Well, that was great, fantastic explanation, you guys/girls are great, thank you for helping me remove virus heat. Thank you.

By Tony on Feb 10, 2008

That was great, thank you very much. thank you

By Tony on Feb 10, 2008

hi there, in point 7 you have said stop the virus heat processes, I understand how to do this but you haven’t said what the processes are called as there aren’t any obvious ones. Thank you for all your help. Tony

By Tony on Feb 10, 2008

Thank you, this worked very well. Is there any way to get their toolbar off of my browser?

By Bob on Feb 10, 2008

by a careless mistake I accidentaly downloaded this extremely annoying virus on my computer and have been breaking my head all day looking for software to remove it from my computer and none worked. 20 minutes of following your instructions step by step and presto!!. No more virus heat on my computer, and what do you know?. My computer works great. Nothing else was affected in the slightest!!. Thank you very much

By javier on Feb 10, 2008

I have removed the virus heat from the registry and its folder. But I still have the naging icon in my system tray that continually points me to virusheat .com/?aff=1012. If I can just keep this from automatically loading in my system tray it will sure make my day better.

Dennis

By Dennis Viereck on Feb 11, 2008

Thanyou sooooo much !!!!

By Delonte on Feb 11, 2008

you are a life saver. Had thought of reinstall my XP. Thank you thank you very much.

By woov on Feb 11, 2008

Thanks so much. That thing was one of the worst things I’ve ever seen infiltrate my comp.

By Ben on Feb 11, 2008

virusheat removal is great. thank you for sharing.

By Jammy on Feb 13, 2008

For viewing a sample video I downloaded a set up file of 80 kb in size.Along with it this virus was downloaded and installed itself.Even anti virus program running in my computer could not prevent it. I tried for two days to remove this program. My friends could not give me any solution.Then only by searching in the net and by following your instructions I could get this nuisance removed from my computer.Thank you so much

By jothibaskar on Feb 13, 2008

Is there any way to remove this thing if from the computer if you can’t get to the desktop? Does that make any sense? I’m not even getting past my start up process at this point, it won’t start up in an configuration, not safe mode even. I have a feeling that Virus Heat started this whole mess and I’d really like to get rid of it! Any help would be appreciated!

By Natalie on Feb 13, 2008

I did everything from step 1 to 5. I didn’t find anything that was noted on step 6 to 14.

I still have the virus in the task bar. Please help!

By Gus on Feb 14, 2008

I still have the naging icon in my system tray that continually points me to virusheat .com/?aff=1012

how do i remove this icon??
it’s really anoyying

By Arnold Rinaldi on Feb 15, 2008

Thanks for a straightforward and foolproof solution! Only a few minutes’ work to get rid of this Trojan. No special knowledge of computer programing required.

By Bob on Feb 15, 2008

I, like Dennis, have go through all the steps, and have removed the virus, but still have the icon in my tray, that’s flashing a popup all the time. Is there a way to get rid of that?

Thanks

By Pedja on Feb 15, 2008

im have the same problem as denis the icon in the sys tray keeps poping up and telling me to go to there web site, also redirects me to the same page while im online. anything will help
Thx!

By luckie bigelow on Feb 15, 2008

Dennis and Pedja and all others with this problem. I had also succesfully removed virus heat, but still had that annoying icon on my tray that directed me to virus heat. This actually isn’t virus heat, it is another virus that comes with it called puresafetyhere. I got rid of it by simply clicking the link called “puresafetyhere.com removal process” on the right side of this page. Like virus heat, I followed the instructions to the T and got rid of it. Here’s the link in case you have trouble finding it. http://www.pchubs.com/blogs/puresafetyhere-removal-process-remove-puresafetyherecom

By Javier on Feb 15, 2008

I never installed virus heat,
so I just have this tray AD
that sends me to their download
page with just a click or a
right click. I can’t find any
files or any traces of the program
neighter in regedit, msconfig or
“CTRL ALT DEL menu”.

Help how to remove thie tray AD
that norton/ad-aware doesn’t find
is really appriciated. Thanks in
advance!

By Nils Nilsson on Feb 16, 2008

@Javier

Yes, that helped.
Thank you!

By Pedja on Feb 17, 2008

hi,
i got rid of virus heat, but I still get this annoying yellow triangle with an “!” in it. it pops up every few minutes leadidng me to this website trying to sell something. I found 7 files in the folder Net Project, but every time i try to delete the folder, it doesn’t let me saying that its in use or something.
help ?!!??! how do i delete the whole Net Project folder ?

