TechSpot

Trojan/virus removal (coolweb ?), dll problem

By gmack
Oct 26, 2006
  1. Hi !

    I'm new here, at this forum.

    I was trying to remove Trojan/virus (cool.exe, Yazzle1162OinAdmin.exe and windyi32.dll amongst other). i followed the tutorial om this site THIS ONE

    But something went wrong, it looks like i removed it (not sure) but i got problem with an DLL (windyi32.dll) that i can't unregister, and now i want to remove this entry, the dll looks to be removed. i attach log file from HJT, killbox and Trend Micro System Cleaner.
     

    Attached Files:

  2. tomrca

    tomrca TS Rookie Posts: 1,051

    if you need dll files go HERE. one thing i would advise you to do is to remove norton. zonealarm and norton are not compatible
     
  3. gmack

    gmack TS Rookie Topic Starter

    This DLL is a bad one... so i removed it but some entries seams to be left so according to hijakthis, now i want to remove this but cant....

    normally you "regsrv32 /u windyi32.dll" to remove this entry , but i cant it needs the dll and this dll i dont want to bring back. I thing i have cleaned my computer, because the files doesn't pop up any more. only this entry when i run hijakthis. I'm not 100% sure that i have cleaned my system....

    (sorry for my poor English )
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Your HJT log is clean.

    Have HJT fix this inactive entry.

    O20 - Winlogon Notify: windyi32 - windyi32.dll (file missing)

    The windyi32.dll file is nasty and it`s a good job you got rid of it.

    You might want to run AVG antispyware and post the log here. Let us know if you`re still having any problems.

    Regards Howard :wave: :wave:

    This thread is for the use of gmack only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. gmack

    gmack TS Rookie Topic Starter

    Looks like problem solved, here ar some logfiles.

    avg spyware before and after removal and hjt after...
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Have HJT fix these entries, if you don`t know what they are.

    O16 - DPF: {0018A71D-26DA-4707-AF52-E0B9D39796F2} (LaFargeOnline Control) - http://lafarge.kampanj.nu/LafargeOnline.cab

    O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab

    O17 - HKLM\System\CCS\Services\Tcpip\..\{36DDDE3C-6753-438E-BBF4-7F179C784D76}: NameServer = 195.58.xxx.xx,213.150.xxx.xxx<Only fix this if it doesn`t belong to your ISP.

    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = m.corp<Only fix this if you don`t recognise m.corp.

    Other than the above possible dodgy entries, your HJT log is clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of gmack only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. gmack

    gmack TS Rookie Topic Starter

    removed - roofing company, i looked for roof shouldn't be a problem

    using a IBM thinkpad - installed a software in IE that helps to upgrade driver ...
    shouldn't be a problem
    ISP DNS...

    discised company name (by me, sorry)

    I'll can't find any suspicius, when i make a "re-run" of all scans... i'll re-scan every day for the next couple off days.
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Ok, no problem mate.

    Regards Howard :)

    This thread is for the use of gmack only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.