What is VirusHeat?
- Type: Spyware
- Category: Rogue Programs
- Discovered: 9 February 2008
- Removal tools: Malwarebytes' Anti-Malware, Spyware Doctor
1. Introduction
This fictitious anti-spyware software, that is dropped by a Trojan.Zlob, is not recommended application for your computer security as it is displaying assumed system alerts in order to frighten user and make him take precautions against viruses and spyware threats. After computer has been scanned for infections, VirusHeat will be offered as spyware removal tool, but to enable this function user is asked to purchase full program version. DO NOT BUY! VirusHeat is a scam and will not clean the computer properly.
Important! VirusHeat can infect the system by downloading fake video codec.
VirusHeat can be recognized by an icon in the bottom right corner of the taskbar which constantly pops a balloon named "System Alert". The icon looks like a shield which changes constantly from a question mark to an x sign.
The program will not disappear till its files and registry entries will not be removed properly. For VirusHeat removal guide read our "How to remove" section.
Author: virusheat.com
Also known as: Virus Heat 3.9
VirusHeat System Alert:
Related threats: VirusRay, AntiVirGear, SpywareQuake, VirusProtect
Important! VirusHeat can infect the system by downloading fake video codec.
VirusHeat can be recognized by an icon in the bottom right corner of the taskbar which constantly pops a balloon named "System Alert". The icon looks like a shield which changes constantly from a question mark to an x sign.
The program will not disappear till its files and registry entries will not be removed properly. For VirusHeat removal guide read our "How to remove" section.
Author: virusheat.com
Also known as: Virus Heat 3.9
VirusHeat System Alert:
Related threats: VirusRay, AntiVirGear, SpywareQuake, VirusProtect
2. VirusHeat removal tools:
- Malwarebytes' Anti-Malware (for the installation guide click here)
- Spyware Doctor (for the installation guide click here)
3. Screenshot:
4. VirusHeat files:
eeioq.dll, guadq.dll, iinqyl.dll, jdxah.dll, txdkfh.dll, wbchha.dll, wuuawkz.dll, wcscqa.dllVirusHeat 3.9.exe, vrh_setup.exe (setup file)
5. Hijackthis entries:
O4 Entries:
O4 - HKLM\..\Run: [VirusHeat 3.9] "C:\Program Files\VirusHeat 3.9\VirusHeat 3.9.exe" /h
O22 Entries:
O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - C:\WINDOWS\system32\wuuawkz.dll
O22 - SharedTaskScheduler: epineurial - {27cb634d-c84e-4c00-9b53-f5523601dbad} - C:\WINDOWS\system32\iinqyl.dll
O22 - SharedTaskScheduler: epistylar - {917f93bf-6714-4e11-8982-59db2e0f88fc} - C:\WINDOWS\system32\eeioq.dll
O22 - SharedTaskScheduler: arborize - {d9f6ce57-0718-4bd1-916f-5fb1f86911c2} - C:\WINDOWS\system32\txdkfh.dll
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll
O22 - SharedTaskScheduler: inoperable - {1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0} - C:\WINDOWS\system32\jdxah.dll
O22 - SharedTaskScheduler: calpastatin - {a0efe2fe-7249-4403-a00b-8be108617c75} - C:\WINDOWS\system32\guadq.dll
O22 - SharedTaskScheduler: hyperproduction - {9d19a1a9-3cdf-4f15-a5ca-ea3905febded} - C:\WINDOWS\system32\wcscqa.dll
O4 - HKLM\..\Run: [VirusHeat 3.9] "C:\Program Files\VirusHeat 3.9\VirusHeat 3.9.exe" /h
O22 Entries:
O22 - SharedTaskScheduler: didact - {747e1fbe-b70f-441d-bbca-6e536c04924a} - C:\WINDOWS\system32\wuuawkz.dll
O22 - SharedTaskScheduler: epineurial - {27cb634d-c84e-4c00-9b53-f5523601dbad} - C:\WINDOWS\system32\iinqyl.dll
O22 - SharedTaskScheduler: epistylar - {917f93bf-6714-4e11-8982-59db2e0f88fc} - C:\WINDOWS\system32\eeioq.dll
O22 - SharedTaskScheduler: arborize - {d9f6ce57-0718-4bd1-916f-5fb1f86911c2} - C:\WINDOWS\system32\txdkfh.dll
O22 - SharedTaskScheduler: djuka - {ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22c} - C:\WINDOWS\system32\wbchha.dll
O22 - SharedTaskScheduler: inoperable - {1b40d2ad-d237-4544-b1e1-0bf75bf8fcc0} - C:\WINDOWS\system32\jdxah.dll
O22 - SharedTaskScheduler: calpastatin - {a0efe2fe-7249-4403-a00b-8be108617c75} - C:\WINDOWS\system32\guadq.dll
O22 - SharedTaskScheduler: hyperproduction - {9d19a1a9-3cdf-4f15-a5ca-ea3905febded} - C:\WINDOWS\system32\wcscqa.dll