Run FREE PC Scanner Now!VirusHeat Removal Process (remove VirusHeat)
February 9, 2008 – 1:37 am
VirusHeat Explanation
VirusHeat is a new rogue antispyware which issues misleading and exaggerating results. Normally it is installed by Trojan.Win32. More or less, it does degrade performance of computers and generate annoying popups. The easiest way, however, you need to pay to remove it automatically. Manual removal is possible if you know how to do regedit and understand Windows file system.
Are you getting popups from VirusHeat? Have you identified that you have VirusHeat installed on your computer? Do you wish to remove VirusHeat completely from your computer?
Why should you remove VirusHeat?
If VirusHeat resides on your computer, it can potentially damage your personal files or you may end up losing data stored on your system. Research has shown that VirusHeat may have the ability to make your computer vulnerable to remote attacks which could result, initially, in loss of money, possibly identity theft, and, eventually, a painstaking VirusHeat removal process.
How can you manually remove VirusHeat
Manual removal of VirusHeat may not be for everyone. Each manual VirusHeat removal step must be followed delicately to completely remove all related files and registry entries from your computer. If you are unsure or have doubts about editing your system registry, then we recommend that you use the automatic VirusHeat removal process.
VirusHeat can be removed manually by following the steps below.
- With all programs closed, click the Start Menu and go to the Control Panel.
- Locate the Add/Remove Programs icon and double click it.
- Locate VirusHeat in the list of programs. If you find it, select it and remove it. If you cannot find VirusHeat, you can continue to step 5.
- Restart your computer.
- Close all open programs and windows on your desktop.
- Open your registry editor (regedit) program by going to Start Menu, type in regedit, and click OK.
- Find all of the following registry entries and delete them. If you do not know how to do this,
then you can read how to edit the registry in Windows.0DFBA66B-DB48-4292-831A-E7186D8A61AE0EC085A8-9818-43B7-B975-EC7555EDA4D212a31567-9883-4cc0-a684-ad5804394d6914E6D991-DB22-4661-981D-20C168D6847B1A74C41C-0837-4FBE-BA50-621EB70F01CE2242513C-F5E9-41B3-BC89-4D9DAF48745023624BD0-2A69-4F91-BE6A-9F1F22B72C1325297614-1B76-4C2C-82C6-62738AA0E8F037F89457-1208-4670-9245-58C62BD6D8703B489B37-FC1B-45C8-B1CE-78D9AEF5B3363D6A6E24-FDFF-418E-A93D-9FBDCBA377AF3E318E44-0C35-4292-AF91-18DD1779563645477032-ABD0-454D-9CE4-EA34C10322F846F309AE-9D11-4C10-9D20-2C084B1C8BCE495349A3-3A35-465F-88DF-6CCFC13482464CB95561-AF37-4BBD-823C-1E355A744A43575E8879-D6CF-4992-A7FE-651DA9277BCB65bbf06c-ea06-4818-92a3-f3550d0e1004699fabf8-1087-491f-b57c-80a68929d82b69E34747-0B27-4B30-AE20-1023BF29E246747e1fbe-b70f-441d-bbca-6e536c04924a76157861-4996-4711-90E4-6D868B877B2476A15001-FF88-47EE-9E34-9F68E34246AF79BE5B3B-80B2-4B77-A042-EFC90F6E0DE77C0EC6BF-81B9-4FE0-9447-4ED29A36BF5D7d7bd0c4-4913-4933-b870-7388a7bffb827EBB34CF-1728-4136-A968-48F231DAD1B4819A1C55-735F-4696-8727-3772EC87AD2681DA01DB-8100-4865-B9B0-A83F5437843583B0CADC-EA64-4AC6-822A-3ECE95F44DA688DAA291-B413-4C46-B378-3BE66F65369E8DC7E656-FFBC-4BA2-AF81-1C6C4FE04407910EF37B-A486-41FC-8A1B-28C5581AB3AC917f93bf-6714-4e11-8982-59db2e0f88fc936A2F4A-53F8-4D2F-92AA-2F9DE889841C9d19a1a9-3cdf-4f15-a5ca-ea3905febdeda0efe2fe-7249-4403-a00b-8be108617c75A6B2BC38-7F2A-4202-9B43-A28615727FEEA86BED71-2B56-4778-9C48-829A3D01C687AE119E