81. by Guest. 2004-12-25 20:12:44
I just finished getting rid of this new VX2 variant. It keeps it files under the %systemroo%system32 directory. It poloymorphs and changes names when rundll32.exe gets re-initiated. About the only consistant file was guard.tmp. These dlls and between 222,000 and 227,000 bytes in lengeth. They also can get evil and hide as system or hidden files. I benched marked with Ad-Aware to see what files were currently in use. It would not remove this varient, but at least showed me the live files. I dir ed these files and copied them to a notepad which a printed off. I then rebooted to my install CD and mounted the NTFS partition. From there I had to attrib -r to get rid of the read-only attribute and remove these files individually. Once removed I rebooted and used Ad Adware to verify that the system was clean. Also removed the bad entries from the host file. Here is a list of changed file name dlls that were hidden on my system to give you an idea of how these constantly change. Good luck!!!
82. by Guest. 2004-12-25 00:12:53
I think #59 may have meant #58, not 57? Anyway #58 worked for me. VX2 had also taken away my quicklaunch bar, even though it was enabled. I used BCWipe to wipe the files instead of a delete. PestPatrol claims to remove this, but I didn't try it. Thanks.
83. by Guest. 2004-12-22 13:12:58
I am an IT professional, and this is one of the nastier bug's I've fought. I tried just about everything above, and nothing worked untill #57. I assume the earlier solutions worked with earlier versions of VX2, but the evil programmers writing this stuff are probably reading my post right now, and making appropriate changes to the next version. I don't know how they sleep at night, honestly. Anyway, just to let everyone know, I needed one slight modification to #57. I removed all permissions from the appropriate files in system32 (It wouldn't let me delete the guard file untill I did this, and I was an admin with ownership, so I was able to put permissions back as necessary). I also searched for guard.tmp in the registry and deleted every entry. Thanks to everyone in this post who helped me in my 5 hour battle against VX2.
84. by Guest. 2004-12-22 09:12:36
I was hit around Dec 16. I had the latest Norton and Ad-Aware SE running with VX2 Cleaner. Every scan revealed a VX@ dll that it couldn't remove. It would ask if I wanted it to be deleted at the next boot. But each boot would generate a new insidious DLL. I download and ran CWS Shedder, Hijack This, Spybot, SpyDoctorand a half dozen other similar programs, Nothing worked. I tried the solutions prior to #57, none worked using Safe Mode. The trick was 57's suggestion to limit adminstrative rights to me and to delete other files bearing similar date. But here's what happened. I was able to delete the dll most recently identified by Ad-Aware in safe mode. Then I began deleting every dll generated in December that had a screwy name. When I came to the last one I wanted to delete, it would let me. I thought, oh no! I scanned again still in safe mode with Ad-Aware and ran the VX2 add-on. It deleted that file which I wasn't able to delete manually. I can't tell you what it was like to run a scan and find nothing, zero. Thank you #57 and for all who contribute here. I've tackled many major problems since the early 80's, but no application, no freeware, no main stream program, no tech support site, solved this problem until I came here late yesterday. Merry Christmas!
85. by Guest. 2004-12-21 10:12:05
After 3 days I finally fixed the problem. Thanks to all the suggestions I found one that worked. Here's what I did:
I emptied my temp files, temp internet files, cookies. Be sure you can access and delete hidden files.
1- run Adaware to find the .dll file that shows up
2- find the locatin of the .dll, when you find the file right click on it and go to properties
3- go to security feature and set file so it has administrative privileges only ... deny priviliges to eveything else.
4- unplug computer ... do not turn off ... unplug it
5- turn on computer in safe mode and go back to the .dll file. You should be able to delete now. Look for files in system32 that were created the same day or around the same day as the .dll file. Delete the one's that look like they don't belong. Be sure to delete the guard file.
6- run Adaware again and everything should be fine.
