Malware Removal Information

Ga naar de inhoud

Hoofdmenu

VirusHeat

Infecties > Archief T - Z

VirusHeat is een spywareremover van de zwarte lijst. Het wordt geïnstalleerd op de computer via Zlob infecties.

In de systray zie je een knipperend icoontje (System Alert!) dat je waarschuwt dat de computer geïnfecteerd is.
Het programma VirusHeat wordt op de computer gedropt, vindt een aantal infecties, maar geeft aan deze pas te verwijderen als je het product koopt. En daar is het de makers van deze malware om te doen.

Elke keer de computer opnieuw start, start ook VirusHeat en begint het te scannen.



Kenmerken in een hijackthislog zijn ondermeer deze:

O4 - HKLM\..\Run: [VirusHeat 3.9] "C:\Program Files\VirusHeat 3.9\VirusHeat 3.9.exe" /h
O4 - HKLM\..\Run: [VirusHeat 4.3] "C:\Program Files\VirusHeat 4.3\VirusHeat 4.3.exe" /h
O4 - HKLM\..\Run: [VirusHeat 4.3] "C:\Program Files\VirusHeat 4.3\VirusHeat 4.4.exe" /h
O22 - SharedTaskScheduler: arborize - {d9f6ce57-0718-4bd1-916f-5fb1f86911c2} - C:\WINDOWS\system32\txdkfh.dll
O22 - SharedTaskScheduler: asparagine - {65bbf06c-ea06-4818-92a3-f3550d0e1004} - C:\WINDOWS\system32\rkvdr.dll
O22 - SharedTaskScheduler: auras - {f0d4f88e-e1f8-460f-a41c-6cfb7f73af79} - C:\WINDOWS\system32\xskmoqx.dll
O22 - SharedTaskScheduler: bimaculate - {d70e9b0f-aabc-4066-8176-c6de84d92fa1} - C:\WINDOWS\system32\kknwg.dll
O22 - SharedTaskScheduler: calpastatin - {a0efe2fe-7249-4403-a00b-8be108617c75} - C:\WINDOWS\system32\guadq.dll
O22 - SharedTaskScheduler: communa - {af73a174-ea1b-4f0b-b0b1-fe1486a6719c} - C:\WINDOWS\system32\qdsba.dll
O22 - SharedTaskScheduler: corduroyed - {699fabf8-1087-491f-b57c-80a68929d82b} - C:\WINDOWS\system32\heuvth.dll
O22 - SharedTaskScheduler: delayingly - {e89fa8e9-5c0b-45f6-a70e-f7b177bcd193} - C:\WINDOWS\system32\rtmipr.dll
O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - C:\WINDOWS\system32\wuuawkz.dll
O22 - SharedTaskScheduler: dikage - {d4c51fa4-9192-4a9a-8d2a-a0690c92f171} - C:\WINDOWS\system32\lruvqvw.dll
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll
O22 - SharedTaskScheduler: enviva - {f43bfc6c-47cc-4798-8798-a0721b8ed7ab} - C:\WINDOWS\system32\baoohy.dll
O22 - SharedTaskScheduler: epineurial - {27cb634d-c84e-4c00-9b53-f5523601dbad} - C:\WINDOWS\system32\iinqyl.dll
O22 - SharedTaskScheduler: epistylar - {917f93bf-6714-4e11-8982-59db2e0f88fc} - C:\WINDOWS\system32\eeioq.dll
O22 - SharedTaskScheduler: figpecker - {7d7bd0c4-4913-4933-b870-7388a7bffb82} - C:\WINDOWS\system32\lvhjtsa.dll
O22 - SharedTaskScheduler: frowardness - {b0fdc513-46b9-46fc-8e70-d575ee546dae} - C:\WINDOWS\system32\zfaiqwr.dll
O22 - SharedTaskScheduler: garcea - {eb9f614b-ea44-40d0-8829-542e4f254739} - C:\WINDOWS\system32\rkaxfza.dll
O22 - SharedTaskScheduler: hemimorphite - {12a31567-9883-4cc0-a684-ad5804394d69} - C:\WINDOWS\system32\vualf.dll
O22 - SharedTaskScheduler: hyperproduction - {9d19a1a9-3cdf-4f15-a5ca-ea3905febded} - C:\WINDOWS\system32\wcscqa.dll
O22 - SharedTaskScheduler: important - {9c87cb31-93d0-4f3e-a360-4a91ff77aeb7} - C:\WINDOWS\system32\dcggain.dll
O22 - SharedTaskScheduler: inoperable - {1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0} - C:\WINDOWS\system32\jdxah.dll

Hoe kan je VirusHeat en de Zlob infectie van de computer verwijderen:


Smitfraudfix (gemaakt door S!Ri).

Zie hier
.

Roguescanfix (gemaakt door Beamerke)

Zie hier
.

Manueel verwijderen:

Rechtsklik op het icoontje van VirusHeat in de systray, en kies voor "Exit".
Bevestig de waarschuwing die je krijgt om VirusHeat af te sluiten door op "Ja" te klikken".
Ga naar start - Alle programma's - VirusHeat en kies uninstall VirusHeat 3.9 (of later versies) om het deïnstallatieprocess te starten.
Hernoem het verantwoordelijk bestandje, (zie hieronder) of verwijder dit bestand met behulp van Killbox.
Download Pocket KillBox
.
Unzip het programma naar je bureaublad.
Klik op killbox.exe.
Selecteer de optie “Delete on reboot”.
In het veld “Full path of file to delete" plaats je volledige pad naar het verantwoordelijke bestand.
Klik dan op de knop "Single File".
Klik op de knop met de rode cirkel en het witte kruis.
Wanneer het programma vraagt om nu te rebooten, geef je hier toestemming voor. Klik op de knop "YES".
Na herstart zou de infectie verdwenen moeten zijn.
Om wijzigingen in het register op te ruimen, kan je deze
regfile nog gebruiken.


