MajorGeeks Support Forums IOBit Software

Go Back   MajorGeeks Support Forums > Majorgeeks.Com - Support Forums > Malware Removal > Malware Removal FAQ
Reload this Page Winlogonhook Removal Procedure
Register FAQ Members List Calendar Casino Mark Forums Read

Malware Removal FAQ testing


 
 
Thread Tools Rate Thread Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 03-27-06, 22:20
chaslang's Avatar
chaslang chaslang is offline
MajorGeeks Admin - Master Malware Expert
  
Join Date: Feb 2004
Location: Northern New Jersey USA
Posts: 77,502
Thanks: 48
Thanked 6,660 Times in 3,465 Posts
Default Winlogonhook Removal Procedure
Many people appear to be having problems where Spy Sweeper keeps reporting that it has found winlogonhook. The report has lines like this:
Quote:
9:04 PM: Found Trojan Horse: trojan agent winlogonhook
9:04 PM: HKLM\software\microsoft\mssmgr\ (12 subtraces) (ID = 937101)
During the scan Spy Sweeper say it removes it.
Quote:
9:48 PM: Removal process initiated
9:48 PM: Quarantining All Traces: trojan agent winlogonhook
But then after a reboot you notice it is being reported again by Spy Sweeper. The below procedure should resolve this problem.

Print or save these steps to a notepad file locally to refer to if necessary because ALL browsers (including this one) must be closed when you do the following.
  • Run Spy Sweeper but do not start a scan yet.
  • Close ALL browser sessions and exit any other programs that are running except SpySweeper (and notepad if you needed it).
  • Open Task Manager by pressing CTRL-SHIFT-ESC.
  • In Task Manager's Process list, locate explorer.exe. Right click on it and select End Process . Do not be alarmed! This will make your Desktop with icons disappear. It is only temporary.
  • Now run a full scan with Spy Sweeper and save a new log.
  • Now in Task Manager click File, New Task (Run...) and enter explorer.exe and click OK. Your Desktop should come back
  • Now attach the new Spy Sweeper log here.
  • Now reboot and run a new Spy Sweeper scan and attach this last log here (yes that is two scans with SpySweeper, one to hopefully fix, and one to make sure it fixed).
  • If it Spy Sweeper still shows a winlogonhook problem, continue with the below Ewido scan and attach the Ewido log: Running Ewido Anti-Malware
If you need help attaching files see: HOW TO: Attach Items To Your Post
__________________
"There are 10 types of people in this world. Those who understand binary and those who don't."


Support Majorgeeks on Facebook:

Majorgeeks Newsletter
Last edited by chaslang; 04-02-06 at 20:08..
Sponsored links
 

« Previous Thread | Next Thread »
Thread Tools
Display Modes Rate This Thread
Threaded Mode Threaded Mode
Rate This Thread:

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT -5. The time now is 01:08.

Contact Us - MajorGeeks - Archive - Top

MajorGeeks.Com Home Page
| Admin Tools | All In One | Anti-Spyware | Anti-Virus | Appearance | Backup | Benchmarking | BIOS | Browsers | Covert Ops |
Data Recovery | Diagnostics | Drive Cleaners | Drive Utilities | Drivers | Driver Tools Ergonomics | Firewalls | Games | Game Tweaks | Graphics | Input Devices | Internet Tools | Macintosh | Mail Utilities | Memory | Messaging | Monitoring | Microsoft | Multimedia | Networking | Office Tools | Process Management | Processor | Registry | Security | System Info | Toys | Video | Miscellaneous|

-->
Powered by vBulletin® Version 3.8.4
Copyright © 2009 vBulletin Solutions, Inc. All rights reserved.
Ad Management by RedTyger