What is Ekxdvft Toolbar?
- Type: Virus
- Category: Trojans and viruses
- Discovered: 20 January 2008
- Removal tools: Malwarebytes' Anti-Malware, Spyware Doctor
1. Introduction
Ekxdvft Toolbar is dropped by a trojan that is also known as Fake System Alerts. The desktop may be turned into red colored background with some hazard symbol in the middle, offering to download rogue spyware removal application. Fake, having an appearance of original Windows dialog boxes, popups are warning user about viruses that has infected the system. Here is a copy of frequently happening alert:
Windows Security Alert:
Windows has detected an Internet attack attempt... Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection.
Related websites that we do not recommend to visit:
viruswebprotect.com
scanner.adwareremover2007.com
Fake anti-spyware software related to Enqvwkp Toolbar:
Error Cleaner
Privacy Protector
Spyware & Malware protection
Windows Security Alert:
Windows Security Alert:
Windows has detected an Internet attack attempt... Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection.
Related websites that we do not recommend to visit:
viruswebprotect.com
scanner.adwareremover2007.com
Fake anti-spyware software related to Enqvwkp Toolbar:
Error Cleaner
Privacy Protector
Spyware & Malware protection
Windows Security Alert:
2. Ekxdvft Toolbar removal tools:
- Malwarebytes' Anti-Malware (for the installation guide click here)
- Spyware Doctor (for the installation guide click here)
3. Ekxdvft Toolbar files:
adsoowf.dll, bgrlsmn.dll, dntpkwodpx.dll, dntpkwodws.dll, dntpkwofwt.dll, dntpkwokfv.dll, dntpkwokpr.dll, dntpkwolmv.dll, dntpkwolox.dll, dntpkwolxs.dll, dntpkwonsw.dll, dntpkwoqpw.dll, dntpkwotnx.dll, dntpkwovqs.dll, dntpkwovqs.dll, dntpkwovqs.dll, dntpkwovqs.dll, dntpkwowkv.dll, dntpkwoxsp.dll, dopfwrldxw.dll, dopfwrlgfm.dll, dopfwrlgwx.dll, dopfwrlkdn.dll, dopfwrllwr.dll, dopfwrlmgf.dll, dopfwrloxf.dll, dopfwrlqox.dll, dopfwrlrdp.dll, dopfwrltfx.dll, dopfwrlvtq.dll, dpvtporfdm.dll, dpvtporfgp.dll, dpvtporfwd.dll, dpvtporgrf.dll, dpvtporkgr.dll, dpvtporldn.dll, dpvtpormqv.dll, dpvtpornmw.dll, dpvtpornrk.dll, dpvtporokr.dll, dpvtporpxn.dll, dpvtporrdw.dll, dpvtporrfd.dll, dpvtporrtf.dll, dpvtporsdq.dll, dpvtporsot.dll, dpvtportnw.dll, dpvtportwf.dll, dpvtporvqm.dll, dpvtporxno.dll, ekxdvft.dllC:\WINDOWS\ffvrdgt.exe
4. Hijackthis entries:
O2 Entries:
O2 - BHO: SXG Advisor - {can be found under different CLSIDs} - C:\WINXP\dntpkwonsw.dll
O3 Entries:
O3 - Toolbar: ekxdvft - {2C70348E-974D-43FD-8FC7-BE3C57B6E95F} - C:\WINDOWS\ekxdvft.dll
* can also be found under these CLSIDs:
{DEEAF2E6-CBD6-4E9A-B7A7-C17C7C49F697}
{760C9BE3-C98A-4F34-BE60-9174C594FE47}
{E5CBFDFA-6B88-4C04-AC4C-C6875D808503}
{D7257984-3F99-4D51-87C6-4D5E111DEBA9}
{C87444C3-8B83-4A48-91DE-95F9A3D61070}
{9CBC96F1-F837-430D-8D6E-E19ED124D2D2}
{F25117E3-2A27-4A0C-88EE-D9307F678DD0}
{AE06A911-A5A5-4DFA-9ADA-1DF21EAB25C6}
{0DE4BA7A-FF54-4757-AE1F-30EE7FE6B11D}
{AF2AF78D-33A4-4BA6-AFEC-5F453630DFBE}
{1BF97F11-E184-42BD-8E57-EDBA3CFB4F7A}
{3BA32929-E727-47BD-8489-F3AEE254FFF9}
{23FBB938-35AC-4C50-8776-C0B5CA912216}
{1817219B-D6DC-450A-B913-41F12BC05019}
{DBAF3291-D08D-4C8B-A960-D85A42FEE02F}
{DC7A3552-A87C-4788-8DD7-648B9AD8EC41}
O21 Entries:
O21 - SSODL: bgrlsmn - {3D33F35B-D6F3-41B3-94CC-E710F39AD9D5} - C:\WINDOWS\bgrlsmn.dll
O21 - SSODL: adsoowf - {68E209CA-2695-48EA-90E6-08524B7EC635} - C:\WINDOWS\adsoowf.dll
O2 - BHO: SXG Advisor - {can be found under different CLSIDs} - C:\WINXP\dntpkwonsw.dll
O3 Entries:
O3 - Toolbar: ekxdvft - {2C70348E-974D-43FD-8FC7-BE3C57B6E95F} - C:\WINDOWS\ekxdvft.dll
* can also be found under these CLSIDs:
{DEEAF2E6-CBD6-4E9A-B7A7-C17C7C49F697}
{760C9BE3-C98A-4F34-BE60-9174C594FE47}
{E5CBFDFA-6B88-4C04-AC4C-C6875D808503}
{D7257984-3F99-4D51-87C6-4D5E111DEBA9}
{C87444C3-8B83-4A48-91DE-95F9A3D61070}
{9CBC96F1-F837-430D-8D6E-E19ED124D2D2}
{F25117E3-2A27-4A0C-88EE-D9307F678DD0}
{AE06A911-A5A5-4DFA-9ADA-1DF21EAB25C6}
{0DE4BA7A-FF54-4757-AE1F-30EE7FE6B11D}
{AF2AF78D-33A4-4BA6-AFEC-5F453630DFBE}
{1BF97F11-E184-42BD-8E57-EDBA3CFB4F7A}
{3BA32929-E727-47BD-8489-F3AEE254FFF9}
{23FBB938-35AC-4C50-8776-C0B5CA912216}
{1817219B-D6DC-450A-B913-41F12BC05019}
{DBAF3291-D08D-4C8B-A960-D85A42FEE02F}
{DC7A3552-A87C-4788-8DD7-648B9AD8EC41}
O21 Entries:
O21 - SSODL: bgrlsmn - {3D33F35B-D6F3-41B3-94CC-E710F39AD9D5} - C:\WINDOWS\bgrlsmn.dll
O21 - SSODL: adsoowf - {68E209CA-2695-48EA-90E6-08524B7EC635} - C:\WINDOWS\adsoowf.dll