On 7 Dec 2005 00:55:05 -0000, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > I had the same problem as you. First SpySheriff and then the strange winlogon > behaviour (with manwithnoname.biz). I think I solved it with Spyware Doctor. > I run fullsystem scan for several times, then also in safemode and the > problem seems to dissapear. My firewall network activity watcher doesnt > report the actvity of winlogon.exe any more. So try it and you will see. >
I dealt with a similar problem recently; instructions from both McAfee and Symantec failed to fix it, although McAfee's scanner managed to pop up a warning every couple seconds that there was a virus. Winlogon was loading a dll at startup, which would check on shutdown that it was properly written into the registry so that it would be loaded again on startup. In short, you couldn't just delete registry entries, because they'd get written back again when you turned off the machine. The solution was to use SysInternals' Process Explorer to suspend the winlogon process, clean all references to that particular dll from the registry, and power off the computer without shutting down normally. -Josh
