Win32: onlinegames.bbh and other viruses

My English isn’t very good, but I’ll try to explain as detailed as possible what have been happening…

Every time I try to access the internet, I get a virus detection message from Avast 4.8, stating that my PC is infected with several different kinds of worms and viruses. It happens only when my internet connection, whether dsl-cable or wireless, is active.

This is the log I’ve retrieved from Avast Log file, stating which viruses were detected in the last couple of days:

1/6/2008 13:01:20 SYSTEM 1380 Sign of “Win32:OnLineGames-DQP [trj]” has been found in “C:\WINDOWS\system32\zdesfx.dll” file.
1/6/2008 13:01:13 SYSTEM 1380 Sign of “Win32:OnLineGames-DQP [trj]” has been found in “C:\WINDOWS\system32\jhrcar.dll” file.
1/6/2008 13:01:11 SYSTEM 1380 Sign of “Win32:Wow-FXJ [trj]” has been found in “C:\DOCUME~1\usuario\CONFIG~1\Temp\21.gif[FSG]” file.
1/6/2008 13:01:10 SYSTEM 1380 Sign of “Win32:Wow-FXJ [trj]” has been found in “C:\Documents and Settings\usuario\Configurações locais\Temporary Internet Files\Content.IE5\O4QU002G\21[1].gif[FSG]” file.
1/6/2008 13:01:00 SYSTEM 1380 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\DOCUME~1\usuario\CONFIG~1\Temp\down.gif” file.
1/6/2008 13:00:58 SYSTEM 1380 Sign of “Win32:Trojan-gen {Other}” has been found in “C:\Documents and Settings\usuario\Configurações locais\Temporary Internet Files\Content.IE5\GXY79WI4\down[1].gif” file.
1/6/2008 13:00:50 SYSTEM 1380 Sign of “Win32:Agent-IYU [trj]” has been found in “C:\DOCUME~1\usuario\CONFIG~1\Temp\9.gif[FSG]” file.
1/6/2008 13:00:49 SYSTEM 1380 Sign of “Win32:Agent-IYU [trj]” has been found in “C:\Documents and Settings\usuario\Configurações locais\Temporary Internet Files\Content.IE5\0ETFJ9XQ\9[1].gif[FSG]” file.
1/6/2008 13:00:40 SYSTEM 1380 Sign of “Win32:OnLineGames-DJV [trj]” has been found in “C:\DOCUME~1\usuario\CONFIG~1\Temp\7.gif[FSG]” file.
1/6/2008 13:00:39 SYSTEM 1380 Sign of “Win32:OnLineGames-DJV [trj]” has been found in “C:\Documents and Settings\usuario\Configurações locais\Temporary Internet Files\Content.IE5\FYHZYX2D\7[1].gif[FSG]” file.
1/6/2008 13:00:35 SYSTEM 1380 Sign of “Win32:OnLineGames-DQP [trj]” has been found in “C:\WINDOWS\system32\hhrdxd.dll” file.
1/6/2008 13:00:28 SYSTEM 1380 Sign of “Win32:OnLineGames-DJV [trj]” has been found in “C:\DOCUME~1\usuario\CONFIG~1\Temp\5.gif[UPX]” file.

Avast detects these viruses, but is unable to find which file is creating all these malwares.
Threat Expert Memory Scanner doesn’t find anything suspicious or malicious running in memory.
Bankerfix, which is developed by linhadefensiva.org, also does not detect any threat.

Does anyone knows what’s happening?


I suggest trying a boot-time scan with avast. On the avast user interface, right click and select Boot-time Scan. Follow the directions. Let us know the results. If you need more help, please ask.


Well, I’ve got my notebook to technical support, they found out that it had registered itself in the Windows Registry. One of the files creating the malware was Jview.dll, the others I don’t remember now.

I had to format my hd, which was the easiest way to restore my system without messing things up in the Windows Registry.

I’ve noticed that this virus have affected many other people, and there are other solutions than simply formatting the disk, but my work depends on my notebook and I couldn’t wait longer.


I am sorry you did not come back here for more help. :frowning:

Formatting your hard drive is the last procedure after all other options do not work. There were other options that could have been performed to help you with your problem.