Winlogonhook Thread

Discussion in 'Malware Help (A Specialist Will Reply)' started by leomartinoff, May 12, 2006.

  1. leomartinoff

    leomartinoff Private E-2

    Hi Guys,,

    Can anybody help me how to get rid off this trojan horse?
    Thanks
     
    leomartinoff, May 12, 2006
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Majorgeeks!

    If you have Spy Sweeper and it is detecting it. Just follow the steps in the sticky thread you mentioned.

    Is your copy of Spy Sweeper a paid subscription version?
     
    chaslang, May 13, 2006
    #2
  3. leomartinoff

    leomartinoff Private E-2

    Yes, is a paid subscription but it keep detecting it after I fix it. This is the log file from Spysweeper.

    8:57 PM: | Start of Session, Friday, May 12, 2006 |
    8:57 PM: Spy Sweeper started
    8:57 PM: Sweep initiated using definitions version 677
    8:57 PM: Starting Memory Sweep
    9:01 PM: Memory Sweep Complete, Elapsed Time: 00:03:30
    9:01 PM: Starting Registry Sweep
    9:01 PM: Found Trojan Horse: trojan agent winlogonhook
    9:01 PM: HKLM\software\microsoft\mssmgr\ (8 subtraces) (ID = 937101)
    9:01 PM: Registry Sweep Complete, Elapsed Time:00:00:14
    9:01 PM: Starting Cookie Sweep
    9:01 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
    9:01 PM: Starting File Sweep
    9:54 PM: Warning: Unhandled Archive Type
    9:57 PM: File Sweep Complete, Elapsed Time: 00:56:07
    9:57 PM: Full Sweep has completed. Elapsed time 00:59:55
    9:57 PM: Traces Found: 9
    4:00 AM: Removal process initiated
    4:00 AM: Quarantining All Traces: trojan agent winlogonhook
    4:00 AM: Removal process completed. Elapsed time 00:00:01
    ********
    7:49 PM: | Start of Session, Friday, May 12, 2006 |
    7:49 PM: Spy Sweeper started
     
    leomartinoff, May 13, 2006
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    But did you run the procedure EXACTLY as written in the sticky thread. If not followed exactly as written, it will not work. The procedure I'm referring to is the one below:

    Winlogonhook Removal Procedure

    If you have run this procedure exactly as written, you should be attaching a full log from Spy Sweeper and then a log from Ewido if still having a problem.
     
    chaslang, May 13, 2006
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds