Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

VX2.BetterInternet [CLOSED]


  • This topic is locked This topic is locked

#16
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
Okay, try this link: <_<
http://www.geekstogo...UnInstaller.exe
  • 0

Advertisements


#17
zakanealii

zakanealii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Okeedokee. I successfully downloaded the uninstaller.exe program and ran it. It supposedly removed the infection. Just to be sure, I updated all spyware killer type programs, reran them, then rebooted. And VX2.BetterInternet is back again! <_<



Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Monday, May 24, 2004 2:43:13 AM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R306 19.05.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry
Set : Scan my Hosts file


5-24-2004 2:43:13 AM - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 5-22-2004 2:06:07 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 5-22-2004 2:06:08 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-22-2004 2:06:09 PM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/24/2004 6:43:13 AM
Last modified : 8/29/2002 11:00:00 AM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-22-2004 2:06:09 PM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/24/2004 6:43:13 AM
Last modified : 8/29/2002 11:00:00 AM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-22-2004 2:06:09 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/24/2004 6:43:13 AM
Last modified : 8/29/2002 11:00:00 AM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-22-2004 2:06:09 PM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/24/2004 6:43:13 AM
Last modified : 8/29/2002 11:00:00 AM

#:7 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 5-22-2004 2:06:11 PM
BasePriority : Normal
FileSize : 980 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/24/2004 6:43:13 AM
Last modified : 8/29/2002 11:00:00 AM

#:8 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-22-2004 2:06:11 PM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/24/2004 6:43:13 AM
Last modified : 8/29/2002 11:00:00 AM

#:9 [popupkiller.exe]
FilePath : C:\Program Files\PopUp Killer\
ThreadCreationTime : 5-22-2004 2:06:12 PM
BasePriority : Normal
FileSize : 84 KB
FileVersion : 1.09.0005
ProductVersion : 1.09.0005
CompanyName : xFX JumpStart
InternalName : PopUpKiller
OriginalFilename : PopUpKiller.exe
ProductName : PopUpKiller
Created on : 9/24/1999 3:32:00 PM
Last accessed : 5/24/2004 6:43:13 AM
Last modified : 4/30/2001 8:55:06 PM

#:10 [navapw32.exe]
FilePath : C:\PROGRA~1\NORTON~2\NORTON~1\
ThreadCreationTime : 5-22-2004 2:06:12 PM
BasePriority : Normal
FileSize : 73 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
OriginalFilename : NAVAPW32.EXE
ProductName : Norton AntiVirus
Created on : 8/19/2003 5:32:31 AM
Last accessed : 5/24/2004 6:43:13 AM
Last modified : 2/27/2002 3:27:58 PM

#:11 [directcd.exe]
FilePath : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\
ThreadCreationTime : 5-22-2004 2:06:12 PM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 5.3.2.34
ProductVersion : 5.3.2.34
Copyright : Copyright © 2001,2002, Roxio, Inc.
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
OriginalFilename : Directcd.exe
ProductName : DirectCD
Created on : 1/23/2002 3:20:16 PM
Last accessed : 5/24/2004 6:43:14 AM
Last modified : 3/23/2003 9:38:32 PM

#:12 [pts.exe]
FilePath : C:\Program Files\Kodak\KODAK Picture Transfer Software\
ThreadCreationTime : 5-22-2004 2:06:14 PM
BasePriority : Normal
FileSize : 720 KB
FileVersion : 2.1.0007
ProductVersion : 2.1.0007
Copyright : Copyright © 2001, Eastman Kodak Company
CompanyName : Eastman Kodak Company
FileDescription : Picture Transfer Software Executable
InternalName : Picture Transfer Software
OriginalFilename : pts.EXE
ProductName : Picture Transfer Software
Created on : 4/2/2003 1:16:41 AM
Last accessed : 5/24/2004 6:43:14 AM
Last modified : 10/18/2001 12:21:40 PM

