Unknown virus

[Envo]

Any thoughts, please?

SOS from daughter. Her PC (XP) has caught an "unknown virus", which her AV
programme (not sure which one) cannot remove. It tells her, however, that
the virus has created 'Windows/system32/Bh3kkDPV.exe', the effect of which
seems to be to misdirect IE to alternate addresses from those expected.
Googling 'Bh3kkDPV' gives a Nil result. Does the panel think that removal
of the exe file will work? Any other bright ideas?

TIA


Envo

 

[Elmo]

Any thoughts, please?

SOS from daughter. Her PC (XP) has caught an "unknown virus", which her AV
programme (not sure which one) cannot remove. It tells her, however, that
the virus has created 'Windows/system32/Bh3kkDPV.exe', the effect of which
seems to be to misdirect IE to alternate addresses from those expected.
Googling 'Bh3kkDPV' gives a Nil result.

Malware has a habit of creating random filenames so you can't look up
the specific malady. The fact that the filename is randomly named, and
isn't available in searches, re-enforces the suspicion that it's malicious.

Does the panel think that removal
of the exe file will work? Any other bright ideas?

It's doubtful you can remove it, as it'll be running. Try deleting it
in Safe Mode, or do a search for malwarebytes or superantispyware,
perhaps on another machine, download, and store on a thumbdrive and load
onto the laptop. Then run in Safe Mode with Networking. Make sure to
get any updates before running.

 

[Leonard Grey]

Time to show the computer to a professional. Do it now and she may save
her computer from being totally hosed. Make her pay the technician from
her own money.

 

[Kayman]

Any thoughts, please?

SOS from daughter. Her PC (XP) has caught an "unknown virus", which her AV
programme (not sure which one) cannot remove. It tells her, however, that
the virus has created 'Windows/system32/Bh3kkDPV.exe', the effect of which
seems to be to misdirect IE to alternate addresses from those expected.
Googling 'Bh3kkDPV' gives a Nil result. Does the panel think that removal
of the exe file will work? Any other bright ideas?

1.Clear the (IE) temporary Internet files and the history cache.
Click Start==>Run... then type (or copy/paste) "inetcpl.cpl" (w/out
quotation marks) into the box, then click the 'OK' button.
In Internet Properties panel 'General' tab, under 'Browsing history', click
'Delete...'button, in 'Delete Browsing History' panel, click the 'Delete
all...'button then place a checkmark into the box beside 'Also delete files
and settings stored by add-ons', Click 'Yes' and exit the Internet
Properties panel by clicking the 'OK' button.

2.Clean HDD
Click Start==>Run... then type (or copy/paste) "cleanmgr" (w/out quotation
marks into the box, then click the 'OK' button. Select your drive
(presumably WinXP (C and click OK.

3.Download/execute:
Malwarebytes© Corporation - Anti-Malware
http://www.malwarebytes.org/mbam/program/mbam-setup.exe
--and--
SuperAntispyware - Free
http://www.superantispyware.com/superantispywarefreevspro.html

4.Download and execute HiJack This! (HJT)
http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Please, do not post HJT logs to this newsgroup.
Fora where you can get expert advice for HiJack This! (HJT) logs.

http://www.thespykiller.co.uk/index.php?board=3.0
http://www.spywarewarrior.com/viewforum.php?f=5
http://forums.tomcoyote.org/index.php?showforum=27
http://www.bleepingcomputer.com/forums/forum22.html
http://www.malwarebytes.org/forums/index.php?showforum=7
http://www.5starsupport.com/ipboard/index.php?showforum=18
http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29

NOTE: Registration is required in any of the above mentioned fora
before posting a HJT log and read the 'stickies'
(instructions/guidelines) for the respective HJT forum.

5.Routinely practice Safe-Hex.
http://www.claymania.com/safe-hex.html