Jump to content


Photo

VX2/f problem


  • Please log in to reply
5 replies to this topic

#1 F0&0036;Kspyware

F0&0036;Kspyware

    Member

  • New Member
  • Pip
  • 4 posts

Posted 12 July 2004 - 11:05 PM

Hi there Im new so I would like to say hello to everyone.

My problem is I keep getting VX2/f no matter how many times I get rid of it with spybot it just keeps coming back. I have run Hijackthis and below is the result.

Logfile of HijackThis v1.98.0
Scan saved at 1:54:04 PM, on 13/07/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Motorola\A920 Desktop Suite\ConnMngmntBox.exe
C:\Program Files\Motorola\A920 Desktop Suite\ECTaskScheduler.exe
C:\WINDOWS\Nhksrv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\AceGain\LiveUpdate\aceagent.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\Motorola\A920DE~1\Elogerr.exe
C:\PROGRA~1\INTUWA~1\Shared\MROUTE~1\mRouterRuntime.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\Motorola\A920DE~1\BROADC~1.EXE
C:\PROGRA~1\Motorola\A920DE~1\SCRFS.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Marcs Dell
R3 - URLSearchHook: (no name) - {707E6F76-9FFB-4920-A976-EA101271BC25} - C:\Program Files\TV Media\TvmBho.dll
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AceGain LiveUpdate] C:\Program Files\AceGain\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [szocsptsbpeq] C:\WINDOWS\System32\yozcghak.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: A920 Connection Manager.lnk = ?
O4 - Global Startup: A920 Task Scheduler.lnk = ?
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSN2Lite\Psn2Lite.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.co...ltInstaller.ocx

Also I have decided to post the result of spybot scan for you guys to inspect.
VX2/f: Executable (File, nothing done)
C:\WINDOWS\preInsMt.exe

VX2/f: <$FILE_DLL> (File, nothing done)
C:\WINDOWS\mxTarget.dll

VX2/f: Settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Vendor

VX2/f: Settings (Registry key, nothing done)
HKEY_USERS\S-1-5-21-1454471165-790525478-839522115-1004\Software\MxTarget

CleverIEHooker.Jeired: Search hook (Registry value, nothing done)
HKEY_USERS\S-1-5-21-1454471165-790525478-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\{707E6F76-9FFB-4920-A976-EA101271BC25}

CleverIEHooker.Jeired: Class ID (Registry key, nothing done)
HKEY_CLASSES_ROOT\CLSID\{707E6F76-9FFB-4920-A976-EA101271BC25}

CleverIEHooker.Jeired: Search hook (Registry value, nothing done)
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\UrlSearchHooks\{707E6F76-9FFB-4920-A976-EA101271BC25}

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1454471165-790525478-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

Teen Sex: Autorun settings (szocsptsbpeq) (Registry value, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\szocsptsbpeq


--- Spybot - Search && Destroy version: 1.3 ---
2004-07-09 Includes\Cookies.sbi
2004-07-09 Includes\Dialer.sbi
2004-07-09 Includes\Hijackers.sbi
2004-07-09 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-07-09 Includes\Malware.sbi
2004-07-09 Includes\Revision.sbi
2004-07-02 Includes\Security.sbi
2004-07-09 Includes\Spybots.sbi
2004-07-09 Includes\Tracks.uti
2004-07-09 Includes\Trojans.sbi


And if any one can pick up any other problems the would be a huge help.

Thanks in advance

Cheers

#2 F0&0036;Kspyware

F0&0036;Kspyware

    Member

  • New Member
  • Pip
  • 4 posts

Posted 12 July 2004 - 11:07 PM

I get this reslut when i run VX2 finder

Files Found---


Guardian Key--- is called:

User Agent String---

#3 F0&0036;Kspyware

F0&0036;Kspyware

    Member

  • New Member
  • Pip
  • 4 posts

Posted 13 July 2004 - 05:37 PM

So no one is going to reply koolies I'll do it myself

#4 Chuck_W

Chuck_W

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 13 July 2004 - 06:00 PM

I have the same problem.
VX2/f only shows up in Spybot SD and NOT in Ad-aware.

Some folks on tweakxp.com are trying to help.
If i find out anything I'll let u know.

FYI http://forum.tweakxp...7253&PN=1&TPN=1

#5 F0&0036;Kspyware

F0&0036;Kspyware

    Member

  • New Member
  • Pip
  • 4 posts

Posted 13 July 2004 - 06:22 PM

thanks for your response. If I come across anything I post it here

#6 Chuck_W

Chuck_W

    Member

  • Full Member
  • Pip
  • 6 posts

Posted 14 July 2004 - 02:23 PM

VX2/f DEFEATED !!!!

It took awhile but i finally got rid of VX2/f.
It was found and removed with SPYBOT SD but reappeared after rebooting. Ad-aware's VX2 cleaner plug-in continued to find nothing.

Here's how to get rid of VX2/f:
Start up computer in SAFE MODE,
run Spybot SD and remove VX2/f [I got rid of the back-ups too]
run Ad-aware in advance mode - delete and purge files

run Spybot and Ad-aware 2 more times { don't ask why, but spybot sd picked up another malware on the second time that it didn't find on the first go-around

Even in safe mode, the Ad-aware plug-in never picked up on the VX2 file, but the advanced ad-aware scan DID pick up a VX2 file named "slewjo.exe" in the windows system 32 folder which should be deleted and purged.

For your peace of mind, reboot in normal mode and...
VOILA... no more VX2/f !!!!!!!!!!!!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button