By ZoSo_kg
Apr 13, 2007
  1. My kaspersky has detected that my winlogon ole2.dll is infected, and it can't disinfect it. Here's my log
  2. momok

    momok TS Rookie Posts: 2,265


    Your system is infected with at least a trojan, Megaupload toolbar adware and possibly other malware.

    Important: Please read this thread HERE before you decide whether to clean or reformat your system.

    Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps to cleaning your computer.
    Do follow all the instructions exactly.

    However, you are running an outdated version of HijackThis.

    You can get recieve instructions for getting the latest HijackThis from HERE.

    Thereafter, please post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread.
    Do not copy and paste if not it will be ignored and/or removed by the moderators.

    The logs will enable us to understand more about the problems on your system.
  3. ZoSo_kg

    ZoSo_kg TS Rookie Topic Starter Posts: 20

    Here's new log
  4. momok

    momok TS Rookie Posts: 2,265


    Your system is infected with a trojan and adware.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Go to start > run and type services.msc. Press the enter key.

    Search for the following services(if there) double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.


    Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:


    Go to Start > Control Panel > Add or Remove Programs. Remove Megaupload Toolbar if found.

    Run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked":
    O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\UpMedia\ContentTool.dll
    O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
    O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

    Close HJT.

    Navigate in Windows Explorer and delete the following files and folders in bold.
    C:\Program Files\Megaupload Toolbar\

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post a fresh HJT and AVG Antispyware log from normal mode as an attachment into this thread.
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    ZoSo_kg: You need to follow the Instructions HERE and post all the requested log files as attachments.

    momok: Only nasty 04 run services and 023 services entries need to be disabled and stopped in services.msc

    Regards Howard :)
  6. ZoSo_kg

    ZoSo_kg TS Rookie Topic Starter Posts: 20

    I did online virus scan and here's my new HJT log. Should I do the other remaining steps?
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, follow all the steps and post the requested log files only after you`ve finished.

    Regards Howard :)
  8. ZoSo_kg

    ZoSo_kg TS Rookie Topic Starter Posts: 20

    Here's what I got out from avg anti-rootkit
    c:\programf iles\internet explerer\iexplore.exe
    c:\programf iles\internet explerer\iexplore.exe
    And zone alarm is telling me that iexplore.exe is violating some rules about e-mail sending but now it just stoped. And some times when i start cpu in task manager I have two iexplore.exe runing but I didn't turn them on. And my modem send and recive diodes are always flickering and I'm not doing anything on the net but I'm connected.
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    For the fifth time of asking, please post all the requested log files as attachments. Unless you do, there`s nothing we can do to help you. Don`t do anything with the files AVG Antirootkit has thrown up.

    Regards Howard :)
  10. ZoSo_kg

    ZoSo_kg TS Rookie Topic Starter Posts: 20

    Here are my new logs you've asked and now I don't have any virus simptoms after compleating all your steps you're the best thanks! And avg anti-rootkit doesn't report anything.

    Attached Files:

  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I`m very sorry to tell you this, but the reason your system is so badly infected, is due to all the pirated software you`re running. This can be clearly seen in your AVG Antispyware log.

    Unfortunately for you, Techspot has a very strict policy of not condoning any form of piracy and therefore I am unable to help you with this.

    The best advice I can give you is to reformat your system and install only legitimate programmes etc.

    Thread Closed.

    Regards Howard.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...