luxe codec xp and Bloodhound exploi

April 9, 2009 at 11:04:12
Specs: Windows XP
My boss got a virus on his computer that I have tried everything to remove it and nothing is finding it. I've tried spybot search & destroy, lavasoft adaware, stopzilla, mcafee stinger, and Norton. it keeps popping up an error message that pertains to the audio/video codec. It tries taking him to a site for luxecodecxp. It also took over his background picture and says "Warning: Fatal Error, All media systems on your computer have been crashed." It also has a link on the background that says "Update Now" and takes him to the same website for luxecodecxp. When we run Norton, it says that there is a "Bloodhound exploit 196" virus that was detected, but it can't quarentine, delete, or fix. Can someone help me figure out how to fix this mess?

See More: luxe codec xp and Bloodhound exploi

Report •

April 10, 2009 at 09:22:26
Thanks to the details given at I was able to remove this very new nasty. Here's how:

1. Run the VBS script showalldisplaytabs-xp.vbs found at to get access to your display properties.
2. Check the desktop display properties tab and note the name of the current background file, as that is the file name you'll be looking for. Set the background to none.
3. Get process explorer from and run it. Find the process with the same name as the desktop background file was. NOTE: Don't confuse it with any similarily named legitimate process. It seems the virus copies itself as a legitmate process filename, but adds two random letters to the front.
4. Once you've found the process, find the actual file location in the rightmost column. Now find the file on your hard disk, and confirm that there are three identically named files in the folder, one .exe, one .gif and one .htm. If so, then you've got the right place. (UPDATE: As noted by dtjonesga below, the three files may be found at different locations. The key is to search for the exact filename you found as your display background.)
5. Kill the process tree for the found process by right-clicking in process explorer. Then shift-delete the three found files.
6. Run the VBS script showalldisplaytabs-xp.vbs again as the virus regularily resets the settings. Reset your screen resolution to your normal settings.
7. Reboot and hopefully you're rid of the problem. If not, let me know by posting here and perhaps I can help futher.

Report •

April 10, 2009 at 12:28:29
Really thank you so much, i was about to give up to this virus but thank god i was motivated to follow your process which worked perfectly, after searching online thankfully i found this thread with the solution ready, by the way ive only registerd to say thank you for providing help and sharing the solution while others could have asked to charge for it, thank you, should you need help in anything please dont hesitate to contact me..

ps: i started from step 2 which was enough to work fine.

Report •

April 10, 2009 at 12:43:38
really thank you so much, i was about to give up on this virus but thank god i got the motivation to try your method which worked perfectally to remove this annoying virus. after searching on this virus on various forms and trying various methods only your method worked. thank you so much for your time in provinding free help where others could have asked for a charge to remove this. really nice of you.

ps: i started from step 2 and and all went perfect

Report •

Related Solutions

April 11, 2009 at 04:42:56
You're very welcome, glad to know it worked without combofix too, I've updated my instructions.

Report •

April 11, 2009 at 05:19:02
Just thought I'd also pass along my thanks to you for this. I found my laptop infected this past Wednesday but after running everything (nothing found it) and searching internet it was so new that there was no information available. I followed your instructions and everything seems to be cleared up. The only difference was that the .gif and .htm files were found in each individual user's folder, not in the folder where the .exe was found. I simply did a search once I found the offending name and found the other files. Once all were deleted and re-booted all seems well. Thanks for the help!

Report •

April 11, 2009 at 08:04:00
Cymon - you're the KING!!

Thanks, you're instructions have helped me get rid of this horrible malware.

One thing for users to note is that I found this malware running as "fiIaanotif" in the Process Explorer -- killing that removed the red X from the system tray and deleting the executable and rebooting was succesful.

I found that I would also have regedit and delete the entries


to return to my previous state.

However, I;ve found that my task manager is still disabled.. any thoughts on how to re-enable that?


Report •

April 11, 2009 at 08:59:02
Many thanks, two wasted days with no joy then I found this. Malware was found as:

tntnHP.Wireless Assistant

You solution worked perfectly.


Report •

April 11, 2009 at 19:24:54

With the solution i cant seem to located desktop display properties tab. Where can i find this on Vista? This virus has caused me big problems

Report •

April 11, 2009 at 19:34:46
im on vista by the way

Report •

April 13, 2009 at 03:23:45
dtjonesga, thanks for the multiple location tip, I've updated my instructions.

johnashton, if your taskmanager is still disabled I think you may still have some malware present, as from what I've seen this luxecodecxp virus only disables it while actually running. Helper.dll is a known unrelated malware file, so first try the instructions at and if taskmanager again is disabled then I'd suggest you scan with combofix or similar good anti-malware. Most malware removal doesn't reenable the taskmnager, so once clean you'll need to follow those instructions again.

Hleb, sorry I don't know how to do this on Vista. If you find out how, please post here and I'll update my instructions.

Report •

April 14, 2009 at 04:50:21
Just to say many thanks. Like the rest spent days on this.
Nothing found it, with your advice all gone.
again tks

Report •

April 15, 2009 at 11:30:56
Concur with everyone elses words. Many, many thanks. One slight problem remains for me in that the sound is still disabled. Not sure if it's a separate problem or not but it was working fine before the luxe codec xp malware showed its face.

The volume setting on screen is set at its normal level and my speakers are also at their normal level, but alas no sound!

Any ideas?

Report •

Ask Question