Trojan Agent Winlogonhook

"joe black" <X-No-archive.DeleteThis@invalid.invalid> wrote in message ...


> "Gary Cramble" <gcramble.DeleteThis@yahoo.net> wrote in message
>>I keep seeing this little buggar pop up, even after spyware cleaners say
>>it has been removed. I ran Spysweeper and Ad AwareSE, both find it as a
>>Trojan in the hkey_local_machine part of the registry. yet, it keeps
>>coming back


> What is the exact registry address and file name?


hkey_local_machine\software\microsoft\mssmgr

then there are 5 more lines of the same file name/address that follow with a
different value added to the end of the string:

(value: Brnd)
(value: BSTV)
(value: SSTV)
(value: SCLIST)
(value: SSLIST
 >> Stay informed about: Trojan Agent Winlogonhook 

Use Remove-it version 14, it's fast and free. It now has over 5000
signatures to remove All variants of Rogue scanners, Desktop/Homepage
Hijackers, Trojans, Codec's, and related Malware/Spyware. New Feature,
Remove-it will now update your hosts file. This tool is designed to
Specifically remove all variants. Scan time is about 2-10 minutes. Designed
for Windows 2000/XP only. Password is still required.
First read this page http://www.pcbutts1.com/downloads then use the email
link on the bottom of the page to receive the software.


--

Newsgroup Trolls. Read about mine here http://www.pcbutts1.com/downloads
The list grows. Leythos the stalker http://www.leythosthestalker.com, David
H. Lipman, Max M Wachtell III aka What's in a Name?, Fitz,
Rhonda Lea Kirk, Meat Plow, F Kwatu F, George Orwell



"Gary Cramble" <gcramble RemoveThis @yahoo.net> wrote in message
news:13ismkmi5toqjda@corp.supernews.com...
>
> "joe black" <X-No-archive RemoveThis @invalid.invalid> wrote in message ...
>
>
>> "Gary Cramble" <gcramble RemoveThis @yahoo.net> wrote in message
>>>I keep seeing this little buggar pop up, even after spyware cleaners say
>>>it has been removed. I ran Spysweeper and Ad AwareSE, both find it as a
>>>Trojan in the hkey_local_machine part of the registry. yet, it keeps
>>>coming back
>
>
>> What is the exact registry address and file name?
>
>
> hkey_local_machine\software\microsoft\mssmgr
>
> then there are 5 more lines of the same file name/address that follow with
> a different value added to the end of the string:
>
> (value: Brnd)
> (value: BSTV)
> (value: SSTV)
> (value: SCLIST)
> (value: SSLIST
>
 >> Stay informed about: Trojan Agent Winlogonhook 

In article <fgloo9$q00$1@blackhelicopter.databasix.com>, pcbutts1
@leythosthestalker.com says...
> Remove-it will now update your hosts file.

It will block access to reputable malware fighting tools that are not
hosted on BUTTS Porno website.

--

Leythos - spam999free RemoveThis @rrohio.com (remove 999 to email me)

Fight exposing kids to porn, complain about sites like PCBUTTS 1.COM
that create filth and put it on the web for any kid to see: Just take a
look at some of the FILTH he's created and put on his website:
http://forums.speedguide.net/archive/index.php/t-223485.html all exposed
to children (the link I've include does not directly display his filth).
You can find the same information by googling for 'PCBUTTS1' and
'exposed to kids'.
 >> Stay informed about: Trojan Agent Winlogonhook 

On Sun, 4 Nov 2007 19:44:43 -0500, Leythos wrote:

> In article <fgloo9$q00$1@blackhelicopter.databasix.com>, pcbutts1
> @leythosthestalker.com says...
>> Remove-it will now update your hosts file.
>
> It will block access to reputable malware fighting tools that are not
> hosted on BUTTS Porno website.

