.

     

    The BMP is utterly clueless ?



  • @Jeff S said:

    The BMP is utterly clueless ?

    Does this not make sense?  A BMP is just a stream of bits and is not a conscious entity.  Therefore, it cannot have a clue.  If it was instead something like, say, a greengrocer, it would be possible for it to have a clue.  Greengrocers are conscious entities, greengrocers can have clues.  In short:



  • @morbiuswilters said:

    PNG
    Can haz clue?



  • @morbiuswilters said:

    Does this not make sense?  A BMP is just a stream of bits and is not a conscious entity.  Therefore, it cannot have a clue.  If it was instead something like, say, a greengrocer, it would be possible for it to have a clue.  Greengrocers are conscious entities, greengrocers can have clues.  In short:

     

    Hey -- that was pretty good!  However, in my interpretation, I thought it did have a clue. Examing the BMP closely with my magnifying glass shows the winlogin process has a very unusually large size; from this we can clearly deduce that there is some sort of tomfoolery going on. Therefore, the BMP would not be utterly clueless. 


     



  • @morbiuswilters said:

    In short:

    I'm sorry, but the greengrocer is out of quinces.  Advantage: BMP!  Unless you'll settle for a pomegranate, or perhaps a delicious Buddha's hand?


  • @dtech said:

    Could be, and most likely is indeed malware. It could however also be the standard windows process (just look in a clean process manager, it's there)

    What's you current AV? A lot of malware doesn't get picked up by scanners immediatly (altough there's a lot of difference between them) so a new scan with updated signatures might detect something.

    A spyware-scanner like Spybot might detect something too.

    The AV/malware scanner is the corporate-mandated Symantec Endpoint Protection. It scans daily and updates multiple times daily.

     I'm more inclined to put it down to Windows weirdness myself since, well, it is Windows and the machine hasn't been restarted in a couple of weeks. (I need to leave it running overnight so that if a problem occurs in our nightly run I can log in from home at 3am or whatever and fix it. Lucky me.)

    A run with Spybot S&D shows only a few tracking cookies and a few security settings it doesn't like (and neither do I, but they're set by group policy). Actually, there's an additional WTF for you, if you like. By group policy, System Restore and Windows Firewall are disabled. (We do have a good corporate firewall, but still...)


  • Garbage Person

    System Restore is FECKING USELESS in a corporate environment, and Windows Firewall is irritatingly difficult to admin with Group Policy - plus it has the tendency to annoy users with messages they can't do a fucking thing about ("WINDOWS FIREWALL HAS BLOCKED SOMETHING STUPID AND SENSELESS THAT THE ADMIN FORGOT TO WHITELIST IN GROUP POLICY AND/OR WINDOWS FIREWALL HAS FORGOTTEN ITS GROUP-POLICY-ENFORCED WHITELIST. PLEASE CONTACT YOUR NETWORK ADMINISTRATOR. [OK]")

     



  • Just as an FYI: On my machine (WinXP Pro SP2), winlogon.exe shows 10,712 K in Task Manager.



  • @KenW said:

    Just as an FYI: On my machine (WinXP Pro SP2), winlogon.exe shows 10,712 K in
    Task Manager.

    880 KiB on mine (XP SP3).



  •  8,892k on mine (XP SP3)



  • Process explorer tells me 8472k private bytes (8902k peak), working set 8900k (peak 13,300k). Uptime: 2 days, 5:35 (reboot Fridays so registry hives are backed up, we don't have the Volume Shadow Services plugin for retrospect).


Log in to reply