1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

Malware problems

By michael.oleary ยท 4 replies
Jan 30, 2005
  1. Hey lads, I was hoping you could help me with this. I'm having huge problems with spy/ad-ware. I've run Adware se from lavasoft and spybot search and destroy several times. I have cleaned it of viruses and updated definitions. And also applied security patches sp4 to a win 2k box. Still popup occur and I believe it is down to the VX2 exploit here is my hijack log. I would greatly appreciate any help possible. I have run the add on for vx2 in adaware also to no avail.

  2. Rick

    Rick TechSpot Staff Posts: 4,572   +65

    I am pretty sure VX2 can be removed by using www.spysweeper.com which is an excellent spyware scanner, albiet not totally free.


    Your first update is free though, so here's what I'd do. Get online, download it, make sure you are still online when you install it and get the free, one-time update when it prompts you.

    Restart the computer into safe mode (tap the F8 key the instance before the Windows logo appears while booting up) and run Spysweeper. It will take a long time to scan.. Maybe over a half hour if you have lots of files. But it should remove your VX2 problem.

    Running ad-ware with the VX2 plugin may also work under safe mode, where it has failed in normal mode. But you'll have to try it and see. :)
  3. michael.oleary

    michael.oleary TS Rookie Topic Starter

    Spysweeper worked a charm. Cheers for that Rick. I might consider buying it although it hasn't gotten rid of everything. I still get pop, anyone have any idea?

    This is why I tell people to use firefox.
  4. RealBlackStuff

    RealBlackStuff TS Rookie Posts: 6,503

    Based on your HJT-log from the previous post:
    Update your HJT program, install it in a permanent directory, e.g. \program files\hjt

    Boot in Safe mode and let HJT 'fix':
    C:\Documents and Settings\User01\Application Data\trdb.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R3 - Default URLSearchHook is missing
    O1 - Hosts: auto.search.msn.com
    O1 - Hosts: search.netscape.com
    O1 - Hosts: ieautosearch
    O4 - HKCU\..\Run: [internat.exe] internat.exe
    O15 - Trusted Zone: *.windupdates.com
    O16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/win/djvuplugin/en_US/DjVuControl_en_US.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5FE05DC1-F146-4296-9F47-690DF2CE7436}: NameServer =
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E6CE4278-2E71-4EC6-91ED-19DCCCA57853}: NameServer =
    O17 - HKLM\System\CS1\Services\Tcpip\..\{5FE05DC1-F146-4296-9F47-690DF2CE7436}: NameServer =
    O17 - HKLM\System\CS2\Services\Tcpip\..\{5FE05DC1-F146-4296-9F47-690DF2CE7436}: NameServer =

    When done, delete the bold files.

    If r?ndll.exe plays up, d/l and run Delete FXP Files from www.jrtwine.com/Products/DelFXPFiles/

    Post a new hjt-log if you still have probs
  5. Kamic

    Kamic TS Rookie

    Try downloading Microsoft anti spy software, you can find it on their website. I used it at home and work and it's amazing what it finds that Spybot and Ad-Aware don't find. Good luck
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...