Hello

I am a new user of this forum, so apologies in advance if I miss anything :oops: !

Well, I have recently found that my IE has started randomly redirecting to odd pages. I have looked for new processes running and found that I had a variant of "jov" (32jov.exe) running, along with an unidentified dll in my System32 folder (bqckrgz.dll), which according to spybot has a value of "qknhnmlo". By the way, I have googled the bqckrgz.dll and it is not even recognised yet, as I am getting NO hits!

The former I THINK I may have removed from the system, as I am no longer finding it on a system search. With the latter though I have not had any luck, as whatever I may have done to remove it, it simply keeps re-installing itself, even when I tried stopping it and then run HijackThis asking to delete it at the next boot! It appears to be loading as a module of explore.exe?

Unfortunately I disabled my Tea-Timer a few days back to install some software and then forgot to reactivate it...:sad:...! So I am paying the price now!

Any ideas anyone of how to go round this?

Thanks
Harry

Your symptoms may be a sign of a malware infection.

Are there IE pop-ups which "are" redirecting you to some page?
Or is it HOMEPAGE that is redirecting?

To re-enable TeaTimer run Spybot-SD in ADVANCED MODE >TOOLS>RESIDENT and find TeaTimer (protection of overall settings).

My guess is that you'll have to visit the Malware Forums sooner or later to remove the infection. But first, I need your confirmation.

Hello drragostea

What it actually does is that at random times, when I will select a page to go to (for example out of google search results) it will take me to a completely unrelated page, also changing the address (top address bar) of the page I asked for. It has also done it when I manually typed a page address to go to and then I ended up in another place altogether!

I have found it impossible to manually remove bqckrgz.dll, which I believe is the cause, as it loads early on in the boot and even if I try to disable once in Windows via Spybot/MSConfig, it stills loads itself again (tried Safe Mode Login too!).

I reactivated the Teatimer as soon as I realised what happened, but a bit too late now!

Any advise please?

Thanks
Harry

harry-197:

If you believe that you have discovered spyware (or a variant) that is not being detected by Spybot and it seems to involve a file (bqckrgz.dll), I recommend that you follow the suggested procedures in the following thread and send a copy of the file to "detections(AT)spybot.info" (Replace "AT" with "@"):
Infected Files. How To Submit. Please do not attach or link them here.
http://forums.spybot.info/showthread.php?t=1699
If you decide to follow those procedures and send a copy of the file via email to "detections(AT)spybot.info", I suggest that you referencing this thread in the email and include as much information as possible about what you know. At a minimum please indicate:
The version of Spybot you are running (Spybot » Help » About).
Update version (also in Spybot » Help » About).
The Windows OS version you are running
Plus any addition information that you feel may be helpful in getting detections rules in place to detect what you feel is malware.
In the mean time, you can post in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and have someone take a look at your system.

If you decide to have an experienced malware removal specialist look at your system, please follow the procedure in this link to run scans and produce a HijackThis log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) ( http://forums.spybot.info/showthread.php?t=288).
After you have completed the required scans and produced the requested logs, start your own thread in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum, making sure to post the logs produced from the above instructions.

Your symptoms may be a sign of a malware infection.
...
My guess is that you'll have to visit the Malware Forums sooner or later to remove the infection. But first, I need your confirmation.

My best guess is a malware problem... :sad: because you don't get directed to another page for no reason.
--
Consider posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) ( http://forums.spybot.info/showthread.php?t=288).
--

Visit the Malware Forums, post a HIJACK LOG and tell me how it goes. Your problem will be resolved in no time.