Good luck ... I hope this works for you
86. by Guest. 2004-12-21 09:12:46
My computer was infected with three different viruses. I tried to get different programs to remove them , but they would not allow themselves to be deleted. I finally partioned the c drive, then reloaded the windows system on to the new d drive. I then ran the virus program on the systems and windows section of c, this time it did get rid of them. It allowed me to save the music. programs and other things I was not wanting to delete. Just for thought as a different way to do this. Playing with the registry was getting too confusing with me, plus it was not working with me battling three different ones
87. by Guest. 2004-12-20 04:12:48
im not sure if this helps, but ive built a tests system and purposefully downloaded the vx2 trojan on it.
Please note that dissaembling programs is a hobby, and you shouldn't call microsoft about it.
I say its a trojan becasue of the nature of the program itself. it uses an authorized active scripting command to copy itself from the system32 folder to the system volume information area. this area is originally built to house things like file lookup tables, the restore images, dlls in use, and other bits and pieces that shouldn't be in the pagefile.
the vx2 trojan locks itself into the sysvolinf area by using the admin process 'rundll32.exe' this is not an allowed process, merely a clone since the real rundll32 doesn't show up in the process tree to begin with (service pack 1 allows it to be seen by admins). This process locks the 2 key strings so that they cannot be deleted or changed by anyone or anything.
it then propagates to the system dll cache and monitors activities using its own code.
upon careful analysis, i have found the perfect solution. be prepared for some involvement.
install a new copy of your operating system on a new hard disk. set this to the master drive.
use your original harddrive as a slave (keeping the dlls quiet because only 1 sysvolinf area can be used at a time) thereby disabling the virus.
turn off system restore on all drives and remove all but the latest restore)
please note that the drive you are deleting from is the slave (infected) drive, not the current one.
vx2finder(126).exe is a wonderful utility that accomplishes what i just instructed automatically. the only exception is that it cant unlock the restore area.
hope this helps,
MS Tech Support
88. by Guest. 2004-12-16 16:12:49
I would not try to remove the files with Adaware. Use it to find them, but then use the registry to restrict the permissions, then delete the individual files. Otherwise, it just restarts as Adaware tries to delete them.
89. by Guest. 2004-12-16 12:12:31
I used CWScrubber and it fixed my problem!!!
90. by Guest. 2004-12-16 01:12:35
after much trouble i fixed it also, here is how;
tried all the stuff above . did not fix it.
deleted all temp files in temporary internet and temp directories under all user profiles
emptied all rubbish bins
run adaware se
this locates the infected files. DONT delete them. make a note of the locations or print them out from the log.
Pull the plug on the computer.
dont exit adaware dont log off dont shut down. pull the power cord out of the computer
wait a bit and re start pressing f8 at start up
start up in safe mode , then run regedit
use the "find" feature to look for the infected files in the registry. one of them will be in there somewhere. its name changes every time adaware tries to delete it.
navigate down the registry until you get to the entry containing the infected dll . then go to permissions and deny all permissions except to administrator.
now you ought to be able to delete it with adaware
i found the trick was not to use adaware for deletion until you had nailed this file. I think its the one which immediately does some kind of soft reboot after adaware has attempted deletion. I could see my screen flicker for a second and the programs shut down and re start one after another. its at this time that the virus replicates and changes its name. once this has happed you have to start from square one again
i also found that the files names and registry entries referred to above just did not exist on my infected machine . the names and locations change all the time and adaware will show you where they are. sometimes the files are actually hidden so you cant navigate to them even in command prompt and you are always denied access rights even if you do find them . the file is always "in use " by another program and cant be touched.
knock out the registry entry first , then go get the other files. but dont ever shut down adaware or log off until the system is clean . if you need to re start , pull the plug and re start using f8 to enter safe mode either in command prompt or normal safe mode
I also played around with the attrib [not attrub] command which was refered to above. dont actually know if that helped or not...
good luck to you all
i assume the corporate payed scum bags who designed this bit of crap are reading posts like this and adapting the new versions to evade destruction. well, thats nothing that could not be fixed by a 9mm to the base of the skull. So much more effective than a class action.
