TechSpot

Malware problems

By michael.oleary
Jan 30, 2005
Topic Status:
Not open for further replies.
  1. Hey lads, I was hoping you could help me with this. I'm having huge problems with spy/ad-ware. I've run Adware se from lavasoft and spybot search and destroy several times. I have cleaned it of viruses and updated definitions. And also applied security patches sp4 to a win 2k box. Still popup occur and I believe it is down to the VX2 exploit here is my hijack log. I would greatly appreciate any help possible. I have run the add on for vx2 in adaware also to no avail.

    Regards
    Michael
     
  2. Rick

    Rick TechSpot Staff Posts: 6,304   +52 Staff Member

    I am pretty sure VX2 can be removed by using www.spysweeper.com which is an excellent spyware scanner, albiet not totally free.

    http://www.webroot.com/products/spysweeper/?WRSID=100ea87a31ad0fb263b58835c917bd76

    Your first update is free though, so here's what I'd do. Get online, download it, make sure you are still online when you install it and get the free, one-time update when it prompts you.

    Restart the computer into safe mode (tap the F8 key the instance before the Windows logo appears while booting up) and run Spysweeper. It will take a long time to scan.. Maybe over a half hour if you have lots of files. But it should remove your VX2 problem.

    Running ad-ware with the VX2 plugin may also work under safe mode, where it has failed in normal mode. But you'll have to try it and see. :)
     
  3. michael.oleary

    michael.oleary TS Rookie Topic Starter

    Spysweeper worked a charm. Cheers for that Rick. I might consider buying it although it hasn't gotten rid of everything. I still get pop, anyone have any idea?

    This is why I tell people to use firefox.
     
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 8,165

    Based on your HJT-log from the previous post:
    Update your HJT program, install it in a permanent directory, e.g. \program files\hjt

    Boot in Safe mode and let HJT 'fix':
    C:\WINNT\system32\internat.exe
    C:\Documents and Settings\User01\Application Data\trdb.exe
    C:\WINNT\System32\r?ndll.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O15 - Trusted Zone: *.windupdates.com
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5FE05DC1-F146-4296-9F47-690DF2CE7436}: NameServer = 212.87.64.10
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E6CE4278-2E71-4EC6-91ED-19DCCCA57853}: NameServer = 192.168.0.5
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5FE05DC1-F146-4296-9F47-690DF2CE7436}: NameServer = 212.87.64.10
    O17 - HKLM\System\CS2\Services\Tcpip\..\{5FE05DC1-F146-4296-9F47-690DF2CE7436}: NameServer = 212.87.64.10

    When done, delete the bold files.

    If r?ndll.exe plays up, d/l and run Delete FXP Files from www.jrtwine.com/Products/DelFXPFiles/

    Post a new hjt-log if you still have probs
     
  5. Kamic

    Kamic TS Rookie

    Try downloading Microsoft anti spy software, you can find it on their website. I used it at home and work and it's amazing what it finds that Spybot and Ad-Aware don't find. Good luck
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.