Hello,
I have found these two suspicious files on my computer in C:\WINDOWS\System32
corpolw.dll
tb10hbzt.exe

I have searched the internet and can find 'nothing' about these two files.
I have tried various programs to 'unlock' and delete 'corpolw.dll' but cannot.
I have established 'explorer.exe' has control of 'corpolw.dll'
I have 'terminated' explorer.exe in 'safe mode' and tried to delete with 'killbox'--but no success.
I am not sure if they are causing the following problem:-
(I am using IE6--WinXP Pro SP1a,)
When I click on 'links' to web pages found in Google,-instead of opening up the web page--I get a blank page wi th the following address:-
http://89.149.227.101/click.php?c=972af1320460d67ad06f4004&r=3

It doesn't happen everytime.And when it does, I click on 'back' and then click on the web link again.I keep repeating this until the web page opens correctly.
The problem is only with IE6 and not with other browsers-'OPERA'

--please help-

Please attach the two files here in a password-protected archive with password: infected
Thank you!

Might wanna de-linkify the OP's linky

Have a look at http://wiki.castlecops.com/MRP

After you've followed the instructions, if you are still infected or worried that you may be please make a post in /f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html and someone will help you.

Click on "post reply"

/modules.php?name=Forums&file=posting&mode=reply&t=210994

Then under the main text box click on "browse", find the file, then click on "add attachment" and finally click on submit.

corpolw.dll is malware known as Trojan.Win32.BHO.agz (Kaspersky)

Once you have removed all the malware I suggest you install Windows XP Service Pack 2. You can download it from Microsofts website for free.

Once you have installed Service Pack 2, visit Windows Update using IE6 and install all the updates.

If you know how to do a fresh install then that might be the best idea. Once you've installed XP make sure you install Service Pack 2 and update IE to IE7. You could also install Windows Defender as well as your existing AV program.

If you don't want to re-install Windows make a post here /f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html

[quote="bottlebrush"]Hello,
I have found these two suspicious files on my computer in C:\WINDOWS\System32
corpolw.dll
tb10hbzt.exe

If you are sure that you know what you're doing you can reboot your machine using a linux live cd (e.g. knoppix) map your drive (if ntfs use ntfs -3g...) and delete the files that other might be locked by the Windows OS at bootup.
If you need any further help please let me know.

Regards,
Bogdan Dragomir

bottlebrush if you wish to remove this malware without doing a fresh install,send me a private message and ill help you sort it out as quickly as possible.