logonui.exe - Logon User Interface
Windows is a multi-user OS, and some mechanism must be provided to allow different users to log into the system. The logonui.exe process is responsible for managing this activity. It generates the login screen that users see when entering their Windows user ID and password. This is known as the "user switching" screen.While this process is a standard Windows component, some users have written custom versions of the file in order to change the login characteristics (window position, login message, color, etc.) on one or more machines. Thus it's entirely possible to have a valid, uninfected logonui.exe that also shows up on a virus scan as a dangerous file.
If this file is customized incorrectly, it may result in failures during login or no login screen showing up at all. If this happens, reboot the machine in safe mode and replace the existing logonui.exe file with a known good copy from another machine running the same OS version and patch level. Be sure to rename the "bad" logonui.exe file (perhaps to logonui.exe.bak) in order to preserve a copy for later use. A clean copy of logonui.exe can be retrieved from the OS installation disk.
Simply deleting the problematic logonui.exe file is inadvisable, since further diagnostics may show that this file was not responsible for the login failures at all. Renaming it is much safer, and it can always be renamed again later if necessary.
The legitimate, Windows-installed copy of logonui.exe will always be found in the c:\windows\system32 directory on 32-bit systems. Copies found in other locations may be customized versions of the legitimate file. They could also be viruses, spyware, or other malware applications.
As always, if you suspect a malware infestation you should download and run a current copy of an antivirus/malware scanner in order to isolate and remove the offending application. Be sure to obtain the most recent definition files, since these are critical to the removal of current malware variants.
windowshelp.net