By ppp on Feb 18, 2008

Thanx Javier,, it worked great!

By Jess on Feb 18, 2008

to remove the net project folder,
reboot into safe mode.

or use a scanner like microsoft live care safety scan or trend micro housecall,
or adaware or grisoft avgas or spbot from spybot.com

…

By Leon on Feb 19, 2008

well guys i have not got virus heat just some lttle icon next to my clock which appears straight away as soon as i log on.
Its like blue sheild with a question mark on it and then goes red with a cross on it.
It keeps giving me the same message ;system alert there seems to be spyware icons on your desktop…
How do i get rid of it ????????

By Andy on Feb 20, 2008

I had completed all of the following details above but i have an icon at the bottom right of the screen that flashes from an X to a ? with the shield.. and when i click it sends me to a website regarding virus heat.

By Greg on Feb 21, 2008

Hi, i removed all the items listed above but i still have a little shield icon at the bottom right of my task bar and it flashes between a blue ? and a red X. When i click on the shield, it takes me to a virus heat website..

By Greg on Feb 21, 2008

hey i unfortunately did not read this when i accidentally downloaded virus heat, i immediately un-installed it frr the program files folder but i am still getting popups HELP ME!!!.. please

By chris on Feb 22, 2008

Thank you for sharing useful information.

By Tommy on Feb 23, 2008

Hi thanx a lot….

By Jothilingam on Feb 23, 2008

Hi. I was also disturbed by the message with the “virusheat” site. I tried all steps, but the message was still there. Finaly I red message from Javier and it works. NO more annoying messages. Thanks Javier.

By marcel on Feb 23, 2008

Great thanks to all of you guys. I went thru all of this and finaly the website from Javier works. I have no annoying messages from task bar.

By marcel on Feb 23, 2008

Seriously have never had such an annoying virus that no software could locate. Excellent work here! Thanks so much. Seems gone.

By Jas on Feb 25, 2008

To get rid of the little shield in the task bar just change the eeioq.dll to .bad in the system32 directory.

By Robert on Feb 25, 2008

I went to the add/remove programs, but it says virus heat has already been uninstalled, yet the stupid pop ups still flood my task bar. What the heck?

By Sam on Feb 25, 2008

Thank you all! The sheid was the problem. Thank you for helping me eliminate this nusance.

By sam on Feb 25, 2008

hey which are the infected registry files???
andwhich are the processes???

By polyte on Feb 25, 2008

All I do to get rid of this VIRUS HEAT is go to SYSTEM RESTORE . It really work on me and I think it’s the most effective.

By ROMMY on Feb 28, 2008

i still cant get rid of the shield… i cant find that in system 32

By john on Feb 28, 2008

I have this virus heat on my computer without downloading it, it is not letting me in my control pannel or any of my documents. I went to “add and remove programs” and I could not find it on their to remove. Please help me find a way to get it off my computer

By Bruce on Mar 2, 2008

How do I get rid of that sheild by my clock in the lower right corner? Also my spyhunter program will not delete a file called xskmoqx.dll it will restart and do the same thing again. On my registry medic program it will not finish the scan either it creates an error report that forces the program to end. What do I do?

By Cash on Mar 2, 2008

I was going nuts with that. System Restore would not restore for some reason.

This website helped a lot:

http://www.spywareremove.com/removeVirusHeat.html

I downloaded the free version, and followed the instructions as much as I could to delete it manually.

Tha main key, tho, was that the free system also found the file:

xskmoqx.dll

in my C\Windows\system32 directory.

Now, I tried to do it all manually following the instructions on the website, but gave up cause it was too confusing, and I downloaded the pay-version. Found a lot of stuff, including the virus heat, but it could not delete the virus heat (grrr!). So I was forced to resort to doing it manually again.

So I was trying to delete the .dll file it found, but I could not delete it while still in windows since the file was in use, and I could not unregister it since it blocks that too, so I rebooted in safe mode (usually by hitting the F2 key or the F8 key soon after you boot up) and deleted it from the dos prompt. Simple commands for dos are:

type “cd..” without the quotes to go up one directory (keep doing that until until you are in just c:)

then type “cd windows” to change the directory to c\windows

then type “cd system32″ to change the directory to c\windows\system32

then type “del xskmoqx.dll” to delete the file

and that should do it, along with following as many of the other steps on the website.

Sucks I had to pay for something that could not delete the main file, but it actually found a few more files associated with it and deleted those, as well as over 2,000 other spyware files!

