winlogon.exe hijacks the computer on ntdll.dll
Posted: 23 Jul 2012, 12:39
Please don't ask me what I did before it began to happen, because I don't keep a log, but apart from some minor effects, it has stabilized like this...
Every time I boot the computer (Windows XP), everything is normal. A few (5-10?) minutes after I've started using it, regardless of the browser I've been using (Chrome, Firefox, Netscape, MSIE), or even without opening any browser at all, according to the Task Manager, 100% of the processor is taken up by winlogon.exe, and this situation remains for some 10 (?) minutes. If I leave it alone, after it's done, I get a message that Windows Explorer (sic! - not Internet Explorer) has recoveed from a serious error, and must be shut down. There is an option to get information, and it tells me the problem is with ntdll.dll. So I say OK, and in a couple of seconds Explorer shuts down, reopens, and it's back to normal.
So I bought DLL-files, and ran it. Of course, on the first run it found the expected crowd of DLL problems, and I had them all fixed. Yet the problem remained.
So I used DLL-files to search for ntdll.dll, and it found only 6.1.7601.17514, which is for win7.spi. I installed it, but the problem didn't go away. Then, on http://www.dll-files.com/dllindex/dll-files.shtml?ntdll, under Alternative Versions, I found ntdll.dll 5.1.2600.3520 for xpsp_sp2 plus an older one alike. Downloaded the newer one for Win XP, unzipped it, booted on DOS, and replaced the Win7 ntdll.dll with it. I checked on DOS that I had actually accomplished changing it.
Now, if I have some patience at boot time, to wait for the winlogon.exe x ntdll.dll 'fight' to end, the system is stable afterwards. Btw, I read a lot about this issue via Google, and saw the most farfecthed solutions, some of them including turning off Windows' protection of system files. No consistency among countless solutions on what the problem actually is.
Questions now are:
1. Shouldn't DLL-files offer me the possibility of choosing from all three ntdll.dll's on the database, instead of forcing the one for Win 7? ... since I have XP? (so I wouldn't need to do it manually under DOS)
2. Any proposed solution for the winlogon hijack due to ntdll.dll?
Thanks!
Every time I boot the computer (Windows XP), everything is normal. A few (5-10?) minutes after I've started using it, regardless of the browser I've been using (Chrome, Firefox, Netscape, MSIE), or even without opening any browser at all, according to the Task Manager, 100% of the processor is taken up by winlogon.exe, and this situation remains for some 10 (?) minutes. If I leave it alone, after it's done, I get a message that Windows Explorer (sic! - not Internet Explorer) has recoveed from a serious error, and must be shut down. There is an option to get information, and it tells me the problem is with ntdll.dll. So I say OK, and in a couple of seconds Explorer shuts down, reopens, and it's back to normal.
So I bought DLL-files, and ran it. Of course, on the first run it found the expected crowd of DLL problems, and I had them all fixed. Yet the problem remained.
So I used DLL-files to search for ntdll.dll, and it found only 6.1.7601.17514, which is for win7.spi. I installed it, but the problem didn't go away. Then, on http://www.dll-files.com/dllindex/dll-files.shtml?ntdll, under Alternative Versions, I found ntdll.dll 5.1.2600.3520 for xpsp_sp2 plus an older one alike. Downloaded the newer one for Win XP, unzipped it, booted on DOS, and replaced the Win7 ntdll.dll with it. I checked on DOS that I had actually accomplished changing it.
Now, if I have some patience at boot time, to wait for the winlogon.exe x ntdll.dll 'fight' to end, the system is stable afterwards. Btw, I read a lot about this issue via Google, and saw the most farfecthed solutions, some of them including turning off Windows' protection of system files. No consistency among countless solutions on what the problem actually is.
Questions now are:
1. Shouldn't DLL-files offer me the possibility of choosing from all three ntdll.dll's on the database, instead of forcing the one for Win 7? ... since I have XP? (so I wouldn't need to do it manually under DOS)
2. Any proposed solution for the winlogon hijack due to ntdll.dll?
Thanks!