Trojan/virus removal (coolweb ?), dll problem

[gmack]

Hi !

I'm new here, at this forum.

I was trying to remove Trojan/virus (cool.exe, Yazzle1162OinAdmin.exe and windyi32.dll amongst other). I followed the tutorial om this site THIS ONE

But something went wrong, it looks like I removed it (not sure) but I got problem with an DLL (windyi32.dll) that I can't unregister, and now I want to remove this entry, the dll looks to be removed. I attach log file from HJT, killbox and Trend Micro System Cleaner.

 

[tomrca]

if you need dll files go HERE. one thing i would advise you to do is to remove norton. zonealarm and norton are not compatible

 

[gmack]

This DLL is a bad one... so i removed it but some entries seams to be left so according to hijakthis, now i want to remove this but cant....

normally you "regsrv32 /u windyi32.dll" to remove this entry , but i cant it needs the dll and this dll i dont want to bring back. I thing i have cleaned my computer, because the files doesn't pop up any more. only this entry when i run hijakthis. I'm not 100% sure that i have cleaned my system....

(sorry for my poor English )

 

[howard_hopkinso]

Hello and welcome to Techspot.

Your HJT log is clean.

Have HJT fix this inactive entry.

O20 - Winlogon Notify: windyi32 - windyi32.dll (file missing)

The windyi32.dll file is nasty and it`s a good job you got rid of it.

You might want to run AVG antispyware and post the log here. Let us know if you`re still having any problems.

Regards Howard :wave: :wave:

This thread is for the use of gmack only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[gmack]

Looks like problem solved, here ar some logfiles.

avg spyware before and after removal and hjt after...

 

[howard_hopkinso]

Have HJT fix these entries, if you don`t know what they are.

O16 - DPF: {0018A71D-26DA-4707-AF52-E0B9D39796F2} (LaFargeOnline Control) - http://lafarge.kampanj.nu/LafargeOnline.cab

O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/access/aslibmain/content/AcpControl.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{36DDDE3C-6753-438E-BBF4-7F179C784D76}: NameServer = 195.58.xxx.xx,213.150.xxx.xxx<Only fix this if it doesn`t belong to your ISP.

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = m.corp<Only fix this if you don`t recognise m.corp.

Other than the above possible dodgy entries, your HJT log is clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard

This thread is for the use of gmack only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.

 

[gmack]

O16 - DPF: {0018A71D-26DA-4707-AF52-E0B9D39796F2} (LaFargeOnline Control) - http://lafarge.kampanj.nu/LafargeOnline.cab

removed - roofing company, i looked for roof shouldn't be a problem

O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - https://www-307.ibm.com/pc/support/a...AcpControl.cab

using a IBM thinkpad - installed a software in IE that helps to upgrade driver ...
shouldn't be a problem

O17 - HKLM\System\CCS\Services\Tcpip\..\{36DDDE3C-6753-438E-BBF4-7F179C784D76}: NameServer = 195.58.xxx.xx,213.150.xxx.xxx<Only fix this if it doesn`t belong to your ISP.

ISP DNS...

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = m.corp<Only fix this if you don`t recognise m.corp.

discised company name (by me, sorry)

I'll can't find any suspicius, when i make a "re-run" of all scans... i'll re-scan every day for the next couple off days.

 

[howard_hopkinso]

Ok, no problem mate.

Regards Howard

This thread is for the use of gmack only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.