• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
flarobb

VX2.Better Internet search problem

6 posts in this topic

I have been having a problem getting rid of the VX2.Better Internet search problem. All attempts are not working. Below is a a listing of my latest HJT log and what I could get out of the VX2Finder/ The button make log didn't seem to work or I am unsure where the log went what is listed is what sowed on the window. Any and all help would be appreciated.

 

Logfile of HijackThis v1.98.0

Scan saved at 5:31:19 PM, on 7/13/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\mcc.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\DSentry.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HistoryKill\histkill.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\HistoryKill\hkPopupKiller.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\HJT\VX2Finder(126).exe

C:\HJT\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v5.cab

 

 

Files Found---

 

Additional Files---

 

Keys Under Notify---crypt32chain

Keys Under Notify---cryptnet

Keys Under Notify---cscdll

Keys Under Notify---igfxcui

Keys Under Notify---ScCertProp

Keys Under Notify---Schedule

Keys Under Notify---sclgntfy

Keys Under Notify---SensLogn

Keys Under Notify---termsrv

Keys Under Notify---wlballoon

 

 

Guardian Key--- is called:

 

User Agent String---

Share this post


Link to post
Share on other sites

Download AdAware from http://www.lavasoft.de/

 

Before you scan with AdAware, check for updates of the reference file by using the "webupdate".

 

Make sure the following settings are made and on (ON=GREEN)

 

From main window click "Start" then " Activate in-depth scan"

 

Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"

 

go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning", "Cleaning engine" and "Let windows remove files in use at next reboot"

 

To save your settings click "proceed".

 

Now click the "Scan" button.

 

When scan is finished, mark everything for removal and get rid of it. (Right-click the window and choose"select all" from the drop down menu) then press next and then say yes to the prompt, do you want to remove all these entries.

 

reboot again, and let Adaware run if it asks.

 

How to use Lavasoft's VX2 Cleaner plug-in

 

- Close Ad-Aware 6 build 181 and Ad-Watch (if running)

- Download the free VX2 Cleaner at http://updates.ls-servers.com/plvx2cleaner.exe

- Install the VX2 Cleaner

- Start Ad-Aware 6 build 181

- Go to "Plug-ins"

- Select the VX2 Cleaner plug-in and click "Run Plugin"

- If your computer isn't infected, click "Close".

 

 

If your computer is infected

 

- Select "Clean system"

- Reboot your computer

- Scan your computer with Ad-Aware

- Remove any VX2 objects detected

- Reboot your computer again

- Run a second scan to make sure the files have been removed from your computer

 

More information on VX2 can be found in the TAC database at http://www.lavasoftnews.com/ms/display_main.php?tac=VX2

Share this post


Link to post
Share on other sites

I completed the steps above with no success the same 3 pop-ups are appearing every time. When I run KillBox it seems to find the VX2.Betterinternet search on the computer. I check the temp files and the same one get created along with an executable file GLB1A2B.EXE and links.tmp. I can remove these files but they are still returning. The 3 pop-ups only happen once each once I start IE for the first time after signing on and stay in IE for a few minutes. After I close each of the 3 pop-up windows, no more pop-ups and those don't continue to pop-up until I restart the computer. The following is my most current HJT log in case this help. I am wondering if the problem isn't in IE startup or Windows startup.

 

Logfile of HijackThis v1.98.0

Scan saved at 1:00:05 AM, on 7/15/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

C:\Program Files\Common Files\Dell\EUSW\Support.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\mcc.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\System32\hkcmd.exe

C:\WINDOWS\System32\DSentry.exe

C:\WINDOWS\BCMSMMSG.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\HistoryKill\histkill.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\HistoryKill\hkPopupKiller.exe

C:\WINDOWS\system32\cisvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe

C:\WINDOWS\System32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\cidaemon.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\HJT\HijackThis.exe

 

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe

O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [bCMSMMSG] BCMSMMSG.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\histkill.exe /startup

O4 - Global Startup: Digital Line Detect.lnk = ?

O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe

O4 - Global Startup: hpoddt01.exe.lnk = ?

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/apop/default/popcaploader_v5.cab

Share this post


Link to post
Share on other sites

OK. It appears that the VX2 plugin did not work in this case.

Please download VX2 finder and run it.

 

Click on the "find VX2 betterinternet" button. When the scan is complete, click on make log. Copy & paste the log into a reply here.

Share this post


Link to post
Share on other sites

Log for VX2.BetterInternet File Finder (msg126)

 

Files Found---

 

Additional Files---

 

Keys Under Notify---crypt32chain

Keys Under Notify---cryptnet

Keys Under Notify---cscdll

Keys Under Notify---igfxcui

Keys Under Notify---ScCertProp

Keys Under Notify---Schedule

Keys Under Notify---sclgntfy

Keys Under Notify---SensLogn

Keys Under Notify---termsrv

Keys Under Notify---wlballoon

 

 

Guardian Key--- is called:

 

User Agent String---

Share this post


Link to post
Share on other sites

That does not look like a VX2 infection to me, at least.

 

Have Hijack This fix all of the following by placing a check in the appropriate boxes and hitting fix checked. Make sure all browser and all Windows Explorer windows are closed before fixing.

O4 - HKLM\..\Run: [Multimedia Codecs] C:\WINDOWS\System32\mcc.exe

Reboot and delete the file C:\WINDOWS\System32\mcc.exe

 

Please post a followup Hijack this log, and say if your problems persist.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0