Download TrojanHunter Now
Free 30-day trial!
Latest TrojanHunter Version:
TrojanHunter 5.0
Order Now
License file delivered within minutes.
Welcome, Guest. Please Login or Register.
May 16th, 2008, 3:24am
   Mischel Internet Security Forum
   Malware
   Trojans (Moderators: Helena, Gavin_Coe, Magnus)
   If you have a Winlogonhook Infection !!		 « Previous topic | Next topic »
Pages: 1    Notify of replies Notify of replies   Send Topic Send Topic   Print Print
   Author  Topic: If you have a Winlogonhook Infection !!  (Read 2107 times)
siliconman01
Global Moderator
*****



Trojans! Chew 'em Up, Spit 'em Out...

   


Gender: male
 Posts: 5270
If you have a Winlogonhook Infection !!
« on: Jul 10th, 2006, 11:57am »
If you are infected by Winlogonhook malicious elements, please follow the procedure described below BEFORE you post in the forum for help.
 
Keep in mind that this particular malicious element is a constantly evolving variant.  The name of the file that is infected keeps changing names.  So it is difficult for the Trojan analyst techs to keep up with it in the detection rulesets.  Gavin is updating the TH rulesets as he discovers new variants.
 
This infection is not difficult to manually remove once it is identified and through the help of HiJackThis.  It will be revealed as an [020] Winlogon or [021] SSODL entry in a HighJackThis scan.  NOTE:  Some/Certain [020/021] Winlogon/SSODL entries are valid and needed, so do not arbitrarily remove [020/021] entries.  
 
Follow this procedure:
 
1.  Update TH rulesets to the very latest rulesets.
 
2.  Open TH scanner and click on the Options icon in the left icon bar.
 
3.  Set ALL options active in each option category.
 
4.  Close TH scanner.
 
5.  Reboot into SAFE MODE
 
6.  Run a full system scan with TrojanHunter Scanner and let it clean out with it detects.  
 
7.  Reboot into Normal mode.
 
8.  Rescan with TH scanner to see if any infections are detected.  
 
9.  Rescan with other security software on your system to see if they scan clean.  
 
IF your system is still infected:
 
1.  Go to the website below.  Download and install HiJackThis 2.0.2.  Install it in a dedicated folder on your Hard Drive...not on the Desktop.    
 
NOTE:  Because there are now some malicious programs that target HiJackThis itself, please rename HIJACKTHIS.exe to some other unique name such as as ANALYZEIT.exe
 
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis
 
2.  Reboot your computer again.  Do NOT run any security program scans because they could block needed info for a HighJackThis scan.
 
3.  Run a HighJackThis scan, save the log, and then post it in your new first post.  Include the word WinlogonHook in the subject line of the support request post.  
 
« Last Edit: Dec 4th, 2007, 3:00am by siliconman01 » IP Logged
______
TrojanHunter V5.0.962...No. 1 AT in my Book and on my Box!
Pages: 1    Notify of replies Notify of replies   Send Topic Send Topic   Print Print

« Previous topic | Next topic »
Search
Members
Login
Register