11-CF86-43CB-91AA-1ACF2BBF9EC6af73a174-ea1b-4f0b-b0b1-fe1486a6719cAFCC3FA7-82A9-42D5-A405-78711E97A5D6b0fdc513-46b9-46fc-8e70-d575ee546daeB11DA4C8-52DC-44A2-B21B-02BF7A93EB5BB5A1CE7F-011D-4475-98DB-076AAF3B1D18B5ADBFCA-C6DE-4E5A-A2DA-70AA2933B696B5AE5932-F1B3-45E4-842A-59EEA65B13A8B667F141-171C-4AC6-BD2B-8E0C646FB920BA18BA7B-9567-4408-9B87-3D3990C3969ECBD02E9B-37EF-47D2-96B0-3ABBB2EB92BFCC05A4A3-7B28-488F-AB02-6AAEDB86ACCFd4c51fa4-9192-4a9a-8d2a-a0690c92f171D56509AB-9821-4DB0-BF2F-115159804140d70e9b0f-aabc-4066-8176-c6de84d92fa1d9f6ce57-0718-4bd1-916f-5fb1f86911c2DA4F8351-05EF-4956-B9AB-1093B732436Fdb763ed8-100a-481b-8913-50a2f41dcdc3DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40DFF203EA-222C-44FA-8B78-ED88B4587AA2E1E4E46D-53B8-45DC-ABF0-3E7ADEF79012E80114AA-6653-4952-9E97-5F1DC63BEE0FEB22B708-E0D3-4FCE-800B-6DD0C5B30D42eb9f614b-ea44-40d0-8829-542e4f254739ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22cf0d4f88e-e1f8-460f-a41c-6cfb7f73af79F1EA02F8-E536-4828-BFB7-3DE7FA4D4B09f43bfc6c-47cc-4798-8798-a0721b8ed7abF6E18622-DFA8-4DBA-B05E-D3D147E16D44F9109A2A-432B-4ADD-A6FA-06BA22DCD2D9FCA3958A-8D38-4D14-8B81-CCD7F68A8A01Microsoft\Windows\CurrentVersion\App Paths\VirusHeat 3.9.exe 3.9Microsoft\Windows\CurrentVersion\App Paths\VirusHeat 4.3.exe 4.3Microsoft\Windows\CurrentVersion\App Paths\VirusHeat 4.4.exe 4.4Software\Microsoft\Internet Explorer\Toolbar\DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\DB9FBA9D-AB1B-4CC6-9745-F3B549D64E40Software\Microsoft\Internet Explorer\URLSearchHooks\f43bfc6c-47cc-4798-8798-a0721b8ed7abSoftware\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\12a31567-9883-4cc0-a684-ad5804394d69Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\65bbf06c-ea06-4818-92a3-f3550d0e1004SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\699fabf8-1087-491f-b57c-80a68929d82bSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\747e1fbe-b70f-441d-bbca-6e536c04924aSoftware\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\7d7bd0c4-4913-4933-b870-7388a7bffb82SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\917f93bf-6714-4e11-8982-59db2e0f88fcSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\9d19a1a9-3cdf-4f15-a5ca-ea3905febdedSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\a0efe2fe-7249-4403-a00b-8be108617c75Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\af73a174-ea1b-4f0b-b0b1-fe1486a6719cSoftware\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\b0fdc513-46b9-46fc-8e70-d575ee546daeSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\d4c51fa4-9192-4a9a-8d2a-a0690c92f171Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\d70e9b0f-aabc-4066-8176-c6de84d92fa1SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\d9f6ce57-0718-4bd1-916f-5fb1f86911c2Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\db763ed8-100a-481b-8913-50a2f41dcdc3Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\eb9f614b-ea44-40d0-8829-542e4f254739SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\ee9f7cf5-cd49-4cd8-8ba6-1514e7a5c22cSOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\f0d4f88e-e1f8-460f-a41c-6cfb7f73af79Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\f43bfc6c-47cc-4798-8798-a0721b8ed7abVirusHeat 3.9VirusHeat 4.3VirusHeat 4.4
-
You may need to return to this removal process for removing VirusHeat. You can do this easily by bookmarking or adding a favorite to this page by clicking here. If you are using the FireFox web browser you can press the keys Ctrl and D simultaneously to bookmark this page.
Image 1. Bookmark PCHubs removal process
-
Delete all of the following files that are associated with VirusHeat from your computer.
baoohy.dllbubbj.dlleeioq.dllheuvth.dlliinqyl.dlllruvqvw.dlllvhjtsa.dllqdsba.dllrkvdr.dlltxdkfh.dllUninstall VirusHeat 3.9.lnkUninstall VirusHeat 4.3.lnkUninstall VirusHeat 4.4.lnkVirusHeatVirusHeat 3.9VirusHeat 3.9 Website.lnkVirusHeat 3.9.exeVirusHeat 3.9.lnkVirusHeat 3.9.urlVirusHeat 4.3VirusHeat 4.3 Website.lnkVirusHeat 4.3.lnkVirusHeat 4.3.urlVirusHeat 4.4VirusHeat 4.4 Website.lnkVirusHeat 4.4.exeVirusHeat 4.4.lnkVirusHeat 4.4.urlvualf.dllwbchha.dllwcscqa.dllwuuawkz.dllxskmoqx.dllIf you need a better understanding on how to search for these files then you can read how to find and search for files and folders here.
If you have issues deleting any of the previously listed files that are associated with VirusHeat, you can try rebooting your computer into safe mode. Booting into safe mode may allow certain malicious files to be deleted. If you are wondering how to boot into safe mode, you can read our process for starting a computer in safe mode here.
Image 2. Select "Safe Mode with Networking"
After locating and deleting the previous files you must remove all directories associated with VirusHeat by going to the C:\ProgramFiles\VirusHeat folder, select it, and delete it. In some cases you may not be able to find this directory. You can still continue to the next step.
Restart your computer. You do not need to boot into safe mode at this point. You should have removed VirusHeat completely from your computer. If you find that VirusHeat is still on your computer, you can repeat the steps again or go to the automatic VirusHeat removal process.
funny, had this very old rogue on my older Windows xp PC that has been down for about a year. fired it up and this virus heat popped up all over the place. your remove still detects it. shows how trusty you are. thanks pchubs.
TK5 had to resort to your suggestion and it worked great, mine was rtmipr.dll
Thx everyone.
“dcggain.dll†was the currupt for me. I delete this file from(run>>regedit\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
reboot the PC and the icon go the fuckkkk.Thanks for all.
Had the same problem: All obvious VirusHeat, etc. files removed (VirusHeat.exe, netproject folder, etc.) but icon still blinking. Searched for all *.dll’s mentioned here – nothing. Then – absolutely desperate – I did what’s already mentioned here: I looked in C:\Windows\System32 for the most recently changed dll file. There most recent one changed on 4th, may 2008. My symptoms started yesterday 6th, may 2008. Yet I gave it a try and renamed it – Bingo!!! The taskbar icon changed it’s looks immediately. Rebooted – icon’s gone. Don’t delete it yet!!! Do a Start-Regedit and search for this dll as it must have been loaded somewhere in the registry – and yes: it’s there – deleted registry entry, deleted dll file – rebooted once more – CLEAN!!! Good luck everyone with this annoying tray icon! (btw. mine was called rtmipr.dll – so yes it mutes it’s name quite rapidly – so only stick to the change date, not to the name!!)
Got another one to add to the list: qdsba.dll. Thank you so much, by the way! I’d only gotten so far as still having that fraggin’ icon, until after reading the comments I realized that I need ed to search by “Date Modified.” It was the only .dll file that had been modified in the past week , so once I knew how to look, it was quite simple! THANK YOU!
cheers guys you are all legends!!!!!
Thanks!!! Everybody for your help….
Took long time to get rid of this f**king virusheat alert. I also wanna add here for people who r a bit dump like me. As at first I can,t find the infected .dll file from the name given here. Easiest way goto Search > then select files & folder > type *.dll > click on when modified > u may select past month > start search > among all .dll file what comes under C:\windows\system32 are sus[ecious file > now delete as told by all experts above. Thanks
I checked the last modified .dll in \system32 by typing the file name into google.com. There was a long list of malware reports on it. I renamed it using .txt (with a a little difficulty) and the ‘System Alert’ disappeared almost instantly.FYI: the file name was “zfaiqwr.dll”.
I have the message in the bottem right where the clock is. i cant read it but, i have followed the instructions but could not find any of the files mentioned. what should i do?
look for zfaiqwr.dll as well
I wasn’t able to find any of the above .dll names, but I sitll had that stupid systray icon. What I did was view \system32 folder according to modified date, disabled the .dll that was dated closest to when the problems started. It worked! Mine was named vualf.dll. Try this
Another file to look for is bubbj.dll in system32.
so if it’s infected it will not let u delete it….right?
I was able to finally delete the icon in the system tray by looking for the last modified .dll in system32. The biggest mistake people are making is to look for a specific file name. If you follow this advice you will get rid of the annoying icon. I would also add that it would be a good idea to delete all references in your registry of netproject, which seems related to this. Then delete the folder c:\program files\netproject. Also delete all registry references to virusheat.
Having trouble deleting dcgain but I am betting that this program creates a different dll file every day to make it hard for us, but easy for them
This stupid product uses a differnt name each time. I searched all of those DLL’s registry file system root kits and nothing…. after some trial and error i found yet another DLL…
dcggain.dll
went to system32
looked at the file modified latest,
renamed it. instantly the icon in the systray changed to blank white icon but still flashing meaning it is memory still, but more importantly i found the dll.
Rebooted, the icon in the sys tray was gone, deleted the renamed file no problems since..
To finally get rid of that icon I used Windows Explorer to search all .dll files in Windows\System32 and then sorted them by date modified. “dcggain.dll” showed as the only likely candidate and internet search on that filename showed to to be malicious. I changed the file suffix to “.bad” and have left it to rot. So far so good.
“dcggain.dll” was the culprit for me. couldn’t delete it as it was in use. when I renamed it the flashing notifications area icon changed shaped immediately. rebooted, trashed it, icon is now gone.
Like JohnD did, I also sorted the system32 files by modified date, and found dcggain.dll as the most current modified file, which is one of the culprits of all this mess
Here’s another version, I removed the systray icon by sorting system32 folder by last modified also, and found sozctue.dll, once renamed, (I just added “badfile” in front of it) the systray icon didn’t come back up. Good Luck, and thanks for all your posts/help.
look for a DLL that has no company on its properties, I had the same problem and I couldn’d find the DLL’s mentioned above, just look in the SYSTEM32 folder and rename what you think is suspicious and restart the machine.
Thanks for the help everybody. I went about it backassward but I think it’s gone. I have Windows XP and used the “Search” feature. I got rid of the virusheat stuff but still had the icon. Searched for “.dll” on the harddrive and modified the search to look for things from today (I got this damn thing earlier today.) It found 3.
kdfapi.dll
kdfhok.dll
lvhjtsa.dll
I was able to delete the first 2 no problem but I had to re-name the 3rd file as mentioned above. Restarted and that flashing bastard was gone!
I hope the person who made this gets a virus of their own. Maybe herpes…
cant get rid of the icon . none of the dll files listed here are in my system 32 box. No modified day I was infected. Help! Please
Thank you alw for including the dll that fixed yours. After searching through all the whole thread and trying everything to get rid of the annoying icon the jdxah.dll finally did it.
Thanks
I had to remove jdxah.dll which is one of the files mentioned at http://www.xp-vista.com/spyware-removal/virusheat-removal-instructions
I was infected with virusheat version 4.3
just click on control panel-taskbar and start menus-click customize button by hide inactive icons and select always hide this icon…problem resolved…optical only
Hi there,
I could not find any *.dll files mention above at \WINDOWS\System32, so the icon is still appeared with the “the system alert”. Although I have erased netproject folder and the virusheat. Then I try another way, searching “*.dll files” mentioned in this site, then searching “netproject” and “virusheat” in the registry. (Using run regedit) Delete all of them and then reboot your computer. After working for more than 8 hours, everything back to normal.
Don Famy – Bandarlampung Indonesia
another file to look for is guadq.dll in the c:/windows/system32 directory. Corrupting the file is a very good way of getting rid of this file. Also, go into the registry and search for the dll to delete the registry entry so that it doesn’t try to start the process again upon reboot.
delete the c:\windows\system32\lruvqvw.dll file to get rid the tray icon…i did the same it worked…
jus change the extension to.txt nd delete it after estarting..
Hi there.
I did everything listet above.
But the warnings are still popping up and the fuckin icon is still there.
But! Important! I could not find any DLL listet above! Please help me:
mail: elias.list@gmx.net
msn: elias.lsit@gmx.net
skype: hippie1abc
icq/qip: 379-885-712
I FOUND A WAY TO REMOVE VIRUSHEAT FROM SYSTEM TRAY…
NO NEED
ACTUALLY THIS VIRUS SEEN, ANY ONE OF FOLLOWING NAMES.
VIRUSHEAT.EXE
WBCHHA.DLL
EEIOQ.DLL
HEUVTH.DLL
LRUVQVW.DLL
XSKMOQX.DLL
USUALLY THIS VIRUSHEAT VIRUSES ARE SITTING AT C:\WINDOWS\SYSTEM32\….
TO REMOVE THIS VIRUS FOLLOW THESE STEPS..
1.FIND THE VIRUS FILE. [U CAN FIND IT WITH THE HELP OF SPYHUNTER FREE VERSION. BUT, SPYHUNTER FREE VERSION WONT REMOVE VIRUS]
2.U CANT REMOVE THE VIRUS WHILE IT WAS RUNNING. SO, CORRUPT THE FILE.
3.HOW TO CORRUPT?
3a.RIGHT CLICK THE FILE.
3b.SELECT THE PROPERTIES.
3c.RENAME THE FILE.
3d.RENAME THE FILE EXTENSION NAME[i.e. .TXT]
3e.IN ATTRIBUTES BOX CLICK READ ONLY BOX. AND
ALSO REMOVE THE TICK FROM ARCHIEVE BOX.
THUS, THE .DLL FILE WILL CORRUPT.
4.EVEN NOW, U CAN’T REMOVE THE VIRUS.
BECOZ THAT PROGRAM IS STILL RUNNING. JUST RESTART YOUR COMPUTER.
5.NOW YOU CAN’T SEE THE VIRUSHEAT ICON IN SYSTEM TRAY.
6.NOW U CAN DELETE/SHRED THE FILE.
DONT FORGETTTTT TO EMPTY UR RECYCLE BIN.
delete the c:\windows\system32\lruvqvw.dll file to get rid the tray icon
well im still looking to get rid of the icon.. been looking nonstop for quite a while now… ive switched accoutns on the computer and what made sense on the first account changed into a whole chain of gibberish.. ill write here so you can see.
“Q{qvgo”Cngpv#”
]w}-zkc.fo}.jkzkmzki.o,`{clk|.ah.omzgxk.}~wyo|k.o~~bg,ozga`}zfoz.cow.gc~omz.zfk.~k|ha|co`mk.ah.wa{l.mac~czkl
.mbgme.zfk.gma`za.ikz.|gi.ah.{`yo.zkjbaoja`i.o`,{~#za#jozk.o`zg)~wyo|k.}ab{zga
this is exactly what i see. ive narrowed the search down with a few leads because my security is asking me to attach something called C:/programfiles/netproject.sbmdl.dll and im constantly saying no.. however while searching i cant find netproject folder nor sbmdl.dll..
im getting desparate.. email is jsfoamy425@gmail.com im sure there is a manual way to get rid of this thing like you guys.
First of all; thank you all very much for the posts… it really helped!
I looked in system32 and pressed the “sort after last modified” then i could see the recent files that were modified, and then i changed/renamed the file to badfile.txt restarted and deleted the file. it worked perfectly!
Greetings from Denmark
couldnt find anything listed above so i assume thats a good thing.. i uninstalled the virusheat through the control panel, and im searching for eeioq wbchhaz iinqyl and wuuawkz as i speak but i cant seem to find any of it but the icon still remains…
Deleting the c:\windows\system32\wbchha.dll file was what worked for me too.
uauuu. It so difficult to do it. Guys, may be be every time this file has different name. If you know the exact time when you were infected find which file is modified in the ‘system32′ folder. Than you must delete it. I had ‘wksqyc.dll’ or like that. I use the ‘unlocker’ program to delete, so don’t need to restart in ‘save mode’. regards from Bulgaria
hello i’m Fadhil. Virusheat affects a little bit my computer. However i think i succeded removing this VIRUS but… a stupid TRAYICON i can’t get rid of it! clicking left or right takes me on a site that puts me to download the VIRUSHEAT. Can u help me get rid of this problem please?
I tried everything listed above. Searched high and low for all the aforementioned files and couldn’t find anything. I found and deleted the Netproject folder, but did not find wbchha.dll nor eeioq.dll. That icon is still there looking at me now… what to do? What to do? Help!
Yes – excellent! I had found a bad dll file using instructions from another site, but could not unlink or delete the file. Renaming and restarting worked like a charm. To work for more folks, your list of infected dll files from VirusHeat needs to be expanded (my infected dll was wbchha.dll):
iinqyl.dll
wuuawkz.dll
eeioq.dll
wbchha.dll
heuvth.dll
xskmoqx.dll
txdkfh.dll
Thanks!
I did not find “eeioq.dll”, but I did find and remove (by changing the name, rebooting in safe mode, and deleting) a file called “C:\WINDOWS\System32\wbchha.dll”. That got rid of the icon in the system tray.
So….. you do everything above, fine. Gets rid of the major annoyance. BUT, you still have a flashing icon in the corner. Click it (right click even) and you go straight to the Virus Heat website. BULLSHIT
They can’t help. Apparently nobody, even if you pay for good spyware programs, can help with this. Unreal.
followed all removal steps. its all gone except for the tray icon. i haven’t found any of the .dll files you guys referred to. each file has been searched for in the system32 folder to no avail. any other solutions?
if u get a virusheat system alert at the clock!
go to c:\WINDOWS\System32 and look for a file named eeioq.dll
or search for it using the search tool.
if u find it look at the step i wrote earlier.
thanks..people..it works..peace from Bosnia & Herzegovina..
omgosh you guys rock
hello i’m Romanian and… Virusheat affects a little bit my computer. However i think i succeded removing this VIRUS but… a stupid ICON near the clock in the right remains and i can’t get rid of it! clicking left or right takes me on a site that puts me to download the VIRUSHEAT
Can u help me get rid of this problem please 
?
/Quote
i have the same problem, help please
im not any good with computers so don’t tell me to delete folder dll. or wtf :p
Hi,
I could only find the VirusHeat folder in C:\Program Files.
I removed that, but the trayicon is still there? Any solutions?
Thanks,
Yiannis
oh, and before i removed “eeioq.dll” i removed a folder in C:\Program called “netproject” while in safe mode.
i hope this works for you too, good luck