Okay, and what advice should the OP follow to rectify his problem?
 >> Stay informed about: Trojan Agent Winlogonhook 

"Gary Cramble" <> wrote in message news:
>I keep seeing this little buggar pop up, even after spyware cleaners say it
>has been removed. I ran Spysweeper and Ad AwareSE, both find it as a Trojan
>in the hkey_local_machine part of the registry. yet, it keeps coming back
>after removal/quarantine. norton doesn't even recognize it as anything
>which makes me wonder if it's anything at all.
>
> Any help, suggestions on how to get rid of this thing? also, since it's
> arrival, windows installer keeps trying to install programs that already
> are installed. very annoying. thanks in advance for any help.
> gary
Have you tried Ad-aware in safe mode, but first, turn off system restore
before booting in safe mode.
Then boot normally and see if it is still gone and turn restore back on.
You can find how to turn system restore off/on by a search of help for
system restore. You can also learn how to do a clean boot from links at:

http://www.claymania.com/removal-trojan-adware.html
 >> Stay informed about: Trojan Agent Winlogonhook 

"Gary Cramble" <gcramble.RemoveThis@yahoo.net> wrote in message
news:13irq7fn3mech54@corp.supernews.com...
>I keep seeing this little buggar pop up, even after spyware cleaners
>say it has been removed. I ran Spysweeper and Ad AwareSE, both find it
>as a Trojan in the hkey_local_machine part of the registry. yet, it
>keeps coming back after removal/quarantine. norton doesn't even
>recognize it as anything which makes me wonder if it's anything at all.
> Any help, suggestions on how to get rid of this thing? also, since
> it's arrival, windows installer keeps trying to install programs that
> already are installed. very annoying. thanks in advance for any help.

Download and scan with SUPERAntiSpyware Free
http://www.superantispyware.com/

* Double-click SUPERAntiSypware.exe and use the default settings for
installation.
* An icon will be created on your desktop. Double-click that icon to
launch the program.
* If asked to update the program definitions, click "Yes". If not,
update the definitions before scanning by selecting "Check for Updates".
(If you encounter any problems while downloading the updates, manually
download them from here and unzip into the program's folder.)
* Under "General and Startup", make sure "Start SUPERAntiSpyware when
Windows starts" box is unchecked.
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all
others unchecked):
o Close browsers before scanning.
o Scan for tracking cookies.
o Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen and exit
the program.
* Do not run a scan just yet.

Reboot your computer in "SAFE MODE" using the F8 method. To do this,
restart your computer and after hearing your computer beep once during
startup (but before the Windows icon appears) press the F8 key
repeatedly. A menu will appear with several options. Use the arrow keys
to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:

* Launch the program and back on the main screen, under "Scan for
Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan and
click "Next".
* After the scan is complete, a Scan Summary box will appear with
potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete".
Click "OK" and then click the "Finish" button to return to the main
menu.
* If asked if you want to reboot, click "Yes" and reboot normally.
* To retrieve the removal information after reboot, launch
SUPERAntispyware again.
o Click Preferences, then click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o If there are several logs, click the current dated log and press View
log. A text file will open in your default text editor.
* Click Close to exit the program.

Here is a decription of your malware:
Trojan Agent Winlogonhook:
http://research.spysweeper.com/search.php?serialnumber=UY0Z74II

Since you may never be sure your system is entirely free of this type of
infestation, it is best to format and clean install your OS...

