Просмотр полной версии : Removing Look2Me and other Winlogon trojans

03.08.2007, 06:04
To remove Look2Me and other trojans using Windows Logon for their hidden startup, you need to do the following.

1. Scan your system with HiJackThis (http://www.trendsecure.com/portal/en-US/threat_analytics/hijackthis.php)

3. Remember the files desribed as "O20 - Winlogon Notify:"

4. Run AVZ (http://z-oleg.com/avz4en.zip), enable AVZGuard subsystem. Go to File - Delayed File Deleting, choose the files you want to delete. Agree, if the Toolkit asks you about creating the Quarantine folder.

5. Reboot, not disabling AVZGuard.

6. If you asked for help in Help Me section of this forum, make new logfiles and attach them to your thread.

Remember! Some legitimate programs, being free of spyware, adware, etc, still also use Winlogon for their startup. Be careful about their deletion.