Unknown O20

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Pink_Koala, Apr 20, 2006.

  1. Pink_Koala

    Pink_Koala Private E-2

    I've been analyzing my own log, but I came across this one thing that I couldn't find any information on:
    O20 - Winlogon Notify: winthr32 - C:\WINDOWS\SYSTEM32\winthr32.dll

    I just wanted to know if anyone knew what it was and whether I should delete it, Thanks :)
     
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    It has many names and the file name is somewhat random. Some refer to it as Winlogonhook.

    You can try having HijackThis fix the 020 line but odds are very high that it will not work. At least not if you don't delete the file first using something like Pocket Killbox. Another method is to use Process Explorer to unload the DLL from Winlogon.exe and from Explorer.exe and then run HijackThis to fix the O20 line and then delete the file (maybe in safe mode). Sometimes Ewido can be run and it may delete the file making the HijackThis cleanup easier.
     
  3. Pink_Koala

    Pink_Koala Private E-2

    Heya, thanks for the advice!
    It actually appears that HijackThis was able to remove the file!
     
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Great! I'm happy to hear you got it fixed.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds