Winlogonhook Removal Tested

I have just encountered the winlogonhook trojan problem found in spysweeper. After reading, searching and downloading for hours I accidently discovered a much easier way to remove the stubborn SOB than those posted here and on the net.

1. Run Spysweeper to find the trojan.

2. Click next - expand the trojan location folder which is a registry file.

3. Go to run - type "regedit"

4. Open HKEY_LOCAL_MACHINE

5. Find "Microsoft" and click on MSSGER (cant remember exactly but you'll see it in the spysweeper location, and delete the whole file.

6. In spysweeper check the trojan for removal and wala all done.

This way was tested on two systems, rebooted and swept again with no trojan detected. I hope it helps ppl because this %#^@ me to tears.

 

I was able to remove the other traces of it and was only left with the HKEY_LOCAL_MACHINE\software\microsoft\mssmgr registry file and was unable to remove it. Webroot have a nice detailed file on their website about the winlogonhook trojan being of the highest risk, potentially enabling your system to be completely taken over. You would really think they would have fixed it by now. Please let me know if this works for others or was I just lucky in removing it.

 

HKEY_LOCAL_MACHINE\software\microsoft\mssmgr was the only registry file I had come up on the sweep. You would think that as Webroot have a lovely description on their definitions website saying that this winlogonhook trojan is their highest threat level and also on their top ten most dangerous trojan list, capable of having someone in total control mouse and keyboard included of your system, you would think they had fixed this by now. Does HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winubg32 come up on your SpySweeper scan? Was anyone else able to remove it this way?

 

Thanks for clearing that up, sorry about the double post. was supposed to edit, I'm retardard lol