VX2 Virus - How do I remove? At all???!!!

Sloganjerry

Hi

Please Go to end of thread for up to date state of problem.


Thanks!
Sloganjerry


I posted recently about trying to remove a VX2 virus that I have oon my computer. Unfortunately it is still there. I have followed advice in forum. In safe mode I have ran CCleaner, Spybot, Adaware, Ewido (which at last scan found 69 infected objects inc. 3 x VX2 items) and also the add on VX2 remover tool with adaware which doesn't even find the VX2 items.

Then when I boot back into normal mode and run adaware, there they are again, back on my computer!!!!!

I have downloaded hijack this, and run a scan as recommended in forum. Here is a copy of that scan report as requested:-

Logfile of HijackThis v1.99.1
Scan saved at 20:04:26, on 12/04/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Default\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O2 - BHO: AcroIEHlprObj Class - !!06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: GoogleCatch.clsIESpy - !!4508E20C-ACAD-11D2-9FC0-00550076E06F} - C:\Program Files\2search\2search.dll (file missing)
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O3 - Toolbar: &Radio - !!8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\PROGRAM FILES\EPSON\EPSON WEB-TO-PAGE\EPSON WEB-TO-PAGE.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [EPSON Stylus C46 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0T1.EXE /P23 "EPSON Stylus C46 Series" /O6 "USB001" /M "Stylus C46"
O4 - HKLM\..\Run: [IMprocess] C:\Program Files\IM Names\IM-svr.EXE
O4 - HKLM\..\Run: [2Search] C:\Program Files\2search\main.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [BearShare] "C:\Program Files\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - !!92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: !!00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: !!2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: !!6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1138106337712
O16 - DPF: !!8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\!!72005BBF-A956-453C-BBF3-1C02B26F273B}: NameServer = 212.74.114.129 212.74.112.66
O18 - Protocol: msnim - !!828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

I am running Antivir Guard as my anti-virus and Zone alarm as my firewall and I use Firefox as my internet explorer so how do I keep getting all these infected objects and spyware on my computer?? Or is this something that we all have to live with these days and continually scan every few days???

Any help and advice much appreciated before I lose my rag and throw this piece of ****! out the window!

Cheers

Sloganjerry! :mad:

Browntoa

when you scan using hijack this you get the option to save a log file

double click on the file it creates and then select all the text, right click on your mouse while hovering over the highlighted bit and "copy" the text then come back here and click in the quick reply box, again right click on the mouse and "paste" the info into the box and post the log

Sloganjerry

Thanks Browntoa

I must have just edited my post and pasted in scan report just as you were replying,

cheers

Sloganjerry

Browntoa

I can already see the source of some of your problems, bearshare is letting them all in, messenger plus is bundled with a "lop" infection

Browntoa

before we start can you remove messengerplus and then go to the Windows update site at www.windowsupdate.com and download SP2 as you only have SP1 installed

Sloganjerry

Thanks Browntoa

I'm on the case. Gonna see if I can remove mesengerplus now and download SP2 pack and then I'll come back to you,

Cheers for this mate,

Sloganjerry

Sloganjerry

Nothing is ever easy in this life!!!!

I clicked on the link Browntoa kindly provided and it took me to windows update page and started checking out my computer for updates?? I eventually downloaded "windows genuine advantage validation tool"???
Tried to search foe windows xp service pack 2 and clicked on download, it took me back to the original check for updates and still no SP2 download?

What am I doing wrong, anyone????


Cheers


Sloganjerry

Chippy_Minton

You mentioned that you use Firefox as your web browser; use Internet Explorer instead on the Windows update site as it doesn't work with Firefox.

pchelpman

Hi Sloganjerry

The help you are receiving here is good. Please try to follow all recommendations.

I have just one small question though. You say this ...

Sloganjerry wrote:

...a VX2 virus that I have oon my computer. Unfortunately it is still there.

I'm curious. What tells you VX2 is still on your computer?

Sloganjerry

Hi PC Helpman

I know VX2 is still on computer as it turns up after scan by adaware. And annoying that Adaware add-on VX2 tool doesn't remove it????

I have been reverting to Internet explorer to try to download SP2 but still no luck??

Now my computer is starting to really play up. Very slow at times. Taking long time to respond to actions, disconnecting from internet frequently and screen seems to shudder every now and then?!?

Help please,

It could be dead by morning!

Cheers

Sloganjerry

Browntoa

it's just that your original hijack this log shows no sign of a VX2 infection

there are a couple of lines that suggest a previous infection that has gone

did you get windows update to run ??

if so can you post anew hijack this log for us ?