• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
F0&0036;Kspyware

VX2/f problem

6 posts in this topic

Hi there Im new so I would like to say hello to everyone.

 

My problem is I keep getting VX2/f no matter how many times I get rid of it with spybot it just keeps coming back. I have run Hijackthis and below is the result.

 

Logfile of HijackThis v1.98.0

Scan saved at 1:54:04 PM, on 13/07/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\DELLMMKB.EXE

C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE

C:\WINDOWS\System32\devldr32.exe

C:\Program Files\Telstra\Cable Login\bpcable.exe

C:\Program Files\Telstra\Toolbar\bpumTray.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe

C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

C:\PROGRA~1\PESTPA~1\PPControl.exe

C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

C:\WINDOWS\System32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Motorola\A920 Desktop Suite\ConnMngmntBox.exe

C:\Program Files\Motorola\A920 Desktop Suite\ECTaskScheduler.exe

C:\WINDOWS\Nhksrv.exe

C:\PROGRA~1\Grisoft\AVG6\avgserv.exe

C:\WINDOWS\System32\CTsvcCDA.EXE

C:\Program Files\AceGain\LiveUpdate\aceagent.exe

C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\PROGRA~1\Motorola\A920DE~1\Elogerr.exe

C:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntime.exe

C:\Program Files\Netropa\OSD.exe

C:\Program Files\RealVNC\WinVNC\WinVNC.exe

C:\WINDOWS\System32\MsPMSPSv.exe

C:\PROGRA~1\Motorola\A920DE~1\BROADC~1.EXE

C:\PROGRA~1\Motorola\A920DE~1\SCRFS.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\regedit.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Downloads\Hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Marcs Dell

R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll

O2 - BHO: (no name) - SOFTWARE - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE

O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup

O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe

O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe

O4 - HKLM\..\Run: [bigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r

O4 - HKLM\..\Run: [bigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe

O4 - HKLM\..\Run: [szocsptsbpeq] C:\WINDOWS\System32\yozcghak.exe

O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe

O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe

O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe

O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe

O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Global Startup: A920 Connection Manager.lnk = ?

O4 - Global Startup: A920 Task Scheduler.lnk = ?

O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx

 

Also I have decided to post the result of spybot scan for you guys to inspect.

VX2/f: Executable (File, nothing done)

C:\WINDOWS\preInsMt.exe

 

VX2/f: <$FILE_DLL> (File, nothing done)

C:\WINDOWS\mxTarget.dll

 

VX2/f: Settings (Registry key, nothing done)

HKEY_LOCAL_MACHINE\Software\Vendor

 

VX2/f: Settings (Registry key, nothing done)

HKEY_USERS\S-1-5-21-1454471165-790525478-839522115-1004\Software\MxTarget

 

CleverIEHooker.Jeired: Search hook (Registry value, nothing done)

HKEY_USERS\S-1-5-21-1454471165-790525478-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\{707E6F76-9FFB-4920-A976-EA101271BC25}

 

CleverIEHooker.Jeired: Class ID (Registry key, nothing done)

HKEY_CLASSES_ROOT\CLSID\{707E6F76-9FFB-4920-A976-EA101271BC25}

 

CleverIEHooker.Jeired: Search hook (Registry value, nothing done)

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\UrlSearchHooks\{707E6F76-9FFB-4920-A976-EA101271BC25}

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-21-1454471165-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

Teen Sex: Autorun settings (szocsptsbpeq) (Registry value, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\szocsptsbpeq

 

 

--- Spybot - Search && Destroy version: 1.3 ---

2004-07-09 Includes\Cookies.sbi

2004-07-09 Includes\Dialer.sbi

2004-07-09 Includes\Hijackers.sbi

2004-07-09 Includes\Keyloggers.sbi

2004-05-12 Includes\LSP.sbi

2004-07-09 Includes\Malware.sbi

2004-07-09 Includes\Revision.sbi

2004-07-02 Includes\Security.sbi

2004-07-09 Includes\Spybots.sbi

2004-07-09 Includes\Tracks.uti

2004-07-09 Includes\Trojans.sbi

 

 

And if any one can pick up any other problems the would be a huge help.

 

Thanks in advance

 

Cheers

Share this post


Link to post
Share on other sites

VX2/f DEFEATED !!!!

 

It took awhile but i finally got rid of VX2/f.

It was found and removed with SPYBOT SD but reappeared after rebooting. Ad-aware's VX2 cleaner plug-in continued to find nothing.

 

Here's how to get rid of VX2/f:

Start up computer in SAFE MODE,

run Spybot SD and remove VX2/f [i got rid of the back-ups too]

run Ad-aware in advance mode - delete and purge files

 

run Spybot and Ad-aware 2 more times { don't ask why, but spybot sd picked up another malware on the second time that it didn't find on the first go-around

 

Even in safe mode, the Ad-aware plug-in never picked up on the VX2 file, but the advanced ad-aware scan DID pick up a VX2 file named "slewjo.exe" in the windows system 32 folder which should be deleted and purged.

 

For your peace of mind, reboot in normal mode and...

VOILA... no more VX2/f !!!!!!!!!!!!!!

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0