New pest: BAOHII.EXE (xadz)

Sent it to Tweakie with a little explanation. He'll enjoy to study it

 

I have this virus too. While I browse websites vywur.com, hartiqy.com and the others pop up occasionally.

I found this thread through google looking for "hartiqy", I have Norton Virus Control and it didn't find or remove this virus/trojan and neither did Ad-Aware. Looking in the registry (I'm running Windows XP Home SP2) I found and deleted the back door data UserTime and PrivData but now they are back.

I have looked on my hard disk and there is no file with the word baohii on it at all.

I installed the McAffee Virus ASAP after being recommended to do so here, http://hq.mcafeeasap.com/dispVirus.asp?virus_k=101129

And now my computer boots up into Windows, displays the red Virus ASAP splash screen which disappears after a few seconds and then will not let me click on the start menu or taskbar, displaying the hourglass. CTRL + ALT + DELETE do not do anything. I can click on and select desktop icons but if I try to open anything the whole system freezes.

If I do CTRL ALT DEL as soon as the desktop appears after rebooting I can get the task list to come up, when I did this I was able to close the explorer process (I was hoping that was the cause of the error and ending and restarting it would unfreeze the desktop) and in the process list items appeared and disappeared as various programs started up - when I went to program list it froze up though, I was able to open another Task Manager but that froze up as soon as I tried to do anything with it other than use the file / shut down etc menu at the very top.

I am now running in safe mode with Network enabled so I can access the internet but it seems my computer is pretty much disabled at the moment.

Can anyone please help me? :/

 

could someone send me this file by email?

Tnx

Regards

 

I don't know what file is causing it :/

 

Hi Scorched, have you tried editing the registry as suggested here:

http://www.sophos.com/virusinfo/analyses/trojautotrojb.html

You could also try following the comprehensive steps found in General Cleaning.

If these steps do not resolve your situation, you will need to download and run “Hijack This” found here and post your log at one of the forums found at A-SAP. The two bigger forums for HijackThis log processing, (meaning they process more log threads each day than most others) are: SpywareInfo.com and CastleCops.com. Be sure to read their posting policy in the links at their log review forum sections prior to posting.

The steps mentioned in General Cleaning use software that ought to be part of your security, as an absolute minimum. Once your system is clean, please don’t hesitate to ask further about using these and other security software to protect your computer.

Hope this helps...

Let us know how you go.

Cheers