#:13 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ThreadCreationTime : 5-22-2004 2:06:14 PM
BasePriority : Normal
FileSize : 24 KB
FileVersion : 6.00.1911.0
ProductVersion : 6.00.1911.0
Copyright : Copyright
CompanyName : Microsoft
FileDescription : Microsoft
InternalName : WkCalRem
OriginalFilename : WKCALREM.EXE
ProductName : Microsoft
Created on : 8/7/2001 11:06:54 PM
Last accessed : 5/24/2004 6:43:14 AM
Last modified : 8/7/2001 11:06:54 PM

#:14 [webshots.scr]
FilePath : C:\WINDOWS\
ThreadCreationTime : 5-22-2004 2:06:14 PM
BasePriority : Normal
FileSize : 1912 KB
FileVersion : 2.0.0.4321
ProductVersion : 2.0.0.4321
Copyright : Copyright © 2003
CompanyName : Webshots.com
FileDescription : Webshots Photo Manager
InternalName : Webshots2
OriginalFilename : Webshots2.EXE
ProductName : The Webshots Desktop
Created on : 10/30/2003 1:05:06 AM
Last accessed : 5/24/2004 6:43:14 AM
Last modified : 10/27/2003 3:27:26 PM

#:15 [cisvc.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-22-2004 2:07:18 PM
BasePriority : Normal
FileSize : 5 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Content Index service
InternalName : cisvc.exe
OriginalFilename : cisvc.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/24/2004 6:43:14 AM
Last modified : 8/29/2002 11:00:00 AM

#:16 [dcfssvc.exe]
FilePath : C:\WINDOWS\system32\drivers\
ThreadCreationTime : 5-22-2004 2:07:18 PM
BasePriority : Normal
FileSize : 156 KB
FileVersion : 1.1.4100.0
ProductVersion : 3.2.0400.0
Copyright : Copyright © Eastman Kodak Co. 2000-1
CompanyName : Eastman Kodak Company
FileDescription : Kodak DC Ring 3 Conduit (Win32)
InternalName : DcFsSvc.exe
OriginalFilename : DcFsSvc.exe
ProductName : Kodak DC File System Driver (Win32)
Created on : 10/9/2001 7:15:42 PM
Last accessed : 5/24/2004 6:43:14 AM
Last modified : 10/9/2001 7:15:42 PM

#:17 [navapsvc.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton AntiVirus\
ThreadCreationTime : 5-22-2004 2:07:18 PM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 8/19/2003 5:32:31 AM
Last accessed : 5/24/2004 6:43:14 AM
Last modified : 2/27/2002 3:29:26 PM

#:18 [nprotect.exe]
FilePath : C:\Program Files\Norton SystemWorks\Norton Utilities\
ThreadCreationTime : 5-22-2004 2:07:18 PM
BasePriority : Normal
FileSize : 132 KB
FileVersion : 15.03.0.36
ProductVersion : 15.03.0.36
Copyright : Copyright © 2002 Symantec Corporation
CompanyName : Symantec Corporation
FileDescription : Norton Protection Status
InternalName : NPROTECT
OriginalFilename : NPROTECT.EXE
ProductName : Norton Utilities
Created on : 8/19/2003 5:33:08 AM
Last accessed : 5/24/2004 6:43:14 AM
Last modified : 2/5/2002 10:03:00 AM

#:19 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 5-22-2004 2:07:21 PM
BasePriority : Normal
FileSize : 80 KB
FileVersion : 6.14.10.5216
ProductVersion : 6.14.10.5216
Copyright : © NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 52.16
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 52.16
Created on : 10/6/2003 7:16:00 PM
Last accessed : 5/24/2004 6:43:15 AM
Last modified : 10/6/2003 7:16:00 PM

#:20 [nopdb.exe]
FilePath : C:\PROGRA~1\NORTON~2\SPEEDD~1\
ThreadCreationTime : 5-22-2004 2:07:22 PM
BasePriority : Normal
FileSize : 168 KB
FileVersion : 6.03.0.36
ProductVersion : 6.03.0.36
Copyright : Copyright © 2002
CompanyName : Symantec Corporation
FileDescription : NOPDB
InternalName : NOPDB
OriginalFilename : NOPDB.dll
ProductName : Norton Speed Disk
Created on : 8/19/2003 5:33:13 AM
Last accessed : 5/24/2004 6:43:15 AM
Last modified : 1/30/2002 10:00:00 AM

