Adware.BHO.Sysdamp Spyware Profile
Sysdamp is an adware program disguised as a browser helper object, or BHO. It is as yet unknown who the vendor is. It comes bundled with the adware program called svchost.exe. It has been known to target Internet Explorer and automatically run on Windows start up, which enables program reinstallation. This makes it difficult for some antispyware programs to effectively remove it.
Other manifestations include the creation of a red screen with pop-ups suggesting that if you click on them, they can fix the problem. It also creates a yellow toolbar on Internet Explorer, displaying a misleading adware/spyware infection warning. It suggests you click on it to remove the problem.
While other antispyware programs may have problems removing Sysdamp, SpyZooka is known to be consistently able to remove this threat from your computer.
Associated File Names:
SYSDAMP.EXE, OVJJEJVE.EXE,
SVCH0ST.EXE,
28794714.SVD,
yan_.exe, c:\windows\system32\iphttphl2.dll,
c:\windows\system32\iphttphl4.dll
Registry Info:
O2 – BHO: (no name) – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – (no file)
O2 – BHO: SXG Advisor – {58DDA832-AEA0-4BCF-BC11-C01A3C51C077} – C:\WINDOWS\dntpkwolox.dll (file missing)
O2 – BHO: (no name) – {AE7CD045-E861-484f-8273-0445EE161910} – (no file)
O2 – BHO: (no name) – {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} – C:\WINDOWS\system32\iphttphl2.dll
O3 – Toolbar: ekxdvft – {DEEAF2E6-CBD6-4E9A-B7A7-C17C7C49F697} – C:\WINDOWS\ekxdvft.dll (file missing)
O4 – HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 – HKLM\..\Run: [Kernel32_sysdamper] C:\WINDOWS\system32\drivers\sysdamp.exe
Also known as:
Trojan.Unclassified/SysDamp.Process,
Adware.Sysdamp,
SYSDAMP.EXE,
OVJJEJVE.EXE,
SVCH0ST.EXE,
28794714.SVD