BitDefender Update Erroneously Flags Windows File as Trojan

Article by George Norman (Cybersecurity Editor)

on 16 Feb 2009

Things are not going too well for BitDefender right about now: following the news that a partner site is vulnerable to SQL injection and the news that the official BitDefender site grants someone with malicious intent access to the database (SQL injection again), it seems that an update to the virus signature flagged winlogon.exe as a Trojan. Consequently the file was either moved to the quarantine or deleted. Another update had to be pushed out in order to address the problems caused by the previous one.

“On Friday, the 13th of February 2009, between 6:00 and 8:00 AM (GMT) BitDefender faulty identified some versions of the “winlogon.exe” file as being infected by Trojan.Generic.1423603. During an on demand scan BitDefender may have moved this file to the quarantine area however this action caused no permanent damages to the operating system. The error was fixed starting with 8:00 AM (GMT), on the same day through one of the regular updates so no user action was required,” says BitDefender.

In all fairness to the Romanian security software developer, BitDefender was not the only security software developer to be it with this false positive. G Data as well flagged winlogon.exe as malicious software, and a second update, as well as a detailed tutorial on how to address the problem, has been made available.

The simple truth of the matter is that technologically inclined and savvy users realized the security software was erroneously detecting a key file necessary for Windows to run properly as malware and took the appropriate measures – which is to say they did not quarantine or delete it. Others on the other hand did delete it, only to find themselves unable to boot up their Windows-based OS. Unless you want to go through all the trouble of restoring winlogon.exe by means of the Windows Recovery Console, and assuming your did not yet update your BitDefender or G Data security software, you are well advised to block file access, perform a signature update and then reboot your machine.


Latest News


Sony's 'Attack of the Blockbusters Sale' Slashes Prices in Half for a Ton of PS4 Games

17 Aug 2017

How Samsung's New T5 Compares to the Old T3 Portable SSD (Infographic)

17 Aug 2017

See all