91. by Guest. 2004-12-15 12:12:49
Hey post 49
I need help with this awful VX problem. I follow your instructions and find the .dll but there is no way to set permission as you instruct. If I just turn off the machine I keep getting the same .dll back again
I'm running 200 pro - any ideas would eb welcome
92. by Guest. 2004-12-15 02:12:48
Just wanted to say thank you, thank you, thank you to poster 49 for the fix. After 5 days of trying trying to rid my machine of VX2 his fix WORKED!
1. Run ad-aware and find what dll is infected (this thing will rename itself on every reboot!)
2. Run regedit, search for that dll, you'll find it in a winlogon section of the registry.
(specific folder.... HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify)
3. Goto the folder above for the entries listed where the DLL is, goto permissions, and DENY access to everyone/thing except administrators
4. Run ad-aware again and have it "clean-up" everything it finds... It will tell you u have to reboot....
5. DONT close ad-aware OR REBOOT.... This sucks, but just TURN THE PC OFF... if you logoff, the program will rename/hide itself AGAIN...
6. On reboot, Ad-aware will load again, scan 1 more time and you'll find some remainders, delete them and you are done...
Do it and take your machine BACK!
93. by Guest. 2004-12-14 09:12:03
Here is how I got rid of it:
1. Run ad-aware and find what dll is infected (this thing will rename itself on every reboot!)
2. Run regedit, search for that dll, you'll find it in a winlogon section of the registry.
(specific folder.... HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify)
3. Goto the folder above for the entries listed where the DLL is, goto permissions, and DENY access to everyone/thing except administrators
4. Run ad-aware again and have it "clean-up" everything it finds... It will tell you u have to reboot....
5. DONT close ad-aware OR REBOOT.... This sucks, but just TURN THE PC OFF... if you logoff, the program will rename/hide itself AGAIN...
6. On reboot, Ad-aware will load again, scan 1 more time and you'll find some remainders, delete them and you are done...
Best of luck all, almost had to reload system until I did the above...
94. by Guest. 2004-12-13 20:12:46
Use this blessed little tool to save you from this little piece of hell...
i tried it on my own computer and it killed the damn thing. Note that I, using xp home, had to install and autoexe.nt file to my system32 directory to make his programs work. Also you'll want to use hijackthis to get rid of any host files if you can. oh and do what he says in safe mode. i tried it in normal and it flipped out.
when are these spywhere people gonna realize that if i was gonna buy your crap i wouldn't be trying so hard to get rid of your goddamn program. i assume they're trying to sell to idiots who can't uninstall it with adaware. so why both making the ultimate unbeatable thing like this? just so that half of us have to format our computers.???
on a side note... I will never ever use ie again.... firefox is the way to go....
95. by Guest. 2004-12-09 22:12:51
The VX2 and intellegent explorer witch is usally attached to it comes from MICROSOFT!!!! thats right every time microsoft downloads an update to your computer it will show up again. I finally got rid of it and then its back on because of microsoft. Screw microsoft im switching to Linix
96. by Guest. 2004-12-02 13:12:13
Who is responsible for VX2? Corporate name? Location?
97. by Guest. 2004-11-19 12:11:09
This b**tard runs in safe mode so the usual safe mode fixes don't work.
1 Find vx2 using whatever and make a careful note of the infected filename
2 Ensure no disk activity and Pull the computers plug
3 Restart with F8 and start up in Safe Mode Command Prompt only. VX2 doesn't run in this mode.
Navigate to the folder (cd...) and delete the file noted in step 1 (del) you may need to make the file visible using attrub filename.exe -h -s -r first.
Restart the machine normally and run whatever again to find its non active backups which should then delete without problem.
98. by Guest. 2004-11-15 05:11:40
after trying to remove this strain of adware for a few hours with no sucess finally it is gone!!
wafyy BIG thanks!!
what i still dont understand is why adaware would not remove it in safe mode when i tried intially, but when u go to scan summary and delte it as a "family" it removed???
none the less it is now gone!!
thanks again!
99. by Guest. 2004-11-10 15:11:18
gets VX2 buuuuuuuuut leaves at least *.exe files permanatley from the VX2,vundo,webstat, 6gfnu5.exe etc....
help?
100. by Guest. 2004-11-10 08:11:36
Don't waste time with those other links UNLESS you want to PAY $$$$$. Why should you pay for a prvacy violation? According to Allen B. the President of VirtumunDO ,..He sent me the e-mail I posted stateding the true VIOLATORS of this VX2 (virtual Bouncer) and variants is VIRTUMONDE AS IN ---> virtumonde
send pop-ups out of controll on your windows systems... aaahhhh! I have been trying for several weeks and finally I read Waffy's post..gonna try it now so look for my new post
http://pets.allhere.com
I just finished getting rid of this new VX2 variant. It keeps it files under the %systemroo%system32 directory. It poloymorphs and changes names when rundll32.exe gets re-initiated. About the only consistant file was guard.tmp. These dlls and between 222,000 and 227,000 bytes in lengeth. They also can get evil and hide as system or hidden files. I benched marked with Ad-Aware to see what files were currently in use. It would not remove this varient, but at least showed me the live files. I dir ed these files and copied them to a notepad which a printed off. I then rebooted to my install CD and mounted the NTFS partition. From there I had to attrib -r to get rid of the read-only attribute and remove these files individually. Once removed I rebooted and used Ad Adware to verify that the system was clean. Also removed the bad entries from the host file. Here is a list of changed file name dlls that were hidden on my system to give you an idea of how these constantly change. Good luck!!!
12/11/2004 12:17 AM 223,906 e4020edoeh0c0.dll
12/11/2004 12:25 AM 223,702 mlupgrd.dll
12/12/2004 11:04 AM 224,594 t2r80c9uef.dll
12/12/2004 11:12 AM 225,516 l4j8le1u1h.dll
12/12/2004 06:17 PM 223,702 n6n6lg5s16.dll
12/12/2004 06:17 PM 223,749 mbidntld.dll
12/12/2004 07:00 PM 225,655 l60ulgd9160.dll
12/13/2004 05:05 PM 223,749 h00q0ad5ed0.dll
12/17/2004 09:14 AM 224,360 dnj6011se.dll
12/17/2004 09:22 AM 224,676 aza6011se.dll
12/17/2004 09:29 AM 223,891 h24m0ch1ef4.dll
12/17/2004 09:36 AM 223,749 gsmf32.dll
12/17/2004 05:25 PM 226,207 fpl0033me.dll
12/17/2004 05:25 PM 226,174 wpssvc.dll
12/18/2004 04:43 PM 222,519 jtnm0751e.dll
12/18/2004 05:00 PM 222,630 pygfilt.dll
12/18/2004 05:25 PM 222,630 r28slcl71fq.dll
12/18/2004 06:59 PM 222,630 llcalui.dll
12/19/2004 09:36 AM 222,630 ir6ml5j11.dll
12/19/2004 09:37 AM 222,630 mfsnap.dll
12/21/2004 05:57 PM 224,542 o2480chuef480.dll
12/22/2004 11:05 PM 224,409 hr4005hme.dll
12/22/2004 11:16 PM 224,364 pkpusd.dll
12/23/2004 01:27 PM 224,725 l08m0al1edq.dll
12/23/2004 03:57 PM 226,239 gp84l3lq1.dll
12/23/2004 04:42 PM 226,239 g4402ehmgh4a2.dll
12/23/2004 09:44 PM 226,239 en8sl1l71.dll
12/24/2004 03:11 PM 222,620 hr2805fue.dll
12/24/2004 03:12 PM 226,239 k0pmla711d.dll
12/24/2004 03:26 PM 226,239 dpvx_xx07.dll
12/24/2004 04:02 PM 222,723 f0l0la3m1d.dll
12/24/2004 07:48 PM 226,253 cysyn32.dll
12/25/2004 10:49 AM 226,253 hr0005dme.dll
12/25/2004 12:50 PM 223,075 q8860ilse8q60.dll
12/25/2004 01:47 PM 222,239 i2600cjmefoa0.dll
12/25/2004 04:32 PM 0 p0p60a7sed.dll
12/25/2004 07:18 PM 226,253 guard.tmp
82. by Guest. 2004-12-25 00:12:53
I think #59 may have meant #58, not 57? Anyway #58 worked for me. VX2 had also taken away my quicklaunch bar, even though it was enabled. I used BCWipe to wipe the files instead of a delete. PestPatrol claims to remove this, but I didn't try it. Thanks.