By Scrap5000 on Mar 3, 2008

hey there
i tried to chage the infected file from a .Dll to a .bad and i can’t seem to manage to erase it .
spyhunter is detecting the spyware virus heat but i can’t remove it . i ve uninstalled the virus heat and didn’t find any registry entries in relation with this crap…
so please somebody help me i have to get rid of this shitty shield..
thanx so much

By toti on Mar 3, 2008

Update:

Everything seems to be OK, except I still have that crossed shield thing I the system tray. If I click on it, it takes me to the virus heat website, asking me to buy their bogus spyware-removal tool. I have to figur out now how to get rid of that too.

All the crap I found in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains
is actually a listing of
Internet Explorer’s Restricted Sites Zone – places IE is preented from going to. I I just imported it back into my registry again.

By Steve on Mar 3, 2008

http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

I found this it seems to work. I like others could not get the pop up off. It took off some other things like my back ground. But nothing I cant fix with a few point and clicks. And its FREE.

By BB on Mar 3, 2008

Update: I should clarify that I had “virus heat 4.3″. I got rid of the crossed shield thing in the system tray by getting rid of xskmoqx.dll from C:\WINDOWS\system32. And rebooting. When I renamed xskmoqx.dll, the crossed shield thing remained functional, but reverted to a generic empty icon. It disappeared completely when I then rebooted.
I also removed a virus heat key from my registry as recommended on another website.
Good luck everybody!

By Steve on Mar 4, 2008

Thanks guys for help!

By Tomislav on Mar 4, 2008

The following instructions are easy and will also remove Virus Heat.

*Please disable any security applications you may be using, including Spy Sweeper, before performing these instructions. Also, close any web browser windows you have opened*

Please carefully follow the steps below:

1) Download the Smitfraudfix tool to your desktop from here:

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

2) Open the zip file and extract all of the files to your desktop, you can do this by right-clicking on the file and choosing “Extract All . . . “ A folder labeled SmitfraudFix should appear on your desktop.

3) Open the SmitfraudFix folder and find the SmitFraud.cmd file that appears in the folder. Double-click it and then follow the onscreen instructions in the menu.

6) Type 2 to clean and continue with the onscreen instructions and prompts. Be sure to enter Y when the utility asks “Do you want to clean the registry?” After the utility finishes it may prompt you to restart your computer or it may do so automatically.

By jeff on Mar 4, 2008

thank you very much indeed:) thanks to your help and a bit of side one too i managed to own the virus ! well at first your mentioned virus names didnt come up, so i researched a bit more & found that syp hunter will detect it & etc. so i used it & found the file, for me it was ” wchaa.dll ” & then after removing that i removed the registry files also about 30 of em LOL, i spent 1 & half hours on it but it was worth it thnx again.

By bangsi on Mar 5, 2008

I followed the below steps to remove the Virus heat icon on system tray though it is not in program files. whether i do right/left click it directly takes to website. Even after following the below steps icon doesnot get deleted. Any other method to remove it forever. It is really annoying !

type “cd..” without the quotes to go up one directory (keep doing that until until you are in just c:)
then type “cd windows” to change the directory to c\windows
then type “cd system32″ to change the directory to c\windows\system32
then type “del xskmoqx.dll” to delete the file
Result no such file found..

Any other step please

By Ram on Mar 8, 2008

Hey, first of all this looks really great, but I’m having some problems. I am stuck on 6

(6. Search and delete the following infected entries in registry. If you do not know how to edit registry, click here to read more.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus Heat)

I manage to get to the uninstall file, but when I look over the content there is no virus heat there. I can find it. If any of you know the reason for this then I would be very thankfull if it was explained! virus heat is currently kicking my computers ***.
thank you!!!

By Marius on Mar 9, 2008

I tried deleting xskmoqx.dll through dos in c\windows\system32 and its telling me “could not find C:\WINDOWS\system32\xskmoqx.dll. I have tried everything and spent alot of money on crap that doesnt work, what can I do?

By Cash on Mar 13, 2008

I restored my system to a time before this showed up and it is gone. Yeah. They are real SOBs

By gerry on Mar 14, 2008

To get rid of the flashing shield tray icon, I had to remove the file C:\WINDOWS\system32\lruvqvw.dll.

I then searched for “lruvqvw.dll” in the registry, and removed the key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\d4c51fa4-9192-4a9a-8d2a-a0690c92f171

I then searched for and removed any other keys in the registry that were named “d4c51fa4-9192-4a9a-8d2a-a0690c92f171″

The virusheat tray icon no longer appears.