-jen
 >> Stay informed about: Trojan Agent Winlogonhook 

"jen" <jen.RemoveThis@example.com> wrote in message
news:FRHXi.21534$u7.3909@bignews2.bellsouth.net...
> "Gary Cramble" <gcramble.RemoveThis@yahoo.net> wrote in message
> news:13irq7fn3mech54@corp.supernews.com...
>>I keep seeing this little buggar pop up, even after spyware cleaners
>>say it has been removed. I ran Spysweeper and Ad AwareSE, both find it
>>as a Trojan in the hkey_local_machine part of the registry. yet, it
>>keeps coming back after removal/quarantine. norton doesn't even
>>recognize it as anything which makes me wonder if it's anything at
>>all.
>> Any help, suggestions on how to get rid of this thing? also, since
>> it's arrival, windows installer keeps trying to install programs that
>> already are installed. very annoying. thanks in advance for any help.
>
> Download and scan with SUPERAntiSpyware Free
> http://www.superantispyware.com/
>
> * Double-click SUPERAntiSypware.exe and use the default settings for
> installation.
> * An icon will be created on your desktop. Double-click that icon to
> launch the program.
> * If asked to update the program definitions, click "Yes". If not,
> update the definitions before scanning by selecting "Check for
> Updates". (If you encounter any problems while downloading the
> updates, manually download them from here and unzip into the program's
> folder.)
> * Under "General and Startup", make sure "Start SUPERAntiSpyware when
> Windows starts" box is unchecked.
> * Under "Configuration and Preferences", click the Preferences button.
> * Click the Scanning Control tab.
> * Under Scanner Options make sure the following are checked (leave all
> others unchecked):
> o Close browsers before scanning.
> o Scan for tracking cookies.
> o Terminate memory threats before quarantining.
> * Click the "Close" button to leave the control center screen and exit
> the program.
> * Do not run a scan just yet.
>
> Reboot your computer in "SAFE MODE" using the F8 method. To do this,
> restart your computer and after hearing your computer beep once during
> startup (but before the Windows icon appears) press the F8 key
> repeatedly. A menu will appear with several options. Use the arrow
> keys to navigate and select the option to run Windows in "Safe Mode".
>
> Scan with SUPERAntiSpyware as follows:
>
> * Launch the program and back on the main screen, under "Scan for
> Harmful Software" click Scan your computer.
> * On the left, make sure you check C:\Fixed Drive.
> * On the right, under "Complete Scan", choose Perform Complete Scan
> and click "Next".
> * After the scan is complete, a Scan Summary box will appear with
> potentially harmful items that were detected. Click "OK".
> * Make sure everything has a checkmark next to it and click "Next".
> * A notification will appear that "Quarantine and Removal is
> Complete". Click "OK" and then click the "Finish" button to return to
> the main menu.
> * If asked if you want to reboot, click "Yes" and reboot normally.
> * To retrieve the removal information after reboot, launch
> SUPERAntispyware again.
> o Click Preferences, then click the Statistics/Logs tab.
> o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
> o If there are several logs, click the current dated log and press
> View log. A text file will open in your default text editor.
> * Click Close to exit the program.
>
> Here is a decription of your malware:
> Trojan Agent Winlogonhook:
> http://research.spysweeper.com/search.php?serialnumber=UY0Z74II
>
> Since you may never be sure your system is entirely free of this type
> of infestation, it is best to format and clean install your OS...

ps.
If you encounter any problems while downloading the updates, manually
download them from here:
http://www.superantispyware.com/definitions.html

-jen
 >> Stay informed about: Trojan Agent Winlogonhook 

pcbutts1 wrote:
> Use Remove-it version 14, it's fast and free.

and greyware...

--
"it's not the right time to be sober
now the idiots have taken over
spreading like a social cancer,
is there an answer?"
 >> Stay informed about: Trojan Agent Winlogonhook 

sorry hun . . . i wasn't replying to your post directly, that's just where
it attached. i was raging back at some posters prior to yours. i did get it
resolved, and using some of your advice, thanks. but please know my blast at
the sales world wasn't directed to you : )


"jen" <jen.DeleteThis@example.com> wrote in message news:7bnYi.51269
>
> Superantispyware *is* free, and will clean the rest of the junk off your
> system as well as can be done... If you don't want to follow the
> proceedure I outlined for your *critical* infestation, then as I said do
> this:
>
> Since you may never be sure your system is entirely free of this type of
> infestation, it is best to format and clean install your OS...
>
> -jen
 >> Stay informed about: Trojan Agent Winlogonhook