what is W32.Myzor.FK@yf

By trahcwolf
May 4, 2006
  1. 8:30...
    Windows xp booted well, and Microsoft Defender caught
    a possible hijacker...was just a new setting
    (I began to have faith)
    AVG began downloading a new definition file
    (Great for free...I may have to buy it)
    Webroot SpySweeper full scan found nothing.
    MSIE started and went straight to windowsupdate/V6/default.asp
    stating I needed to turn on automatic updates, etc...
    When I typed into the address box, the
    browser immediately went to,
    stating my pc was infected with
    W32.Myzor.FK@yf virus

    I viewed the webpage's source code to find that virus's name
    was in the page source, and not some "found virus" on my system.

    Also in the text of that page were the following site names:

    That popup saying my pc is infected has not reappeared yet...

    Not sure if Error Nuker is worth trying yet...paid for it, installed
    it on laptop, and it sems to have done nothing.
    Tried to install it on desktop, I was told I have to buy another copy
    for my desktop...??? By the way, the same results showed on the free
    online scan as fully registered, even after it supposedly fixed all

    I put all of the sites mentioned into my security settings as
    restricted sites. Saved a copy of my hijackthis log, and am about to
    reboot, then try finding a site to send the Hijackthis log to

    Home/start page is now
    When navigating to mail, I am told I need to install Flashplayer 8...
    Deleted trash, and sent to www.dnserror404.html
    and told to install spytrooper...

    Seeking some resolution...
    Any help greatly appreciated...

    (Hijackthis log is attached to this message)
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions in the order they are given.

    Post a fresh HJT log into this thread, only after doing the above.

    Regards Howard :wave: :wave:
  3. trahcwolf

    trahcwolf TS Rookie Topic Starter

    will do...

    rebooted, updated webroot spysweeper definitions file
    reran thorough spysweep
    Found 3 adwares and 29 traces
    security 2k hijacker
    spy falcon fakealert

    Webroot removed these, rebooted, and all seems well so far

    Will post new hijack report after I follow what you suggested
  4. trahcwolf

    trahcwolf TS Rookie Topic Starter

    Awesome help

    I did what you said, and have begun taking other actions, such as dumping MSIE and have installed Firefox. Wow, Firefox seems to be streamlined and fast!
    Results of your advice...
    Trendmicro said it would take 10 hours to scan my pc, so I aborted that one
    The virusscan site refused to load
    Bitdefender found nothing
    Panda's site found a bunch of stuf...a dialer and 9 other suspicious files
    Look2me and Vundo ran and found nothing
    Ewido found 17
    Attached is most recent hijackthis log

    As far as I can tell, all is good, but traces of Symantec's
    Norton systemworks still show up in the startup log...(Though the utility has been removed and registry sweeper found it nowhere)
  5. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Boot into safe mode. See how HERE.

    Turn off system restore.(XP/ME only) See how HERE.

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how HERE.

    Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = John Beck's Web Seeker

    O2 - BHO: (no name) - {b0398eca-0bcd-4645-8261-5e9dc70248d0} - (no file)

    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

    O15 - Trusted Zone: http://*
    O15 - Trusted Zone:
    O15 - Trusted Zone:
    O15 - Trusted Zone:
    O15 - Trusted Zone: *

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

    Click on the fix checked button.

    Close HJT.

    Reboot into normal mode and turn system restore back on.

    Regards Howard :)
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...