83. by Guest. 2004-12-22 13:12:58
I am an IT professional, and this is one of the nastier bug's I've fought. I tried just about everything above, and nothing worked untill #57. I assume the earlier solutions worked with earlier versions of VX2, but the evil programmers writing this stuff are probably reading my post right now, and making appropriate changes to the next version. I don't know how they sleep at night, honestly. Anyway, just to let everyone know, I needed one slight modification to #57. I removed all permissions from the appropriate files in system32 (It wouldn't let me delete the guard file untill I did this, and I was an admin with ownership, so I was able to put permissions back as necessary). I also searched for guard.tmp in the registry and deleted every entry. Thanks to everyone in this post who helped me in my 5 hour battle against VX2.
84. by Guest. 2004-12-22 09:12:36
I was hit around Dec 16. I had the latest Norton and Ad-Aware SE running with VX2 Cleaner. Every scan revealed a VX@ dll that it couldn't remove. It would ask if I wanted it to be deleted at the next boot. But each boot would generate a new insidious DLL. I download and ran CWS Shedder, Hijack This, Spybot, SpyDoctorand a half dozen other similar programs, Nothing worked. I tried the solutions prior to #57, none worked using Safe Mode. The trick was 57's suggestion to limit adminstrative rights to me and to delete other files bearing similar date. But here's what happened. I was able to delete the dll most recently identified by Ad-Aware in safe mode. Then I began deleting every dll generated in December that had a screwy name. When I came to the last one I wanted to delete, it would let me. I thought, oh no! I scanned again still in safe mode with Ad-Aware and ran the VX2 add-on. It deleted that file which I wasn't able to delete manually. I can't tell you what it was like to run a scan and find nothing, zero. Thank you #57 and for all who contribute here. I've tackled many major problems since the early 80's, but no application, no freeware, no main stream program, no tech support site, solved this problem until I came here late yesterday. Merry Christmas!
85. by Guest. 2004-12-21 10:12:05
After 3 days I finally fixed the problem. Thanks to all the suggestions I found one that worked. Here's what I did:
I emptied my temp files, temp internet files, cookies. Be sure you can access and delete hidden files.
1- run Adaware to find the .dll file that shows up
2- find the locatin of the .dll, when you find the file right click on it and go to properties
3- go to security feature and set file so it has administrative privileges only ... deny priviliges to eveything else.
4- unplug computer ... do not turn off ... unplug it
5- turn on computer in safe mode and go back to the .dll file. You should be able to delete now. Look for files in system32 that were created the same day or around the same day as the .dll file. Delete the one's that look like they don't belong. Be sure to delete the guard file.
6- run Adaware again and everything should be fine.
Good luck ... I hope this works for you
86. by Guest. 2004-12-21 09:12:46
My computer was infected with three different viruses. I tried to get different programs to remove them , but they would not allow themselves to be deleted. I finally partioned the c drive, then reloaded the windows system on to the new d drive. I then ran the virus program on the systems and windows section of c, this time it did get rid of them. It allowed me to save the music. programs and other things I was not wanting to delete. Just for thought as a different way to do this. Playing with the registry was getting too confusing with me, plus it was not working with me battling three different ones
87. by Guest. 2004-12-20 04:12:48
im not sure if this helps, but ive built a tests system and purposefully downloaded the vx2 trojan on it.
Please note that dissaembling programs is a hobby, and you shouldn't call microsoft about it.
