Anybody had any luck eliminating the latest VX2 variant? I got it and can't
seem to get rid of it. Keeps coming back. I've disabled it by denying all
access, but I'd like to eliminate it entirely.
Thanks.
W Weldin
Anybody had any luck eliminating the latest VX2 variant? I got it and can't
seem to get rid of it. Keeps coming back. I've disabled it by denying all
access, but I'd like to eliminate it entirely.
Thanks.
W Weldin
WWII wrote:
> Anybody had any luck eliminating the latest VX2 variant? I got it
> and can't seem to get rid of it. Keeps coming back. I've disabled
> it by denying all access, but I'd like to eliminate it entirely.
>
> Thanks.
>
> W Weldin
Download Ad-aware SE from here: http://www.lavasoftusa.com/software/adaware
* Install by double-clicking on the downloaded file.
* After installing but before running, update Ad-aware by using its
Globe icon.
* After updating close Ad-aware.
Download VX2 Cleaner add-in
http://www.lavasoftusa.com/software/...2cleaner.shtml
Install the add-in.
Ad-aware is ready to scan and clean your system following these steps:
Boot into Safe Mode by tapping F8 key at bootup.
More detailed instructions here:
http://service1.symantec.com/SUPPORT...01052409420406
* Under Ad-aware SE > Settings (Gear at the top) > Tweaks > Scanning
Engine:
"Unload recognized processes during scanning."
* Under Ad-aware SE > Settings (Gear at the top) > Tweaks > Cleaning
Engine:
"Let Windows remove files in use after reboot."
* Press "Scan Now"
* Check option "Use Custom scanning options"
* Check option "Activate In-Depth Scan"
* Press "Select drives\folders to scan"
* Select the active partition which is usually C:
* Press "Next" to let Ad-aware scan your drives...
* If it finds "bad" files and registry keys, press "Next" again
* Right-click in that pane and choose "select all"
* Press "next"
* When it asks to remove all checked items, Press "OK"
Run the VX2 Cleaner add-in.
Close Ad-aware and reboot your system to let Ad-aware remove what it finds.
Download the latest v1.99.1 version of HijackThis to use and post your new
log here after you have followed all directions:
http://tools.radiosplace.com/hijackthis.zip
or
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
*Important:* Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on
C: then right click and select New then Folder and name it HJT.
Move HijackThis.exe into this folder as you do not want the HijackThis
backup logs in the Temp folder that should be cleaned out periodically nor
all over your Desktop.
When you run HijackThis from C:\HJT folder by double clicking on it and have
it "Fixed checked" it will create a backup file of modifications to use if
restore is necessary.
Post the HijackThis log in a support forum:
http://forums.maddoktor2.com/index.php?showforum=17
--
YoKenny
Keep your Security software up to date at CoU
http://www.dozleng.com/updates/index.php?&act=calendar
On Thu, 31 Mar 2005 18:09:36 -0500, "WWII" <wweldin@comcast.net>
wrote:
>Anybody had any luck eliminating the latest VX2 variant? I got it and can't
>seem to get rid of it. Keeps coming back. I've disabled it by denying all
>access, but I'd like to eliminate it entirely.
>
>Thanks.
>
>W Weldin
>
I'm sure detection will be added to popular antispyware programs soon.
I think new VX2 is a file infector also. Is this true? Try the link
below and run the Sysclean_FE tool.
--
Regards,
Ian Kenefick
www.ik-cs.com/got-a-virus.htm
On Thu, 31 Mar 2005 18:15:33 -0500, "CalamityKen" <YKnot@home.invalid>
wrote:
>WWII wrote:
>> Anybody had any luck eliminating the latest VX2 variant? I got it
>> and can't seem to get rid of it. Keeps coming back. I've disabled
>> it by denying all access, but I'd like to eliminate it entirely.
>>
>> Thanks.
>>
>> W Weldin
>
>Download Ad-aware SE from here: http://www.lavasoftusa.com/software/adaware
> * Install by double-clicking on the downloaded file.
> * After installing but before running, update Ad-aware by using its
>Globe icon.
> * After updating close Ad-aware.
>
>Download VX2 Cleaner add-in
>http://www.lavasoftusa.com/software/...2cleaner.shtml
>
>Install the add-in.
>
>Ad-aware is ready to scan and clean your system following these steps:
>
>Boot into Safe Mode by tapping F8 key at bootup.
>More detailed instructions here:
>http://service1.symantec.com/SUPPORT...01052409420406
>
> * Under Ad-aware SE > Settings (Gear at the top) > Tweaks > Scanning
>Engine:
> "Unload recognized processes during scanning."
> * Under Ad-aware SE > Settings (Gear at the top) > Tweaks > Cleaning
>Engine:
> "Let Windows remove files in use after reboot."
> * Press "Scan Now"
> * Check option "Use Custom scanning options"
> * Check option "Activate In-Depth Scan"
> * Press "Select drives\folders to scan"
> * Select the active partition which is usually C:
> * Press "Next" to let Ad-aware scan your drives...
> * If it finds "bad" files and registry keys, press "Next" again
> * Right-click in that pane and choose "select all"
> * Press "next"
> * When it asks to remove all checked items, Press "OK"
>
>Run the VX2 Cleaner add-in.
>
>Close Ad-aware and reboot your system to let Ad-aware remove what it finds.
>
>Download the latest v1.99.1 version of HijackThis to use and post your new
>log here after you have followed all directions:
>http://tools.radiosplace.com/hijackthis.zip
>or
>http://www.spywareinfo.com/~merijn/files/hijackthis.zip
>
>*Important:* Create a folder on the C: drive called C:\HJT.
>You can do this by going to My Computer (Windows key+e) then double click on
>C: then right click and select New then Folder and name it HJT.
>
>Move HijackThis.exe into this folder as you do not want the HijackThis
>backup logs in the Temp folder that should be cleaned out periodically nor
>all over your Desktop.
>
>When you run HijackThis from C:\HJT folder by double clicking on it and have
>it "Fixed checked" it will create a backup file of modifications to use if
>restore is necessary.
>
>Post the HijackThis log in a support forum:
>http://forums.maddoktor2.com/index.php?showforum=17
Ken, great post on removing VX2. Can I add this to my website?
--
Regards,
Ian Kenefick
www.ik-cs.com/got-a-virus.htm
Done all this. Still keeps coming back.
"WWII" <wweldin@comcast.net> wrote in message
news:st6dnbJiYNOtHtHfRVn-1w@comcast.com...
> Anybody had any luck eliminating the latest VX2 variant? I got it and
> can't seem to get rid of it. Keeps coming back. I've disabled it by
> denying all access, but I'd like to eliminate it entirely.
>
> Thanks.
>
> W Weldin
>
Ian JP Kenefick wrote:
CalamityKen wrote:
>> WWII wrote:
>>> Anybody had any luck eliminating the latest VX2 variant? I got it
>>> and can't seem to get rid of it. Keeps coming back. I've disabled
>>> it by denying all access, but I'd like to eliminate it entirely.
>>>
>>> Thanks.
>>>
>>> W Weldin
>>
>> Download Ad-aware SE from here:
>> http://www.lavasoftusa.com/software/adaware
>> * Install by double-clicking on the downloaded file.
>> * After installing but before running, update Ad-aware by using
>> its Globe icon.
>> * After updating close Ad-aware.
>>
>> Download VX2 Cleaner add-in
>> http://www.lavasoftusa.com/software/...2cleaner.shtml
>>
>> Install the add-in.
>>
>> Ad-aware is ready to scan and clean your system following these
>> steps:
>>
>> Boot into Safe Mode by tapping F8 key at bootup.
>> More detailed instructions here:
>> http://service1.symantec.com/SUPPORT...01052409420406
>>
>> * Under Ad-aware SE > Settings (Gear at the top) > Tweaks >
>> Scanning Engine:
>> "Unload recognized processes during scanning."
>> * Under Ad-aware SE > Settings (Gear at the top) > Tweaks >
>> Cleaning Engine:
>> "Let Windows remove files in use after reboot."
>> * Press "Scan Now"
>> * Check option "Use Custom scanning options"
>> * Check option "Activate In-Depth Scan"
>> * Press "Select drives\folders to scan"
>> * Select the active partition which is usually C:
>> * Press "Next" to let Ad-aware scan your drives...
>> * If it finds "bad" files and registry keys, press "Next" again
>> * Right-click in that pane and choose "select all"
>> * Press "next"
>> * When it asks to remove all checked items, Press "OK"
>>
>> Run the VX2 Cleaner add-in.
>>
>> Close Ad-aware and reboot your system to let Ad-aware remove what it
>> finds.
>>
>> Download the latest v1.99.1 version of HijackThis to use and post
>> your new log here after you have followed all directions:
>> http://tools.radiosplace.com/hijackthis.zip
>> or
>> http://www.spywareinfo.com/~merijn/files/hijackthis.zip
>>
>> *Important:* Create a folder on the C: drive called C:\HJT.
