Winlogon

Status
Not open for further replies.

ZoSo_kg

Posts: 20   +0
My kaspersky has detected that my winlogon ole2.dll is infected, and it can't disinfect it. Here's my log
 
Hi,

Your system is infected with at least a trojan, Megaupload toolbar adware and possibly other malware.

Important: Please read this thread HERE before you decide whether to clean or reformat your system.

Should you decide to clean your computer, please go ahead to Viruses/Spyware/Malware, preliminary removal instructions and follow the steps to cleaning your computer.
Do follow all the instructions exactly.

However, you are running an outdated version of HijackThis.

You can get recieve instructions for getting the latest HijackThis from HERE.


Thereafter, please post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread.
Do not copy and paste if not it will be ignored and/or removed by the moderators.

The logs will enable us to understand more about the problems on your system.
 
Hi,

Your system is infected with a trojan and adware.

You may wish to copy and paste these instructions on notepad for easier reference later.

Boot into safe mode under your normal user name. See how HERE

Next turn on "Show all files and folders, including hidden and system". See how HERE

Go to start > run and type services.msc. Press the enter key.

Search for the following services(if there) double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

rpcc.dll
ContentTool.dll


Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

rpcc.dll
ContentTool.dll


Go to Start > Control Panel > Add or Remove Programs. Remove Megaupload Toolbar if found.

Run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked":
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: ohb - {5ED7D3DE-6DBE-4516-8712-01B1B64B7057} - C:\WINDOWS\system32\UpMedia\ContentTool.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll

Close HJT.

Navigate in Windows Explorer and delete the following files and folders in bold.
C:\WINDOWS\system32\UpMedia\
C:\WINDOWS\system32\rpcc.dll
C:\Program Files\Megaupload Toolbar\

Reboot into normal mode and rehide your protected OS files.

Thereafter, please post a fresh HJT and AVG Antispyware log from normal mode as an attachment into this thread.
 
ZoSo_kg: You need to follow the Instructions HERE and post all the requested log files as attachments.

momok: Only nasty 04 run services and 023 services entries need to be disabled and stopped in services.msc

Regards Howard :)
 
Here's what I got out from avg anti-rootkit
c:\windows\system32\svchost.exe
c:\programf iles\internet explerer\iexplore.exe
c:\programf iles\internet explerer\iexplore.exe
And zone alarm is telling me that iexplore.exe is violating some rules about e-mail sending but now it just stoped. And some times when i start cpu in task manager I have two iexplore.exe runing but I didn't turn them on. And my modem send and recive diodes are always flickering and I'm not doing anything on the net but I'm connected.
 
For the fifth time of asking, please post all the requested log files as attachments. Unless you do, there`s nothing we can do to help you. Don`t do anything with the files AVG Antirootkit has thrown up.

Regards Howard :)
 
Here are my new logs you've asked and now I don't have any virus simptoms after compleating all your steps you're the best thanks! And avg anti-rootkit doesn't report anything.
 

Attachments

  • Report-Scan-20070414-143209.txt
    25.1 KB · Views: 5
I`m very sorry to tell you this, but the reason your system is so badly infected, is due to all the pirated software you`re running. This can be clearly seen in your AVG Antispyware log.

Unfortunately for you, Techspot has a very strict policy of not condoning any form of piracy and therefore I am unable to help you with this.

The best advice I can give you is to reformat your system and install only legitimate programmes etc.

Thread Closed.

Regards Howard.
 
Status
Not open for further replies.
Back