I say its a trojan becasue of the nature of the program itself. it uses an authorized active scripting command to copy itself from the system32 folder to the system volume information area. this area is originally built to house things like file lookup tables, the restore images, dlls in use, and other bits and pieces that shouldn't be in the pagefile.
the vx2 trojan locks itself into the sysvolinf area by using the admin process 'rundll32.exe' this is not an allowed process, merely a clone since the real rundll32 doesn't show up in the process tree to begin with (service pack 1 allows it to be seen by admins). This process locks the 2 key strings so that they cannot be deleted or changed by anyone or anything.
it then propagates to the system dll cache and monitors activities using its own code.
upon careful analysis, i have found the perfect solution. be prepared for some involvement.
install a new copy of your operating system on a new hard disk. set this to the master drive.
use your original harddrive as a slave (keeping the dlls quiet because only 1 sysvolinf area can be used at a time) thereby disabling the virus.
turn off system restore on all drives and remove all but the latest restore)
run adaware or delete the following strings:
/System32/ iOssvcs.dll
/System32/iTshlpr.dll
/System32/iVssam.dll
/System Volume Information/_restoreBE8A08A2-826F-476B-B751-88FBE59340BC/RP70/A0007645.dll
/System Volume Information/_restoreBE8A08A2-826F-476B-B751-88FBE59340BC/RP70/A0007646.dll
please note that the drive you are deleting from is the slave (infected) drive, not the current one.
vx2finder(126).exe is a wonderful utility that accomplishes what i just instructed automatically. the only exception is that it cant unlock the restore area.
hope this helps,
MS Tech Support
88. by Guest. 2004-12-16 16:12:49
I would not try to remove the files with Adaware. Use it to find them, but then use the registry to restrict the permissions, then delete the individual files. Otherwise, it just restarts as Adaware tries to delete them.
89. by Guest. 2004-12-16 12:12:31
I used CWScrubber and it fixed my problem!!!
90. by Guest. 2004-12-16 01:12:35
after much trouble i fixed it also, here is how;
tried all the stuff above . did not fix it.
deleted all temp files in temporary internet and temp directories under all user profiles
emptied all rubbish bins
run adaware se
this locates the infected files. DONT delete them. make a note of the locations or print them out from the log.
Pull the plug on the computer.
dont exit adaware dont log off dont shut down. pull the power cord out of the computer
wait a bit and re start pressing f8 at start up
start up in safe mode , then run regedit
use the "find" feature to look for the infected files in the registry. one of them will be in there somewhere. its name changes every time adaware tries to delete it.
navigate down the registry until you get to the entry containing the infected dll . then go to permissions and deny all permissions except to administrator.
now you ought to be able to delete it with adaware
i found the trick was not to use adaware for deletion until you had nailed this file. I think its the one which immediately does some kind of soft reboot after adaware has attempted deletion. I could see my screen flicker for a second and the programs shut down and re start one after another. its at this time that the virus replicates and changes its name. once this has happed you have to start from square one again
i also found that the files names and registry entries referred to above just did not exist on my infected machine . the names and locations change all the time and adaware will show you where they are. sometimes the files are actually hidden so you cant navigate to them even in command prompt and you are always denied access rights even if you do find them . the file is always "in use " by another program and cant be touched.
knock out the registry entry first , then go get the other files. but dont ever shut down adaware or log off until the system is clean . if you need to re start , pull the plug and re start using f8 to enter safe mode either in command prompt or normal safe mode
I also played around with the attrib [not attrub] command which was refered to above. dont actually know if that helped or not...
good luck to you all
i assume the corporate payed scum bags who designed this bit of crap are reading posts like this and adapting the new versions to evade destruction. well, thats nothing that could not be fixed by a 9mm to the base of the skull. So much more effective than a class action.
91. by Guest. 2004-12-15 12:12:49
Hey post 49
I need help with this awful VX problem. I follow your instructions and find the .dll but there is no way to set permission as you instruct. If I just turn off the machine I keep getting the same .dll back again
I'm running 200 pro - any ideas would eb welcome
92. by Guest. 2004-12-15 02:12:48
Just wanted to say thank you, thank you, thank you to poster 49 for the fix. After 5 days of trying trying to rid my machine of VX2 his fix WORKED!
1. Run ad-aware and find what dll is infected (this thing will rename itself on every reboot!)
2. Run regedit, search for that dll, you'll find it in a winlogon section of the registry.
(specific folder.... HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify)
3. Goto the folder above for the entries listed where the DLL is, goto permissions, and DENY access to everyone/thing except administrators
4. Run ad-aware again and have it "clean-up" everything it finds... It will tell you u have to reboot....
5. DONT close ad-aware OR REBOOT.... This sucks, but just TURN THE PC OFF... if you logoff, the program will rename/hide itself AGAIN...
6. On reboot, Ad-aware will load again, scan 1 more time and you'll find some remainders, delete them and you are done...
Do it and take your machine BACK!
93. by Guest. 2004-12-14 09:12:03
Here is how I got rid of it:
1. Run ad-aware and find what dll is infected (this thing will rename itself on every reboot!)
2. Run regedit, search for that dll, you'll find it in a winlogon section of the registry.
(specific folder.... HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotify)
3. Goto the folder above for the entries listed where the DLL is, goto permissions, and DENY access to everyone/thing except administrators
4. Run ad-aware again and have it "clean-up" everything it finds... It will tell you u have to reboot....
5. DONT close ad-aware OR REBOOT.... This sucks, but just TURN THE PC OFF... if you logoff, the program will rename/hide itself AGAIN...
6. On reboot, Ad-aware will load again, scan 1 more time and you'll find some remainders, delete them and you are done...
Best of luck all, almost had to reload system until I did the above...
94. by Guest. 2004-12-13 20:12:46
Use this blessed little tool to save you from this little piece of hell...
http://www.lavasoftsupport.com/index.php?showtopic=54511
i tried it on my own computer and it killed the damn thing. Note that I, using xp home, had to install and autoexe.nt file to my system32 directory to make his programs work. Also you'll want to use hijackthis to get rid of any host files if you can. oh and do what he says in safe mode. i tried it in normal and it flipped out.
when are these spywhere people gonna realize that if i was gonna buy your crap i wouldn't be trying so hard to get rid of your goddamn program. i assume they're trying to sell to idiots who can't uninstall it with adaware. so why both making the ultimate unbeatable thing like this? just so that half of us have to format our computers.???
on a side note... I will never ever use ie again.... firefox is the way to go....
95. by Guest. 2004-12-09 22:12:51
The VX2 and intellegent explorer witch is usally attached to it comes from MICROSOFT!!!! thats right every time microsoft downloads an update to your computer it will show up again. I finally got rid of it and then its back on because of microsoft. Screw microsoft im switching to Linix
96. by Guest. 2004-12-02 13:12:13
Who is responsible for VX2? Corporate name? Location?
97. by Guest. 2004-11-19 12:11:09
This b**tard runs in safe mode so the usual safe mode fixes don't work.
1 Find vx2 using whatever and make a careful note of the infected filename
2 Ensure no disk activity and Pull the computers plug
3 Restart with F8 and start up in Safe Mode Command Prompt only. VX2 doesn't run in this mode.
Navigate to the folder (cd...) and delete the file noted in step 1 (del) you may need to make the file visible using attrub filename.exe -h -s -r first.
Restart the machine normally and run whatever again to find its non active backups which should then delete without problem.
98. by Guest. 2004-11-15 05:11:40
after trying to remove this strain of adware for a few hours with no sucess finally it is gone!!
wafyy BIG thanks!!
what i still dont understand is why adaware would not remove it in safe mode when i tried intially, but when u go to scan summary and delte it as a "family" it removed???
none the less it is now gone!!
thanks again!
99. by Guest. 2004-11-10 15:11:18
gets VX2 buuuuuuuuut leaves at least *.exe files permanatley from the VX2,vundo,webstat, 6gfnu5.exe etc....
help?
100. by Guest. 2004-11-10 08:11:36
Don't waste time with those other links UNLESS you want to PAY $$$$$. Why should you pay for a prvacy violation? According to Allen B. the President of VirtumunDO ,..He sent me the e-mail I posted stateding the true VIOLATORS of this VX2 (virtual Bouncer) and variants is VIRTUMONDE AS IN ---> virtumonde
send pop-ups out of controll on your windows systems... aaahhhh! I have been trying for several weeks and finally I read Waffy's post..gonna try it now so look for my new post
http://pets.allhere.com