Gekende varianten:


baoohy.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f43bfc6c-47cc-4798-8798-a0721b8ed7ab}"="enviva"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{f43bfc6c-47cc-4798-8798-a0721b8ed7ab}\InProcServer32]
@="C:\WINDOWS\system32\baoohy.dll"

dcggain.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7}"="important"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9c87cb31-93d0-4f3e-a360-4a91ff77aeb7}\InProcServer32]
@="C:\\WINDOWS\\System32\\dcggain.dll"

eeioq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{917f93bf-6714-4e11-8982-59db2e0f88fc}"="epistylar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{917f93bf-6714-4e11-8982-59db2e0f88fc}\InProcServer32]
@="C:\\WINDOWS\\system32\\eeioq.dll"

guadq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{a0efe2fe-7249-4403-a00b-8be108617c75}"="calpastatin"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a0efe2fe-7249-4403-a00b-8be108617c75}\InProcServer32]
@="C:\\WINDOWS\\system32\\guadq.dll"

heuvth.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{699fabf8-1087-491f-b57c-80a68929d82b}"="corduroyed"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{699fabf8-1087-491f-b57c-80a68929d82b}\InProcServer32]
@="C:\\WINDOWS\\system32\\heuvth.dll"

iinqyl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{27cb634d-c84e-4c00-9b53-f5523601dbad}"="epineurial"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{27cb634d-c84e-4c00-9b53-f5523601dbad}\InProcServer32]
@="C:\\WINDOWS\\system32\\iinqyl.dll

jdxah.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}"="inoperable"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0}\InProcServer32]
@="C:\\WINDOWS\\system32\\jdxah.dll"

kknwg.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d70e9b0f-aabc-4066-8176-c6de84d92fa1}"="bimaculate"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{d70e9b0f-aabc-4066-8176-c6de84d92fa1}\InProcServer32]
@="C:\WINDOWS\system32\kknwg.dll"

lruvqvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d4c51fa4-9192-4a9a-8d2a-a0690c92f171}"="dikage"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d4c51fa4-9192-4a9a-8d2a-a0690c92f171}\InProcServer32]
@="C:\\WINDOWS\\system32\\lruvqvw.dll

lvhjtsa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{7d7bd0c4-4913-4933-b870-7388a7bffb82}"="figpecker"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7d7bd0c4-4913-4933-b870-7388a7bffb82}\InProcServer32]
@="C:\\WINDOWS\\system32\\lvhjtsa.dll"

qdsba.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{af73a174-ea1b-4f0b-b0b1-fe1486a6719c}"="communa"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{af73a174-ea1b-4f0b-b0b1-fe1486a6719c}\InProcServer32]
@="C:\\WINDOWS\\system32\\qdsba.dll

rkvdr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{65bbf06c-ea06-4818-92a3-f3550d0e1004}"="asparagine"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{65bbf06c-ea06-4818-92a3-f3550d0e1004}\InProcServer32]
@="C:\\WINDOWS\\System32\\rkvdr.dll"

rkaxfza.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{eb9f614b-ea44-40d0-8829-542e4f254739}"="garcea"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{eb9f614b-ea44-40d0-8829-542e4f254739}\InProcServer32]
@="C:\\WINDOWS\\system32\\rkaxfza.dll

rtmipr.dll

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e89fa8e9-5c0b-45f6-a70e-f7b177bcd193}"="delayingly"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e89fa8e9-5c0b-45f6-a70e-f7b177bcd193}\InProcServer32]
@="C:\\WINDOWS\\system32\\rtmipr.dll

txdkfh.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{d9f6ce57-0718-4bd1-916f-5fb1f86911c2}"="arborize"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d9f6ce57-0718-4bd1-916f-5fb1f86911c2}\InProcServer32]
@="C:\\WINDOWS\\system32\\txdkfh.dll

vualf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"12a31567-9883-4cc0-a684-ad5804394d69"="hemimorphite"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{{12a31567-9883-4cc0-a684-ad5804394d69}}\InProcServer32]
@="C:\\WINDOWS\\system32\\vualf.dll

wbchha.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}"="djuka"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c}\InProcServer32]
@="C:\\WINDOWS\\system32\\wbchha.dll"

wcscqa.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{9d19a1a9-3cdf-4f15-a5ca-ea3905febded}"="hyperproduction"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9d19a1a9-3cdf-4f15-a5ca-ea3905febded}\InProcServer32]
@="C:\\WINDOWS\\system32\\wcscqa.dll"

wuuawkz.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{747e1fbe-b70f-441d-bbca-6e536c04924a}"="didact"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{747e1fbe-b70f-441d-bbca-6e536c04924a}\InProcServer32]
@="C:\\WINDOWS\\system32\\wuuawkz.dll"

xskmoqx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}"="auras"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f0d4f88e-e1f8-460f-a41c-6cfb7f73af79}\InProcServer32]
@="C:\\WINDOWS\\system32\\xskmoqx.dll

zfaiqwr.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{b0fdc513-46b9-46fc-8e70-d575ee546dae}"="frowardness"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b0fdc513-46b9-46fc-8e70-d575ee546dae}\InProcServer32]
@="C:\\WINDOWS\\system32\\zfaiqwr.dll

Terug naar de inhoud | Terug naar het hoofdmenu