i have a trojan downloader called Win32SillyDI.AEI!.exe... i keep getting this IE page load over and over every five minutes like clockwork. the address is the same, but the page changes. ive tried everything to get rid of it but nothing works. i also tried the ewido online scanner. it found 25 entries, and i deleted them, but when i rebooted, the random web pages started loading again. i dont know what to do. can you help me please?

fay

Attached Files

hijackthis041906.log (14.1 KB, 3 views)

Hya Fay , welcome to PCHF.



Please download Process Explorer by Systernals from HERE.

Also download KillBox by Option^Explicit from HERE.


Then boot up in SAFE MODE and stay in safe mode (hit f8 when booting up), untill the entire fix is done.

Unzip Process Explorer and double click on procexp.exe

In the top section of the Process Exlporer screen double click on winlogon.exe to bring up the winlogon.exe properties screen. Click on the Threads tab at the top.
Once you see this screen click on each instance of oihapgof.dll and EQMini.dll once and then click the kill button.
After you have killed all of the oihapgof.dll's and EQMini.dll's under winlogon click OK.

Next In the top section of the Process Exlporer screen again , double click on explorer.exe and again click once on each instance of oihapgof.dll and EQMini.dll then click the kill button.

Once you have done that click OK again.


Next run HijackThis and place a check beside each of the following:

Then do a search for these two file on youre pc:

oihapgof.dll and EQMini.dll

And write down there location.

For example:
C:\WINDOWS\system32\oihapgof.dll
C:\WINDOWS\system32\EQMini.dll

Start Killbox and place a tick next to [x]delete on reboot.
And press the "all files" button. (just above the yellow triangle)

Then copy the filepath plus names you just looked up to the windows clipboard:

For example:
C:\WINDOWS\system32\oihapgof.dll
C:\WINDOWS\system32\EQMini.dll

Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt, then click OK.
Exit Killbox and restart your PC.



Also it seems you have no firewall installed , have a look in our download section for some free firewalls if you want.

When done , please post a new hjt log , and could you also post the log from the Ewido scan you did?

what do i do about system restore when i do these steps that i have been given? do i leave it off, do the steps then turn it back on...im so confused when exactly to disable and re-enable and how will i know my pc is clean of the infections

You can turn system restore of for now. And indeed turn it back on when youre clean. And i'll check youre new logs when you post them , and say if they are clean or that more needs to be done first.

Hi Joe, this is kay, fay's sister, she is the process of doing the steps you gave her (we are speaking by phone) she clicked on winlogon.exe in the process explorer..clicked on threads tab and can't find oihapgof.dll and EQMini.dll. she's reaaaally stuck. this is all new to her. thank you.

Hya Kay.

Most of the time with entry's like that Process explorer is needed to stop them , but not always.

Just continue here:

But if they are also not present there then just skip the Process Explorer completly.