By Ken Zalewski on Mar 14, 2008

This was an SOB of a virus to get rid of, but I did it. I had the Icon in the system treay that wouldnt go away like some of you others are having. I went to bleepingcomputer.com, then to the Virus Heat, and followed the instructions. You can do this either online or offline. I did mine online. There is a link for the Spyware Romoval Download, that is totally free !!! It really was not bad at all.
The scan took about 45 minutes and it picked up 72 “piecess of crap”. I then, just like the instructions said to do, click on the Remove Selected buttonand it clean all of them off my system NO BLINKING ICON ANYMORE.
I did a lot of the other steps, and this was the one that worked. Just follow all the steps.
Good luck all…

By Bill Ridings on Mar 15, 2008

One more thing… If you can, let the Spyware ROmoval Tool do the deleting. You dont want to make a mistake deleting the wrong file.

By Bill Ridings on Mar 15, 2008

If anyone has McAffe Security Software, go to Tools, and then system restore. Find a date that you computer was fine in the past and this will remove this horrific nightmare for you.

By Ben Baines on Mar 16, 2008

I have removed virus heat from my computer, except the shield thing is still there. How do i get rid of it?

By Jeremy on Mar 19, 2008

I can’t get that icon off my taskbar. The sytem restore will not go back more than two days and that’s not good enough as virus heat came before that I have been trying to get rid of it for 3 days help

By gee on Mar 19, 2008

Is it the same process to fight Virusheat 4.3?

By Joaqo on Mar 19, 2008

How can I get my computer to a state where I can remove this Trojan? When I bring it up in SAFE MODE, screen is blank, flashes the icons and go blank. Does the same thing when it is booted in normal mode, the install.exe for the Virus Heat comes up and will not allow me to get past it. HELP (Win98SE)

By Tim on Mar 20, 2008

excellent, helped a treat!!! really helped remove this useless crap.

By Stewie on Mar 20, 2008

I remove the virus and the toolbar from the browser, virus heat still appears as my homepage. also the annoying desktop pop up still appears

By Samule on Mar 21, 2008

Excellent! It worked just as you said! THANK YOU!!!!!!

By Alison on Mar 22, 2008

I of course was infected by this also, however my computer keeps rebooting.
I can’t go to control panel, because it will not let me.
EVEN IN SAFE MODE.
The icon on the task bar is still there also.
What can I do???
If it keeps rebooting, I am stuck.

By Dan Evans on Mar 23, 2008

I also tried going to restore, and no matter what point I pick, it reboots and says it CAN’T restore.
WHY NOT??

By Dan Evans on Mar 23, 2008

My wife accidentally accepted a request to download virus heat. I saw her doing so and I proceeded to end the process and close the window during downloading. Now my computer shows blue screens that says “a drvier has overrun a stack-based buffer, this could be a malicious user trying to gain control of the machine” and then auto reboots my machine. Can someone help with this problem? How can I stop this blue screen and reboot cycle?

By bob on Mar 24, 2008

ugh!! here’s the thing, all the instructions given sound good.. but nowhere does it say what to do if that p.o.s. prevents you from even getting into windows!! while i was able to boot to safe mode, it took at least 20 minutes to access the registry.. i deleted all and any entries referring to virus heat.. because for some reason, whenever i would attempt to access my add/remove programs, it would shut down my computer. back to successful reg key deletion, i then proceeded to do a search for the 3 files mentioned in these instructions .. and i get a blue screen of death flash and my bloody computer crashes… ANY MORE HELPFUL IDEAS.. ANYONE??????????????????????????

By nev on Mar 24, 2008

I’ve got this virus, but I have the 4.3 version! I have no idea if it’s any different, but my PC constantly restarts if I try and do anything. If I stop the virusheat process, it still restarts it, if I go to add or remove programs, it restarts, if I go onto the web, it restarts! I’m really worried for my PC as it has my university work on it! HELP! :c I don’t know how to get rid of it if the pc won’t stay on long enough for me to! And also, my PC’s only just started restarting since I got the virusheat virus, but I checked the CPU temp and at one point it was running at 73 degrees! Could virusheat be doing this? Any help will be mega appreciated!

By Dan on Mar 25, 2008

I am so grateful I found this site! Installation of new McAffee total protection did not pick up this $%# virus! I can’t remember which one of the sites recommended here did the trick but managed to get rid of the blasted Icon on the bottom task bar of my screen after following their recommended steps. They indicated they were free but would appreciate a donation. Going to make sure my troubles are definitely over but so far all looks good!

By Carol on Mar 25, 2008

the searhc results. i cant find any , ;S and u say to delete them and then change name on then how would thath work ?

By igor on Mar 26, 2008

I just did system restore to March 20th, worked amazing.

By BD on Mar 27, 2008

After beating my head all day, It was simple

click start

help and support

Pick a Task

System Restore

Set your system back the day before you got it.

By Bill En on Mar 29, 2008

Props to you guys and to Javier! Thanks for giving my computer back!!!

By Katherine on Mar 29, 2008

The blue-red shield still appears after i’ve done what JAVIER said! please help!

By Gustavo on Mar 30, 2008

Although my Norton anti-virus recommended that I not download Smithfraudfix because of malicious something or other, I let it download and it took care of the problem of getting rid of the flashing icon. It’s to bad we have losers who do these bad things to our computers, but thank the good Lord, we also have good people out there to help us overcome these hateful people of the computer world. Thank you to the person or people who came up with this “fixall” for us illiterate computer users.
Have a wonderful day!!

By Bob on Mar 30, 2008

To remove virus heat from task bar search for file named taskbar.chw. then delete it. restart and that should clear it from poping up.

By thefriz on Mar 30, 2008

system restore seems to have done the trick. Thank you.

By MM on Mar 30, 2008

I removed the virus heat shieled from my task bar by deleting the file taskbar.chw.

By thefriz on Mar 30, 2008

hi!!thank u vry much!

By shaira on Mar 31, 2008

Smitfraudfix seems to have fixed my problem, no shield, no pop-ups, and no nagging balloons so far. Thanks everybody!!!

By Tarugoman on Mar 31, 2008

used the smitfraud fix and it seemed to work so far… no more toolbar, no more pop-ups, and no more blinking icons… we’ll see if it stays this way… thanks… the internet does have a bright side!

By nathan on Mar 31, 2008

Virus heat is so simple to delete. you need not search for everything is registry. actually there will be folders named netproject, winspykiller, antispykit , malware wiped etc along with virus heat. this virus comes in which you install some nasty actives while downloading movies or other softwares.if you find that netproject is in there. you need to open taskmanager and then check whether you can find process named scit.exe and sbmntr.exe in there. if yes select each file and then right click on that file and click on end process tree. follow the steps for the second exe file as well and you will be able to delete all exe files in folder named netproject.
we need to remove these entries from start up only. so click on start and then click on run and type msconfig and click on ok. then system configuration utility message will open up. you need to click on start up and then check whether you can find any nasty program like virus heat or malware wiped, uncheck the box for them and click on apply and then close. after that it will ask for restaRT. after restart a box of system configuration utility message will come up. you need to check that bo xand that message wont come up again. there amy be fles in system32 as well. if you need a detailed information let me know

By vipin on Apr 1, 2008

I followed as much of the directions as possible because i could not find everything. I have deleted everything that i could find, but i still have the flashing icon at the bottom of my screen. HELP??!!

By Ariel on Apr 1, 2008

Thank you so much, I was so angry with the whole virus heat thing kept popping up and annoying the hell out of me, Thank you very much for sharing this information

By David on Apr 1, 2008

Thanks so much. You saved us from formatting our hard drive.

By Matthew R. Kee on Apr 2, 2008

I had the same problem and it was driving me mad trying to get rid of it. As I’m not too confident at manually removing stuff I eventually found a free/donation program which erased it when lots of others I tried didn’t work. It’s called superantispyware. After scanning with that it got rid of the flashing icon from the tray.

By Nicola on Apr 3, 2008

Thank you for getting me on the right track.
I had a variant with the ‘NetProject’ folder.

After uninstalling Virus Heat, I had to restart in safe mode, go into c:\windows\programfiles
and delete the ‘NetProject’ folder containing
scit.exe
sbmntf.exe
sbsm.exe
scm.exe
sbmdl.dll

and also go into C:\windows\prefetch
and delete some .pf files with the same names.

By wendy on Apr 5, 2008

Oh my god thank you so much!! You saved my computer!! THANK YOU!!!

By Undonekai on Apr 5, 2008

Your results and links are true to their word, you really are Internet angels… God bless you all..!!!!

By Richard the Great on Apr 6, 2008

Hey, I think part of the confusion people are having with the original instructions at the top is caused by the fact that the creeps foisting this junk on us users are modifying it. Over time they are changing the names of the files.

On my machine the files are as follows:

c:\windows\windows32\dcggain.exe (13KB)

c:\program files\VirusHeat 4.3\VirusHeat 4.3.exe (1684KB)
(note there is no space between Virus and Heat, and there is a space between the Heat and the 4. This is why some searching for “virus heat” it couldn’t find it. You need to search for “virusheat”)

and the following files on the folder
c:\program files\NetProject
ts.ico (5KB) (this is the shield icon with the check)
ot.ico (5KB) (this is the shield icon with the !)
sbmdl.dll (10KB)
sbmntr.exe (19KB)
sbsm.exe (5KB)
sbun.exe (11KB)
scit.exe (22KB)
scm.exe (9KB)
scu.exe (11KB)
wamdl.dll (84KB)
waun.exe (10KB)

My daughter was using the computer, I think looking at videos, when this happened. I found these by looking for the files that had mysterious nonsense names with creation dates in the last few days. And for folders with recent creation dates. All these files seem to be related in some way but in my case, they arrived at different times. VirusHeat was copied 3/28/08, dcggain.dll was copied 4/4/08, and the NetProject stuff on 4/5/08. It could be that once one installed, the others followed in some way.

I need to check with her, but I think she was running IE7 when this happened. We usually use Firefox.

Constantly mutating the filenames over time is a common method these jokers use to keep the cat and mouse game going. So in the future, the names I list will again not be current.

I got rid of it all by manually renaming all the files from filename.exe to filename.exe.BAD. For example waun.exe.BAD. When Windows complained and said I would render the program unusable, I clicked OK.

I also renamed the folders VirusHeat 4.3 to VirusHeat 4.3.BAD and NetProject to NetProject.BAD.

Then I ran regedit and searched for all of these root filenames one by one. Each time I found one, I then carefully deleted the keys that called the files. IF YOU DO NOT KNOW HOW TO USE regedit, I RECOMMEND YOU USE ONE OF THE AUTOMATED TOOLS MENTIONED ABOVE.

dcggain.exe, VirusHeat 4.3.exe, sbmdl.dll, wamdl.dll, sbun.exe, and waun.exe all had keys that I deleted. The rest didn’t have keys. Of note, sbun.exe and and waun.exe appear to be uninstall programs because of how the keys are named. sbun.exe was on
My Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\CurrentVersion\Uninstall\Secure Browsing\

and waun.exe was on
My Computer\HKEY_LOCAL_MACHINE\Software\Microsoft\CurrentVersion\Uninstall\Internet Service\

After I did all this, I turned the computer off and then re-booted it. Voila, all gone.

I’m not sure all these programs had gotten fully installed on my computer because as soon as I saw something fishy, I disconnected the ethernet cable to the Internet.

Anyway, I hope this helps.

By Randy on Apr 7, 2008

re. my previous point, a few other things…

These programs seem to link into IE7, so before I did any of the above, I also

-disconnected my connection to the Internet by unplugging the ethernet cable. (If you are using a wireless connection, disable it.)

-Ran IE7, and went to Tools > Options…, then clicked on the Advanced tab, and at the bottom, clicked on Reset… and finally reset IE7. This deletes all cookies, browsing history, etc. Then I x’ed IE7 so it was not running.

-I then did all the stuff in my previous post with the Internet disconnected.

Then after everything is done and you have powered down and re-booted:

-Verify that all the fixes described in my posts are done and nothing is broken,

-reconnect the Internet and go to some safe web sites http://www.google.com for example. Surf to a few other known safe places. Also run your main application programs, for example Word, Excel, Photoshop, etc. and make sure they work.

-Lastly, the files and folders that are renamed —.BAD can all be deleted. I did this this way because if I had made a mistake and had renamed something that was needed, I could rename it back.

Again, hope this helps.

By Randy on Apr 7, 2008

thanks Javier! yer suggestion was the answer to getting the last of virus heat and its evil counter parts off of my tool bar. YOU RULE!!!

By dura on Apr 9, 2008

thanks Javier! your suggestion was the answer to getting the last of virus heat and its evil counter parts off my tool bar and p.c for good. YOU RULE!

By dura on Apr 9, 2008

omg thank you^^ thank you^^ i think its time to switch to linux this is the second time i hade one like this. But This one was really nasty

By Chris on Apr 10, 2008

It’s weird, I just finished it rebooted my PC but the damn Icon on the bottom right popped up again frick.

By Chris on Apr 10, 2008

can turn off flashing icon on taskbar by going to control panel/ customize and scroll down to the icon and set to “Always Hide”.
This tursn it off but does not remove it from your the system.

By David on Apr 11, 2008

“A day late and dollar short!”
I thought i had deleted this virus only to have my computer crash this week and I lost everything.

PLEASE, PLEASE – SAVE YOUR DOCUMENTS to CD!

I lost everything, but luckily, had done a major backup a month ago!

By Brian on Apr 14, 2008

I see Tim has the same question I have – I am booting up in Safe Mode so I can go into control panel and delete the files, but the icons flash for a second and then disappear. I cannot get a Start tab – can anyone help? I’m so upset.
Thanks,
ST

By Sunni on Apr 14, 2008

hey thanks for the instruction phew i thought my PC will end up getting a another reformat hmmmm but i didn’t follow your instructions because i got lost about the step where you got to go to safe mode,what i did is i remove first the folder of the virus heater before i rename the .dll file that infects the system32 after i got back from the safe mode the virus icon from the task bar completely disappears.after the icon disappear that’s the time i delete the rename file “foundbadfile01.dll”……but let me check for a day or two if it’s back i will force to reformat it…….T_T

By Mayson on Apr 16, 2008

Why the msg keep pop up on my screen ???damnit!!Its vry annoying!!!guys!!actually,,,the msh it pop up ..is not a real virus…dun bliv??go viit bitdefender virus encyclopedia…it helps!!you can type any virus name you wanna know…

By KEvin on Apr 16, 2008

For all of you guys with the annoying icon on the system tray, try pulling off the power cord or if your using a laptop, take off the battery also.
When you shutdown the computer, windows save all your settings. This, probably included the stupid icon that points to the “virusheat.com”.

By Jimmy on Apr 18, 2008

i removed the virus with anti virus/anti spyware programs but still had the annoying pop ups. Thanks to Javier who showed us how to deal with this nasty beast.

By ray on Apr 20, 2008

I need help! When I go to regedit to delete the Virus Heat, I can’t find it under Uninstall, please help!

By Brian on Apr 22, 2008

This virus is probably the most annoying iv’e ever seen Its so annoying!! btw thanks for posting this its really helpful

By Jon on Apr 22, 2008

Thank you
I downloaded some video clips that came with Virus Heat, Trend micro advised me that these changes were occurring, so I told it to stop them, however it ended up with Virus Heat loading both the Virus Heat and the little shield (puresafety) on the lower bar.

I followed your instructions (after i had removed virus heat from the programs, and used ad-aware to delete file (approx 200). the smitfraudfix worked on the toolbar problem
Thank you to all for your contributions,

By Rich on Apr 23, 2008

I followed the suggested procedure to the end but was unable to find any items indicated in the instructions and hence my Virus Heat still persists in my computer! Any further advise?

By Pranab Bagchi on Apr 24, 2008

Great help, thanks. I used a system restore to clean the taskbar icon. Never forget to set it frequently.

By Joe M on Apr 24, 2008

so. this virus thing sucks.

and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus Heat

is not found on my computer.. help?

By karina on Apr 25, 2008

Hi i have followed all of your instructions and its off my computer! But i still have a icon in my bottom right corner and it redirects me to softhomepage.com and i cant stop it plus i have a annoying tab bar on it… how can i stop this?

By Kyle on Apr 25, 2008

Quick free tip for you guys. If you were infected just resently then do a system restore. This will uninstall the software and then just browse over to the virus heat folder and remove it.

virtumonde is far worse then virus heat. I know Virus heat is anoying but not even close to Virtumonde.

By Virus Heat removal on Apr 27, 2008

The flashing icon in that task tray is controled by a dll called uyhjw.dll located in the windows/system32 directory. You won’t be able to delete that file, but you can rename it and reboot and it won’t be loaded again. Then you can delete it.

By John on Apr 28, 2008

HERE IS THE BEST WAY TO GET RID OF VIRUS HEAT

The best way is to go back in time with your computer.

GO TO YOUR START MENU:

Help and Support

And click on

UNDO CHANGES WITH SYSTEM RESTORE

It worked for me.

Good luck.

By IHATEVIRUSHEAT on Apr 29, 2008

hell ya this works perfectly. i just followed all the steps. tried not to stress out to much, and figured it out. im quite proud of myself now actually. thank you is basically what im trying to say.

By Rosenthorp on May 3, 2008

look how many porn-mongers there are online!

By broc on May 6, 2008

okay so, virus heat isnt in my add/remove programs, which was fine like the directions said, then i didnt find “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus Heat” in my registry. i need help! i can stand this!

By Josh on May 7, 2008

I can’t find the registry in Step 6, and I think it might be because I already tried to remove VirusHeat via control panel when I first got it about a week ago so would that step not work?

By Joey on May 8, 2008

Thanks for the instructions, but it didn’t work. I removed the application from Control panel, but found none of the registry entries nor files you indicated, and still have the annoying pop-ups.

By Roger on May 9, 2008

Javier Feb 15/2008 – Thank you for the instructions – it worked great. I do not consider myself a “techy” but they were easy to follow.

By Jeremy in Ottawa on May 11, 2008

Hi I have removed most of this thing out of my computer there is no traces in regedit no traces in c:\programfiles, and eeioq, xskmoq and wchaa.dll are not in my sys32. but I still have that annoying icon! plz aid

By Hasan on May 11, 2008

Okay, so I followed all of your steps.
I managed to delete both .dll files found in Regedit.

Although, when I searched for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus Heat it didn’t find anything,
but when I typed in ‘virus heat’ it found both .dll files and the .exe and some extras.
So I did the process on these, worked fine. I don’t get any popups etc,
but I still have the nagging icon. How can I remove that?

Could u mail me?
Thx!

By Thomas on May 12, 2008

Hi

This worked great! Thanks!

By Den Oli on May 12, 2008

I cant find enything when i search for HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virus Heat on nummber 6. what shall I do?

By HÃ¥kon on May 20, 2008

I followed you instructions on how to get rid of Virus Heat and it seemed to work but now this little icon keeps flashing blue “?” and red “X” and when i click on it it brings me back to Virus Heat web site. What should i do next???

By Nathan on May 23, 2008

I read through all the posts before trying any processes to eliminate the Virus Heat 4.4 that was installed on my computer thismorning when I thought I was downloading an mp3. I thought I would go with the most simple first, doing a system restore. It seems to have worked! I’m not sure if everything was ever installed, b/c when I saw the virus heat program come up a few seconds after clicking to download, I immediately shut off my computer. But when I turned it back on the icon for Virus Heat 4.4 was on my desktop. So…I logged in on the guest log-in for my computer to search the Internet for removal info. I did get a phisher pop up of some kind when on the guest log-in, which may have been due to the virus? Anyhow, I’ve been on the Internet for about 15 minutes now without any icons on my desktop or pop-ups. The system restore said it was successful, and it seems to have worked! Thanks a lot for the info. everyone!

By Krista on May 24, 2008

Do the system restore, it works and I have been beating my head for a day trying to get this crap off of my computer. In addition, I bought some network security software and it didn’t work.

By Big Slim on May 24, 2008

hello, we have been experiencing some very annoying pop-ups here in our laptop. it’s been bugging us and slowing down our work. how would i know if we have been infected by this VIRUS HEAT thing? a so called “Antispyware” was always popping up every time we try to use the laptop. an “AntiVirus” thing comes with it too. can you help? please email me. thanks a lot. your help will be very much appreciated =)

By raissa on May 26, 2008

As i am pretty computer retarded, lengthy steps looked damn unfun.

System Restore= way to go!

As i understand, no matter how long ago you had your unfortunate encounter with virus heat a system restore will work.

1.In your Windows “Help and Support” area, look for SYSTEM RESTORE

2.Click on date, or date previous to your estimated VirusHeat installation date. Do a system restore.

3. If anything detrimental occurs (such as loss of important downloads, docs, etc) you can always undo a system restore.

By Emilie on May 29, 2008

It seems that the Virus Heat program is also disguised as a disclaimer noting that you do not have the correct version of Activex controls to run a certain program.(Mainly videos.)

The best way to remove Virus Heat seems to be either restoring your computer to a previous setting or undoing the changes made.

Not why this is not possible for some of you though.

By SS on Jun 1, 2008

norton 2008 got rid of this stupid virus just fine on my computer. i just made sure i ran live update on norton first, and then all of a sudden it was gone — without me even having to request it to do so. i ran a norton scan first to see if it would find it, and it didn’t – which i thought odd. so i checked the quarantined items and it was already in there and removed!

By natalie on Jun 1, 2008

thanks for this. I have had this problems in the pass and did not knew how to stop this one. thank.

By vilapupu on Jul 10, 2008

how do u restore folders deleted by virus from the usb

By monica on Nov 16, 2009