>> You can do this by going to My Computer (Windows key+e) then double
>> click on C: then right click and select New then Folder and name it
>> HJT.
>>
>> Move HijackThis.exe into this folder as you do not want the
>> HijackThis backup logs in the Temp folder that should be cleaned out
>> periodically nor all over your Desktop.
>>
>> When you run HijackThis from C:\HJT folder by double clicking on it
>> and have it "Fixed checked" it will create a backup file of
>> modifications to use if restore is necessary.
>>
>> Post the HijackThis log in a support forum:
>> http://forums.maddoktor2.com/index.php?showforum=17
>
> Ken, great post on removing VX2. Can I add this to my website?
Be my guest.
The more publicity the better to get rid of these insidious in-your-face
pay-per-click infectors.
--
YoKenny
Keep your Security software up to date at CoU
http://www.dozleng.com/updates/index.php?&act=calendar
WWII wrote:
> Done all this. Still keeps coming back.
>
>
> "WWII" <wweldin@comcast.net> wrote in message
> news:st6dnbJiYNOtHtHfRVn-1w@comcast.com...
>> Anybody had any luck eliminating the latest VX2 variant? I got it
>> and can't seem to get rid of it. Keeps coming back. I've disabled
>> it by denying all access, but I'd like to eliminate it entirely.
>>
>> Thanks.
>>
>> W Weldin
Download the latest v1.99.1 version of HijackThis to use and post your new
log here after you have followed all directions:
http://tools.radiosplace.com/hijackthis.zip
or
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
*Important:* Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on
C: then right click and select New then Folder ]and name it HJT.
Move HijackThis.exe into this folder as you do not want the HijackThis
backup logs in the Temp folder that should be cleaned out periodically nor
all over your Desktop.
When you run HijackThis from C:\HJT folder by double clicking on it and have
it "Fixed checked" it will create a backup file of modifications to use if
restore is necessary.
Post a HijackThis log in a support forum:
http://forums.maddoktor2.com/index.php?showforum=17
--
YoKenny
Keep your Security software up to date at CoU
http://www.dozleng.com/updates/index.php?&act=calendar
On Thu, 31 Mar 2005 18:40:30 -0500, "WWII" <wweldin@comcast.net>
wrote:
>Done all this. Still keeps coming back.
>
>
>"WWII" <wweldin@comcast.net> wrote in message
>news:st6dnbJiYNOtHtHfRVn-1w@comcast.com...
>> Anybody had any luck eliminating the latest VX2 variant? I got it and
>> can't seem to get rid of it. Keeps coming back. I've disabled it by
>> denying all access, but I'd like to eliminate it entirely.
>>
>> Thanks.
>>
>> W Weldin
>>
>
Can you send the file to your vendor and have them write a detection
for it? I have a list of vendor addresses specifically for suspicious
files located http://www.ik-cs.com/suspicious-files.htm
--
Regards,
Ian Kenefick
www.ik-cs.com/got-a-virus.htm
"WWII" <wweldin@comcast.net> wrote in message
news:st6dnbJiYNOtHtHfRVn-1w@comcast.com...
> Anybody had any luck eliminating the latest VX2 variant? I got it and
> can't seem to get rid of it. Keeps coming back. I've disabled it by
> denying all access, but I'd like to eliminate it entirely.
>
> Thanks.
>
> W Weldin
>
I just got rid of a 'nasty' version of VX2 a few weeks ago. When you do the
Ad-aware scan note the registry key that the VX2 entries reside in. Go to
that key(s) and look for a file name (you may have to go into subfolders
under the key). That file is the culprit. Under normal circumstances this
file cannot be deleted (even in safe mode) so you have to either put the
hard disk in a test bed system or boot off your Windows CD and start the
recovery console to delete the file. Once that file is deleted reboot the
system and run Ad-aware again. It will find the same VX2 entries but this
time, when deleted, they stay gone!!
Hope this helps...
--
"I don't cheat to survive. I cheat to LIVE!!"
- Alceryes
On Thu, 31 Mar 2005 18:42:45 -0500, "CalamityKen" <YKnot@home.invalid>
wrote:
>> Ken, great post on removing VX2. Can I add this to my website?
>
>Be my guest.
>
>The more publicity the better to get rid of these insidious in-your-face
>pay-per-click infectors.
Added to the link below.
--
Regards,
Ian Kenefick
www.ik-cs.com/got-a-virus.htm
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote