Many people appear to be having problems where Spy Sweeper keeps reporting that it has found winlogonhook
. The report has lines like this:
During the scan Spy Sweeper say it removes it.
9:04 PM: Found Trojan Horse: trojan agent winlogonhook
9:04 PM: HKLM\software\microsoft\mssmgr\ (12 subtraces) (ID = 937101)
9:48 PM: Removal process initiated
9:48 PM: Quarantining All Traces: trojan agent winlogonhook
But then after a reboot you notice it is being reported again by Spy Sweeper. The below procedure should resolve this problem.
Print or save these steps to a notepad file locally to refer to if necessary because ALL browsers (including this one) must be closed when you do the following.
If you need help attaching files see: HOW TO: Attach Items To Your Post
- Run Spy Sweeper but do not start a scan yet.
- Close ALL browser sessions and exit any other programs that are running except SpySweeper (and notepad if you needed it).
- Open Task Manager by pressing CTRL-SHIFT-ESC.
- In Task Manager's Process list, locate explorer.exe. Right click on it and select End Process . Do not be alarmed! This will make your Desktop with icons disappear. It is only temporary.
- Now run a full scan with Spy Sweeper and save a new log.
- Now in Task Manager click File, New Task (Run...) and enter explorer.exe and click OK. Your Desktop should come back
- Now attach the new Spy Sweeper log here.
- Now reboot and run a new Spy Sweeper scan and attach this last log here (yes that is two scans with SpySweeper, one to hopefully fix, and one to make sure it fixed).
- If it Spy Sweeper still shows a winlogonhook problem, continue with the below Ewido scan and attach the Ewido log: Running Ewido Anti-Malware