HijackThisLog - What is "geBqOeCR.dll" file?

By strutn
Apr 7, 2008
  1. I log in this morning, opened a browser Spybot TeaTimer window popped up informing me that "geBqOeCR.dll" was trying to make a register change. I selected "Deny/Rember" and the warning box kept popping up for about 5 minutes before stopping.

    Unsuccessful detection when I ran Spybot and Spyware Doctor in Safe Mode, and ran Ad-Aware in Normal Mode. I inserted my U3 version USB flash drive, ran the U3 version of Avast anti-virus and it detected "geBqOeCR.dll" file and warned that it is a trojan that records personal information and to immediately remove the USB flash drive.

    The file will not let me delete it in Safe Mode because it is running.
    - Windows XP Pro version 2002 with SP2
    - IBM ThinkCentre MT-M 8143
    - Intel Pentium 4 CPU 3GHz
    - 2.99GHz
    - 1GB of RAM

    Thank you in advance for you time and effort.
  2. kritius

    kritius TS Guru Posts: 2,084

    Hosts File Corrupted

    Download HostsXpert v4.1 and unzip it to your computer, somewhere where you can find it.
    • Double click on HostsXpert.exe to launch the program.
    • Click on Restore MS Hosts File to restore your Hosts file to its default condition.
    • Click on Make ReadOnly to secure it against further infection.
    • Exit the program.
    Visit the Website for more information.

    More will follow.
  3. strutn

    strutn TS Rookie Topic Starter

    I downloaded HostsXpert, restored file, and made it Read Only. The file is still in the C:\Windows\System32 folder.

    File name "fcccbcA5.dll" was blocked by COMODO firewall. I denied access to it but of course it keeps trying. Is it safe?

    Lastly, I had Add-Ons in my IE Explorer web browser 6.0 that I did not recognize so I disabled. They are:


    What is my next step?
  4. kritius

    kritius TS Guru Posts: 2,084

    Download and Run Malwarebytes' Anti-Malware
    Please download Malwarebytes' Anti-Malware to your desktop.
    • Double-click mbam-setup.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
    • Then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select Perform full scan, then click Scan.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, and click Remove Selected.
    • When completed, a log will open in Notepad. please attach the log into your next reply.
    • If you accidently close it, the log file is saved here and will be named like this: C:\Documents and Settings\<your username>\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

    Download and Run ComboFix
    • Download this file to your desktop from either of the two below listed places :

      HERE or HERE
    • disconnect from the internet, disable any real time monitoring and close all browser windows.
    • Then double click combofix.exe & follow the prompts.
    • When finished, it shall produce a log for you. Attach that log in your next reply
    WARNING: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
  5. strutn

    strutn TS Rookie Topic Starter

    Sorry. In reference to my previous post, the file "geBqOeCR.dll" is still in the C:\Windows\System32 folder and will not let me rename it. The file "fcccbcA5.dll" is in the same folder, not in the ADD-ONs.

    I ran the Avast anti-virus on my USB flash drive again and look up the information on the "geBqOeCR.dll" file. It states that it is: win32:Tra+BHO [Trj]. I hope this helps.

  6. strutn

    strutn TS Rookie Topic Starter

    Ok, I will run download the next file from your post.
  7. strutn

    strutn TS Rookie Topic Starter

    HijackThisLog - What is "geBqOeCR.dll" file?

    The Malwarebytes' Anti-Malware log is attached.

    I will now run Combofix...
  8. strutn

    strutn TS Rookie Topic Starter

    Combofix has completed running and the Combofix.log is attached.
  9. kritius

    kritius TS Guru Posts: 2,084

    Ill look at them soon.
  10. strutn

    strutn TS Rookie Topic Starter

    I will keep checking for your response. Thank you!
  11. strutn

    strutn TS Rookie Topic Starter

    Should I assume that we are complete? If so, my computer has been running great and I really appreciate the help. Thank you!
  12. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Kritius should be back from vacation soon, you just need to clean up a bit.

    For a 2nd opinion:

    Run Kaspersky Online AV Scanner

    Order to use it you have to use Internet Explorer.
    Go to Kaspersky and click the Accept button at the end of the page.

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
    • Read the Requirements and limitations before you click Accept.
    • Allow the ActiveX download if necessary.
    • Once the database has downloaded, click Next.
    • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
    • Click on "My Computer"
    • When the scan has completed, click Save Report As...
    • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
    • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

    Attach the report into your next reply along with a fresh Hijackthis log
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...