#:21 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-22-2004 2:13:52 PM
BasePriority : Idle
FileSize : 8 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
OriginalFilename : cidaemon.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/24/2004 6:43:15 AM
Last modified : 8/29/2002 11:00:00 AM

#:22 [cidaemon.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 5-22-2004 2:13:53 PM
BasePriority : Idle
FileSize : 8 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Indexing Service filter daemon
InternalName : cidaemon.exe
OriginalFilename : cidaemon.exe
ProductName : Microsoft
Created on : 8/29/2002 11:00:00 AM
Last accessed : 5/24/2004 6:43:15 AM
Last modified : 8/29/2002 11:00:00 AM

#:23 [wordmojodeluxe.exe]
FilePath : C:\PROGRA~1\FRESHG~1\WORDMO~2\
ThreadCreationTime : 5-23-2004 8:29:33 AM
BasePriority : Normal
FileSize : 2508 KB
Created on : 5/15/2004 11:35:57 AM
Last accessed : 5/24/2004 6:43:15 AM
Last modified : 1/15/2003 1:02:24 PM

#:24 [wordmojodeluxe.exe]
FilePath : C:\PROGRA~1\FRESHG~1\WORDMO~2\
ThreadCreationTime : 5-23-2004 8:29:33 AM
BasePriority : Normal
FileSize : 2508 KB
Created on : 5/15/2004 11:35:57 AM
Last accessed : 5/24/2004 6:43:15 AM
Last modified : 1/15/2003 1:02:24 PM

#:25 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
ThreadCreationTime : 5-24-2004 6:43:06 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 4/13/2004 12:14:27 AM
Last accessed : 5/24/2004 6:43:06 AM
Last modified : 7/13/2003 2:00:20 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

VX2.BetterInternet Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{DDFFA75A-E81D-4454-89FC-B9FD0631E726}


Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 1
Objects found so far: 1


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Scanning Hosts file(C:\WINDOWS\System32\drivers\etc\hosts)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Hosts file scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
11 entries scanned.
New objects :0
Objects found so far: 1




Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 1


2:46:20 AM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:03:06:375
Objects scanned :56453
Objects identified :1
Objects ignored :0
New objects :1
  • 0

#18
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts
This is obviously a tough one to get rid of. An expert has recently released a new removal tool. Please download it from here:
http://www.geekstogo...=download&id=19

Run the file following these directions:
1.)Delete all files found(VX2Finder will "End Task" on up to 2 instances of Rundll32.exe automatically)
You will get a message about "cannot delete this one" matching the same name in the Guardian Key.

2.)Click "Open regedit" will take you right to the Guardian Key(no need to search for it)
Hilite "Guardian", RightClick and choose
Security/permissions, you'll get another
window with 'advanced'..
DE-select (uncheck) the lower box with
"inheritable permissions"
hit 'ok' and 'remove' on the following security prompts.

3.)On restart use VX2Finder again, select + delete the last file, click "User Agent$" will remove that entry from the registry.

4.)Click "Open regedit" again, this time restoring the checkmark in "inheritable permissions"

5.)Click "Guardian.reg" Deletes the Guardian Key.

6.Use Find again should produce a clean log of blank values.

7.)Click "Restore Policy" to restore the Debug policy altered in the look2Me installation.(requires reboot to apply, but not immediatley neccessary)
Restart computer.

Let us know how it goes. <_<
  • 0

#19
zakanealii

zakanealii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts

VirtuaNews Message
You do not have permission to do this action. If you think you should do, please contact the webmaster.


<_<
  • 0

#20
zakanealii

zakanealii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
Ok. I tried it again, and it worked this time. Weird. I'll follow your directions and get back to you. Thanks! <_<
  • 0

#21
admin

admin

    Founder Geek

  • Administrator
  • 24,504 posts

VirtuaNews Message
You do not have permission to do this action. If you think you should do, please contact the webmaster.

Thanks, I've fixed the link so it won't give others the error.
  • 0

#22
zakanealii

zakanealii

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
:D Everything seems to be clean! I have waited a week to be sure, but there has been no recurrence of VX2! <_< WooHoo!

Thanks guys!

Zach
  • 0

#23
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP