PC in Danger: Ekxdvft Toolbar

1. What is Ekxdvft Toolbar?

Ekxdvft Toolbar is dropped by a trojan that is also known as Fake System Alerts. The desktop may be turned into red colored background with some hazard symbol in the middle, offering to download rogue spyware removal application. Fake, having an appearance of original Windows dialog boxes, popups are warning user about viruses that has infected the system. Here is a copy of frequently happening alert:

Windows Security Alert:
Windows has detected an Internet attack attempt... Somebody's trying to infect your PC with spyware or harmful viruses. Run full system scan now to protect your PC from Internet attacks, hijacking attempts and spyware! Click here to download spyware remover for total protection.

Related websites that we do not recommend to visit:
viruswebprotect.com
scanner.adwareremover2007.com

Fake anti-spyware software related to Enqvwkp Toolbar:
Error Cleaner
Privacy Protector
Spyware & Malware protection

Windows Security Alert:

2. How to remove Ekxdvft Toolbar:

Internet connection might be disabled or Internet browser might be blocked by Ekxdvft Toolbar, so it won't be possible to download any files to infected computer. In this case please download all files required for Ekxdvft Toolbar removal to another computer and then transfer them on the infected one using CD/DVD or USB flash drive.
To remove Ekxdvft Toolbar download Spyware Doctor and install the program (for the installation guide click here). Before installation, make sure all other programs and windows are closed.
After the installation, computer scan should be started automatically. If so, please move to the next step. If not, click "Status" on the left side menu and press "Scan Now" button to run computer scanner as shown in the picture below:
After the scan has been completed and scan results have been generated, press "Fix Checked" button to remove Ekxdvft Toolbar.
Restart the computer to complete Ekxdvft Toolbar removal procedure.

3. Ekxdvft Toolbar files:

adsoowf.dll, bgrlsmn.dll, dntpkwodpx.dll, dntpkwodws.dll, dntpkwofwt.dll, dntpkwokfv.dll, dntpkwokpr.dll, dntpkwolmv.dll, dntpkwolox.dll, dntpkwolxs.dll, dntpkwonsw.dll, dntpkwoqpw.dll, dntpkwotnx.dll, dntpkwovqs.dll, dntpkwovqs.dll, dntpkwovqs.dll, dntpkwovqs.dll, dntpkwowkv.dll, dntpkwoxsp.dll, dopfwrldxw.dll, dopfwrlgfm.dll, dopfwrlgwx.dll, dopfwrlkdn.dll, dopfwrllwr.dll, dopfwrlmgf.dll, dopfwrloxf.dll, dopfwrlqox.dll, dopfwrlrdp.dll, dopfwrltfx.dll, dopfwrlvtq.dll, dpvtporfdm.dll, dpvtporfgp.dll, dpvtporfwd.dll, dpvtporgrf.dll, dpvtporkgr.dll, dpvtporldn.dll, dpvtpormqv.dll, dpvtpornmw.dll, dpvtpornrk.dll, dpvtporokr.dll, dpvtporpxn.dll, dpvtporrdw.dll, dpvtporrfd.dll, dpvtporrtf.dll, dpvtporsdq.dll, dpvtporsot.dll, dpvtportnw.dll, dpvtportwf.dll, dpvtporvqm.dll, dpvtporxno.dll, ekxdvft.dll
C:\WINDOWS\ffvrdgt.exe

4. Hijackthis entries:

O2 Entries:

O2 - BHO: SXG Advisor - {can be found under different CLSIDs} - C:\WINXP\dntpkwonsw.dll

O3 Entries:

O3 - Toolbar: ekxdvft - {2C70348E-974D-43FD-8FC7-BE3C57B6E95F} - C:\WINDOWS\ekxdvft.dll

* can also be found under these CLSIDs:

{DEEAF2E6-CBD6-4E9A-B7A7-C17C7C49F697}

{760C9BE3-C98A-4F34-BE60-9174C594FE47}

{E5CBFDFA-6B88-4C04-AC4C-C6875D808503}

{D7257984-3F99-4D51-87C6-4D5E111DEBA9}

{C87444C3-8B83-4A48-91DE-95F9A3D61070}

{9CBC96F1-F837-430D-8D6E-E19ED124D2D2}

{F25117E3-2A27-4A0C-88EE-D9307F678DD0}

{AE06A911-A5A5-4DFA-9ADA-1DF21EAB25C6}

{0DE4BA7A-FF54-4757-AE1F-30EE7FE6B11D}

{AF2AF78D-33A4-4BA6-AFEC-5F453630DFBE}

{1BF97F11-E184-42BD-8E57-EDBA3CFB4F7A}

{3BA32929-E727-47BD-8489-F3AEE254FFF9}

{23FBB938-35AC-4C50-8776-C0B5CA912216}

{1817219B-D6DC-450A-B913-41F12BC05019}

{DBAF3291-D08D-4C8B-A960-D85A42FEE02F}

{DC7A3552-A87C-4788-8DD7-648B9AD8EC41}

O21 Entries:

O21 - SSODL: bgrlsmn - {3D33F35B-D6F3-41B3-94CC-E710F39AD9D5} - C:\WINDOWS\bgrlsmn.dll

O21 - SSODL: adsoowf - {68E209CA-2695-48EA-90E6-08524B7EC635} - C:\WINDOWS\adsoowf.dll