If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Any idea what process byvwghpy.dll belongs to?
Using XP SP2.
If I boot the system without being connected to the Network all is fine. But as soon as i connect, file byvwghpy.dll appears under the Windows/system directory. My virus software shows the following and does delete it, but once connected to the Internet it reappears. Files Infected: C:\WINDOWS\system32\byvwghpy.dll (Trojan.FakeAlert) - Quarantined and deleted successfully. Searching using Google does not return any items. Anyone have any ideas on this? Thanks |
Ads |
#2
|
|||
|
|||
Any idea what process byvwghpy.dll belongs to?
What do you have for firewall software/hardware?
What are you using for Antivirus/malware? I suggest you start looking into other malware protection software, ie malwarebytes. "JNLSeb" wrote: Using XP SP2. If I boot the system without being connected to the Network all is fine. But as soon as i connect, file byvwghpy.dll appears under the Windows/system directory. My virus software shows the following and does delete it, but once connected to the Internet it reappears. Files Infected: C:\WINDOWS\system32\byvwghpy.dll (Trojan.FakeAlert) - Quarantined and deleted successfully. Searching using Google does not return any items. Anyone have any ideas on this? Thanks |
#3
|
|||
|
|||
Any idea what process byvwghpy.dll belongs to?
That file is hidden in RAM and copies itself when deleted.
Use SUPERAntiSpyware to clean your system. http://www.superantispyware.com/ ju.c "JNLSeb" wrote in message ... Using XP SP2. If I boot the system without being connected to the Network all is fine. But as soon as i connect, file byvwghpy.dll appears under the Windows/system directory. My virus software shows the following and does delete it, but once connected to the Internet it reappears. Files Infected: C:\WINDOWS\system32\byvwghpy.dll (Trojan.FakeAlert) - Quarantined and deleted successfully. Searching using Google does not return any items. Anyone have any ideas on this? Thanks |
#4
|
|||
|
|||
Any idea what process byvwghpy.dll belongs to?
There's a very strong possibility that you have a Vundo infection, which is
usually accompanied by ZLOB and/or SDBot infections, all of which are protected by a rootkit. 1. See if you can download/run the MSRT manually: http://www.microsoft.com/security/ma...e/default.mspx 2. Run this online scan (in safe mode w/networking, if need be): http://onecare.live.com/site/en-us/center/howsafe.htm 3. Run additional checks for hijackware, including posting your hijackthis log to an appropriate forum. Checking for/Help with Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://aumha.net/viewtopic.php?t=5878 http://wiki.castlecops.com/Malware_R...:_Introduction http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/data/prevention.htm http://inetexplorer.mvps.org/tshoot.html http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine2.blogspot.com/ http://www.elephantboycomputers.com/...moving_Malware When all else fails, HijackThis v2.0.2 (http://aumha.org/downloads/hijackthis.exe) is the preferred tool to use (in conjuction with some other utilities). HijackThis will NOT fix anything on its own, but it will help you to both identify and remove any hijackware/spyware with assistance from an expert. **Post your log to http://spywarehammer.com/simplemachi...php?board=10.0, http://forums.spybot.info/forumdisplay.php?f=22, http://aumha.net/viewforum.php?f=30, or another appropriate forum for review by an expert in such matters, not here.** If the procedures look too complex - and there is no shame in admitting this isn't your cup of tea - take the machine to a local, reputable and independent (i.e., not BigBoxStoreUSA) computer repair shop. -- ~Robear Dyer (PA Bear) MS MVP-IE, Mail, Security, Windows Desktop Experience - since 2002 AumHa VSOP & Admin http://aumha.net DTS-L http://dts-l.net/ JNLSeb wrote: Using XP SP2. If I boot the system without being connected to the Network all is fine. But as soon as i connect, file byvwghpy.dll appears under the Windows/system directory. My virus software shows the following and does delete it, but once connected to the Internet it reappears. Files Infected: C:\WINDOWS\system32\byvwghpy.dll (Trojan.FakeAlert) - Quarantined and deleted successfully. Searching using Google does not return any items. Anyone have any ideas on this? Thanks |
Thread Tools | |
Display Modes | |
|
|