1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Numerous viruses...Please help

Discussion in 'Virus & Other Malware Removal' started by Christina014, Nov 1, 2007.

Thread Status:
Not open for further replies.
  1. Christina014

    Christina014 Thread Starter

    Feb 28, 2006
    My neighbor asked me to help out with their computer because they kept getting pop-ups so I came over to check it out. Well, I found way more than I bargained for and am at a total loss as to what to do. Hijack This is on this computer but it won't let me open it or any other program for that matter. I wasn't really sure what to do so I ran the free McAfee online scan (listed below) and said that there were 23 viruses. It is running Windows XP and has the latest verion of IE. Any thoughts or hints in the right direction would be greatly appreciated.


    C:\Documents and Settings\...\Temp\bvwmsvgk.exe Adclicker-FK
    C:\Documents and Settings\...\Tools\pg.dll Winfixer
    C:\Documents and Settings\...\Tools\IEFWBHO.dll Winfixer
    C:\Documents and Settings\...\Tools\pg.dll Winfixer
    C:\Documents and Settings\...\Z720ZNCF\vasya[1] Adclicker-FK
    C:\Documents and Settings\...\Temp\qrjatydi.exe Winfixer
    C:\Documents and Settings\...\7MAEXBF6\lkjh[1] Downloader-BEA
    C:\Documents and Settings\...\7MAEXBF6\vasya[1] Adclicker-FK
    C:\Documents and Settings\...\upd32_v13[1] Vundo
    C:\Documents and Settings\...\valera[1] Adclicker-FK
    C:\Documents and Settings\...\TNLGF697\gepj[1] Vundo
    C:\Program Files\...\hokesocun83122.dll Downloader-BEC
    C:\WINDOWS\system32\apqyocgr.exe Adclicker-FK
    C:\WINDOWS\system32\bblqaxnj.exe Adclicker-FK
    C:\WINDOWS\system32\bjtujulh.dll Vundo
    C:\WINDOWS\system32\cp1\dode83122.exe Downloader-BEC.dr
    C:\WINDOWS\system32\fxrrkccu.dll Vundo
    C:\WINDOWS\system32\geedc.dll Vundo
    C:\WINDOWS\system32\khjvtbdf.dll Vundo
    C:\WINDOWS\system32\od2\c94bvr.exe Adware-WebBuying
    C:\WINDOWS\system32\okcvnwfd.exe Adclicker-FK
    C:\WINDOWS\system32\oTt02e\oTt02e1065.exe Generic Downloader.s
    C:\WINDOWS\system32\qrlqyvir.exe Adclicker-FK
    C:\WINDOWS\system32\yayxvvw.dll Vundo
    C:\WINDOWS\system32\zyuouezp.dll Vundo
  2. racenutalways


    Mar 10, 2005
    Hello Christina and welcome to TSG. That computer is badly infected, as I understand it, you can not run any programs at all.
    If the \exefile\shell\open\command key is changed, the threat will run each time that you run any .exe file. This may also stop you from running the Registry Editor to try to fix this.

    Let's see if we can fix it, then we can get busy on cleaning that computer up.(y)

    Follow these steps:

    Download the file UnHookExec.inf and save it to your Desktop.

    (If you cannot connect to the Internet from the infected computer, download to an uninfected computer then save it to a floppy disk or flash drive. Then take the floppy disk(flash drive) and insert it in the infected computer.)

    Locate the download file, either on the Desktop or the floppy or flash drive.

    Double click the UnHookExec.inf file to install. (This is a small file. It does not display any notice or boxes when you run it.)

    Download ComboFix from Here or Here to your Desktop.
    • Double click combofix.exe and follow the prompts.
    • When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
    Note: Do not mouseclick combofix's window while its running. That may cause it to stall
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/646387

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice