Tech Support Forum - View Single Post - Constant Pop up- Error loading C:\Windows\System32\byXPIbxY.dll

**amateur** · 08-05-2008, 01:06 PM

Hello and welcome to TSF.

I see that you are using BitTorrent, which is a p2p file sharing program. I would like to warn you that the nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. Also by default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple, file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft.
I recommend very strongly that you remove it from your system via Add/Remove Programs in Control Panel.

===================================

Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor:

Click the Spyware Doctor icon in the System Tray.
Click Settings.
Click Startup Settings under Pick a Category.
Uncheck Run at Windows startup.
Click Apply and Exit Spyware Doctor

Once your log is clean you can re-enable Spyware Doctor.

Please disable Windows Defender too. To disable Windows Defender:

Open Windows Defender
Click Tools
Click General Settings
Scroll down to Real Time Protection Options
Uncheck Use Real Time Protection (recommended)
After you uncheck this, click on the Save button
Close Windows Defender

Once your log is clean you can re-enable Windows Defender Real Time Protection.

===================================

Please right click on HijackThis and click Run as administrator

Click on "do a system scan only"
Place a checkmark next to these lines:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
O2 - BHO: (no name) - {684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {D935DD3B-5BD4-40B2-8914-0A4EEC8E84CE} - (no file)
O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byXPIbxY.dll,#1
O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing)
O21 - SSODL: fdxbameg - {711D8683-355D-407E-831F-916DE75307FB} - (no file)
O21 - SSODL: fsrpknov - {D6C9B483-B17D-497F-848D-8804E2D3F483} - C:\Windows\fsrpknov.dll

Then close all windows except HijackThis and click Fix Checked

==================================

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply along with a fresh HijackThis log.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

08-05-2008, 01:06 PM	#2 (permalink)
amateur Moderator, Analyst, Security Team ; Rangemaster, TSF Academy Join Date: Jun 2006 Location: USA Posts: 7,289 OS: XP SP3	Re: Constant Pop up- Error loading C:\Windows\System32\byXPIbxY.dll Hello and welcome to TSF. I see that you are using BitTorrent, which is a p2p file sharing program. I would like to warn you that the nature of P2P filesharing is so that even if one is using a "clean" program, many of the files downloaded from non-documented sources have the potential of being infected. So, regardless of whether one is using a "clean" program, one may still be prone to infection by malware because more than half of all files available for download from peer-to-peer networks have been deliberately infected with some form of malware. Also by default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple, file sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. I recommend very strongly that you remove it from your system via Add/Remove Programs in Control Panel. =================================== Please disable Spyware Doctor, as it may interfere with the fix. To disable Spyware Doctor: Click the Spyware Doctor icon in the System Tray. Click Settings. Click Startup Settings under Pick a Category. Uncheck Run at Windows startup. Click Apply and Exit Spyware Doctor Once your log is clean you can re-enable Spyware Doctor. Please disable Windows Defender too. To disable Windows Defender: Open Windows Defender Click Tools Click General Settings Scroll down to Real Time Protection Options Uncheck Use Real Time Protection (recommended) After you uncheck this, click on the Save button Close Windows Defender Once your log is clean you can re-enable Windows Defender Real Time Protection. =================================== Please right click on HijackThis and click Run as administrator Click on "do a system scan only" Place a checkmark next to these lines: R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com O2 - BHO: (no name) - {684BFE7F-F5B2-4AB3-A95E-EB5036A2D286} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: (no name) - {D935DD3B-5BD4-40B2-8914-0A4EEC8E84CE} - (no file) O4 - HKLM\..\Run: [MSServer] rundll32.exe C:\Windows\system32\byXPIbxY.dll,#1 O9 - Extra button: (no name) - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing) O9 - Extra 'Tools' menuitem: IE Anti-Spyware - {9034A523-D068-4BE8-A284-9DF278BE776E} - http://www.gateietool.com/redirect.php (file missing) O21 - SSODL: fdxbameg - {711D8683-355D-407E-831F-916DE75307FB} - (no file) O21 - SSODL: fsrpknov - {D6C9B483-B17D-497F-848D-8804E2D3F483} - C:\Windows\fsrpknov.dll Then close all windows except HijackThis and click Fix Checked ================================== Please download Malwarebytes' Anti-Malware from Here or Here Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply along with a fresh HijackThis log. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly. __________________ My services are free. However, you can donate to TSF to help keep it running. Member of ASAP since 2005 Member of UNITE since 2006