Help With Vx2 Variant.logs Included
Thanks in advance, Hblvsme Quote Report Back to top > Posted 10/23/2004 3:47 PM #3934 Touch Advanced member Date Joined Nov 2016 Total Posts: 12976 Hey :cool: Try This: Download Even if it doesn't fix it, the HJT forum might want to see the log. the HJT forums do it instead of googling and giving him 100 different things for 100 different variants. Copy and paste the bold text below into the address bar of Reglite:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ Click Go, and make sure the 'Services' tree in the left-hand pane is expanded by clicking the [+] this contact form
I use Ad-Aware & Spybot, and have downloaded the Ad-On from Ad-Aware, which doesn't touch it. Hope this helps some. LOOK2ME72342. however, I am still stuck with some pretty tricky problems.
This post has been flagged and will be reviewed by our staff. Logs--please help!! Total of file sizes: 279,507,826 bytes 266.56 M Administrator Account = True --------------------End log--------------------- And finally a pieces from an AAWSe scan, showing the VX2 .dll that shows on none of
Back to top #19 daveai daveai Forum Deity Retired Staff 1,214 posts Posted 14 December 2004 - 11:28 AM Thanks for the update.My first suggestion is to hang in there with It is an add-on for Ad-Aware. Starting with Step #5, you must disconnect from the internet totally, as staying connected while fixing will prevent the fix from working. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.
Correct about the O1's, and we'll get them in a few more days. Volume Serial Number is 7CDD-DA7A Directory of C:\WINDOWS\System32 ------ Temp Files in System32 Directory ------ Volume in drive C has no label. First Customer Service Experience Since Charter Buyout [CharterSpectrum] by rebus9599. I'll get back to you as soon as I hear something.
This devil is known to come in (and probably lead to) "bundles' of malware infections, including the ones we already cleaned on your box.Second, please make sure you still have CWShredder Just click on the top left side of the main Lavasoft page where it says "add-ons". I don't want to confuse things. I can't lock down the hosts file - same deal.
- Thinking about it though.
- I have since run all my spyware stuff in safe mode, but again, my computer is still infected.
- I'm anxious to see what you guys come up with on this, as it's damn near impossible to use my system. (grrrrr) Logfile of HijackThis v1.98.2 Scan saved at 11:04:38 AM,
- Discussion is locked Flag Permalink You are posting a reply to: VX2.Look2Me HELP!!!!!!!
- This time I had ZA suite in place and hence it was arresting some of the activity, but I got spooked and ran a scan . . .
- TekTV [TekSavvy] by bjlockie367.
HJT is a very powerful tool and only advanced users should use it.Please post your HJT logs in one of the following HJT forums:- http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html- http://forums.spywareinfo.com/index.php?showforum=18- http://forums.subratam.org/index.php?showforum=7Attention: You have to register Be sure to visit the browser test link at the end of the article to really see how secure your system is!!Finally, if you are willing to be a 'pioneer' I'm Please download About:Buster from here: http://tools.zerosre...AboutBuster.zip.2. Ask questions if needed.You may want to print them to serve as a checklist.Step 1To start, follow this link for instructions to enable 'show all files' for your system.Step 2Using KillboxNow,
Volume Serial Number is 44EF-1924 Directory of C:\WINDOWS\System32 12/08/2004 08:46 PM 908 vsconfig.xml 12/07/2004 06:36 PM 4,212 zllictbl.dat 12/05/2004 01:45 PM
ZA was "on" at boot so some redirects may have been autofixed . . . The HJT forum would have gotten to you and fixed you up eventually, they are really swamped with logs and they have a hard time keeping up because of it. You are using AVG personal at this time.2 -- To reduce re-infection potential for malware in the future, I strongly recommend installing three free programs: SpywareBlaster, SpywareGuard, and IE/Spyad.3 -- Use http://exomatik.net/help-with/help-with-my-dds-logs-please-not-sure-about-the-infection.php CONTRIBUTE TO OUR LEGAL DEFENSE All unused funds will be donated to the Electronic Frontier Foundation (EFF).
Done!HiJACKTHIS Log:Logfile of HijackThis v1.98.2Scan saved at 1:56:12 AM, on 12/5/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVPersonal\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVPersonal\AVGNT.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\Real\Update_OB\rnathchk.exeC:\WINDOWS\SOUNDMAN.EXEC:\WINDOWS\SYSTEM32\qttask.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program POST your log file to see if there is anything left to fix, and I'll respond later this afternoon with the final clean up instructions.(Pacific Time Zone)Please limit your internet usage I don't make a judgement call on a product on it's first outing with me.In fact, I'm leaving it running on the system which I purchased it for.
Using the site is easy and fun.
Nothing. It was one of the links by Name Game that had the exact instructions required for success. VX2 · actions · 2004-Dec-21 12:17 pm · John2g1 edit
I'm glad you got it straightened out though, regardless of how you did it. To do this please navigate to C:\ProgramFiles\Registrar Lite (Reglite) and double-click on Winkey.reg. I run Win XP, and use Norton Anti Virus as well as Spy Sweeper, Ad Aware, and Spybot. his comment is here Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.
Just be sure to let us know what the problem was when you finally reply.Step#2: Please download and open the following zip file. If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members. Open Registrar Lite and run it.2. One of the problems I see is an infection called 'VX2' which may not go away with the standard instructions included below.So, the fix process may well extend into one or
LOOK2ME42339. Volume Serial Number is 7CDD-DA7A Directory of C:\WINDOWS\System3201/06/2006 12:58 PM 233,935 mtrating.dll01/06/2006 12:55 PM 236,212 fpr0039me.dll01/06/2006 12:23 PM 233,935 irpol5731.dll01/06/2006 10:03 AM 236,174 prrfdisk.dll01/06/2006 10:02 AM 235,850 ir80l5lm1.dll01/05/2006 10:21 PM 235,850 Back to top #15 daveai daveai Forum Deity Retired Staff 1,214 posts Posted 13 December 2004 - 04:13 PM Thanks for the update. or read our Welcome Guide to learn how to use this site.
Type : Process Data : eepopq.dll Category : Malware Comment : (CSI MATCH) Object : C:\WINDOWS\System32\ Warning! The control.exe is more often deleted in Win9x/ME. * If you have Spybot S&D installed you will also need to replace one file. Logfile of HijackThis v1.97.7Scan saved at 11:02:25 PM, on 12/4/2004Platform: Windows XP SP1 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\System32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\AVPersonal\AVGUARD.EXEC:\Program Files\AVPersonal\AVWUPSRV.EXEC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\sdkpp.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\Program Files\AVPersonal\AVGNT.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Webroot\Spy Sweeper\SpySweeper.exeC:\WINDOWS\crmz.exeC:\Program Files\Common I say yes, but it keeps coming back.Have you tried rebooting? · actions · 2004-Dec-21 12:48 pm · LoPhatPhuudMVMjoin:2002-01-06Albuquerque, NM·Xfinity LoPhatPhuud to VX2Variant MVM 2004-Dec-21 12:58 pm to VX2VariantVX2 and Look2Me
Can ANYONE help???? I spent the better part of my day today, restoring my computer. Be sure to visit the browser test link at the end of the article to really see how secure your system is!!Thanksdaveai If you found our service worthwhile, and want to Quote Report Back to top Posted 10/26/2004 7:03 PM #4072 Hblvsme Member Date Joined Nov 2016 Total Posts: 4 Hi, I searched the puter and the registry, and it