Jump to content


virus ilxyk

  • Please log in to reply
3 replies to this topic

#1 patsfan



  • New Member
  • Pip
  • 3 posts

Posted 30 June 2004 - 02:10 PM

HI There,

I can't seem to get this virus out of 2 XP Pro machines, running AVG 7.0 Pro and used spybot, Network Associates Stinger and AVG's downloadable virus removal scanner. These are the latest updates, 6/28 for AVG and 6/15 for Stinger.

I disable system restore and do the scans in Safe mode, along with normal mode.
It cleans the viruses, but several hours later they come back. Most interesting is I can't seem to remove the Internet Explorer default page from going to a website called ilxyk,etc. I go into tools and set blank page as the home page and clean the virus,etc , it say's it is clean it is gone for several hours and comes back.

It say's the virus is being stored in the res (restore folder) but I can't get in there to delete it manually or rename it. Again, I've turned off restore before doing the virus scans and deleted the file via AVG. I've also turned restore on and off several times in an attempt to purge the previous restore files.

other viruses that seem to come up (after) I'm forced to this ilxyk website are,


I've also tried making the ilxyk site restricted in IE tools, but it keeps coming back, after I turn java scripting back to enabled. If I keep java disabled it keeps trying to go to the site but doesn't bring the site web page up, it's blank.

I also have downloaded the latest Windows updates as of 6/28.

It doesn't seem destructive, just a big pain in the butt.

any ideas out there?


#2 NeonWizard


    Security Geek

  • Full Member
  • Pip
  • 49 posts

Posted 30 June 2004 - 09:48 PM

What's the virus name? If you can tel me the name, I can look on one of thw AV websites for technical info, and the manual removal instructions.

#3 patsfan



  • New Member
  • Pip
  • 3 posts

Posted 01 July 2004 - 09:08 AM


the virus doesn't seem to be named, AVG just states it a dowloader.bf virus and such. I think it is the virus listed in the previous link, but it seems slightly different than what he has reported. I"m going to try that method and see what happens.


#4 mnosteele


    Dr Tweak

  • Full Member
  • Pip
  • 22 posts

Posted 01 July 2004 - 11:25 AM

This sounds like one of the latest CoolWebSearch variants. The reason AVG cannot remove it is because it is actually spyware that is doing trojan like activity.

Please download Ad-aware and SpyBot Search & Destroy and set them all up EXACTLY as I have written HERE. This will offer much deeper scanning than the default settings that will find more spyware/malware. You will also see instructions on setting up AVG 7.0 as well to maximize it's protection.

If after doing ALL of the above and you are still having problems please post a HijackThis log here in this forum for us to look at.


Member of UNITE
Support SpywareInfo Forum - click the button