4
1
I'm running Windows 8 Enterprise. A couple of times now, I've noticed multiple winlogon.exe
processes running (accompanied by as many extra csrss.exe
and dwm.exe
). Today I saw one extra, but the first time I noticed it, there were five or six extra.
Process Explorer shows that they're all indeed C:\Windows\System32\winlogon.exe
, but the extra ones have been started with the flag -SpecialSession
, and that its parent process no longer exists.
Malware scans with Malwarebytes and Spybot S&D haven't shown anything, and Windows Defender has remained silent.
What is this -SpecialSession
option and where could these extra instances be coming from? Google seems to know nothing about it.
Intreiging question, would this debugger help? http://msdn.microsoft.com/en-gb/library/windows/hardware/ff541428(v=vs.85).aspx
– Guy Thomas – 2013-01-15T22:46:19.230