Spyware, viruses, & security : VX2.Look2Me HELP!!!!!!!
VX2.Look2Me HELP!!!!!!!
by stevevb - 8/31/05 5:39 PMI come to you humbled with desparation. I run Win XP, and use Norton Anti Virus as well as Spy Sweeper, Ad Aware, and Spybot. After seeing some odd pop-ups and redirects, I knew something was wrong. None of my programs found anything, so I downloaded CWShredder. It was then that I discovered that I was infected with VX2.Look2ME. Although Shredder says it removed the program, as soon as I reboot the program is back. I have since run all my spyware stuff in safe mode, but again, my computer is still infected. This is my last hope before reformatting my computer. Can ANYONE help????
That can be a tough one Steve
by roddy32
- 8/31/05 6:41 PM
In reply to: VX2.Look2Me HELP!!!!!!! by stevevb
and the easiest way would be to visit a HijackThis Expert forum (NOT here please). Please follow the directions on this here. I realze you have some of the tools already but please download the ones you don't have and then visit one of the HJT forums. HJT is a very powerful tool and only advanced users should use it.
Please post your HJT logs in one of the following HJT forums:
- http://castlecops.com/f67-Hijackthis_Spyware_Viruses_Worms_Trojans_Oh_My.html
- http://forums.spywareinfo.com/index.php?showforum=18
- http://forums.subratam.org/index.php?showforum=7
Attention: You have to register to be able to post your HJT log !!
HijackThis download locations:
http://castlecops.com/zx/Merijn/hijackthis.zip
http://www.spywareinfo.com/~merijn/files/HijackThis.exe
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
http://downloads.subratam.org/hijackthis.zip
It is important that you run HijackThis.exe in its own folder so the backup files that HijackThis creates will not be accidentally deleted.
Open 'My Computer', then double-click to open C:\ (or the drive letter that your Windows is installed on)
In the menu bar, click File-->New-->Folder.
That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis". Now you have C:\HJT\ or C:\HijackThis\ folder. Put your HijackThis.exe there, and double click to run it.
Click 'Scan' button. Click 'Save log' button. Save the 'hijackthis.log' in your desktop. Copy and paste the content of 'hijackthis.log' and post the log file in any forums that offers HijackThis analysis.
Most of what it lists will be harmless, so do not fix anything yet.
BEFORE you post your HJT log - it would be appreciated if you would :
Download and install the following programs, If they're not on your computer, yet:
- AdAware SE : http://www.lavasoftusa.com/support/download/
- Spybot 1.4: http://www.safer-networking.org/en/mirrors/index.html
- CCleaner: http://www.ccleaner.com/ccdownload.php
Download CWShredder: http://www.intermute.com/products/cwshredder.html
and put it in it's own folder, f.e. 'C:\CWShredder' or C:\Program Files\CWShredder'
- Microsoft AntiSpyware Beta:
http://www.microsoft.com/athome/security/spyware/software/default.mspx
Please be PATIENT - For those of you looking for assistance with HJT logs, please be patient. The experts are really swamped with requests to have logs reviewed etc. If they do not get with you immediately it only means they are helping someone else. Remember they do this free of charge and in their spare time so please be patient.
Also Steve, in addition to my previous post
by roddy32 - 8/31/05 6:54 PM
In reply to: VX2.Look2Me HELP!!!!!!! by stevevb
download the newest version of the VX2 cleaner at the Lavasoft link that is in my other post. It is an add-on for Ad-Aware. Just click on the top left side of the main Lavasoft page where it says "add-ons".
Thanks for the reply...
by stevevb - 8/31/05 7:00 PM In reply to: Also Steve, in addition to my previous post by roddy32
I have already done most of what you have suggested. My log is posted, but it has been several days, and still no response. I have tried the Lavasoft update, but I am getting a message that says the system is clean--though I'm not even sure it loaded. This is so frustrating!
There are many different variants
by roddy32 - 8/31/05 7:18 PM
In reply to: Thanks for the reply... by stevevb
The VX2 cleaner works on SOME. cwshedder works on SOME. Others take a combination of tools. Ewido also works sometimes. Have you tried that? Here are directions for your particular case. Even if it doesn't fix it, the HJT forum might want to see the log. Where did you bring it?
Dowload link http://www.ewido.net/en/
* Install ewido security suite
* When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
* Launch ewido, there should be an icon on your desktop double-click it.
* The program will now go to the main screen
You will need to update ewido to the latest definition files.
* On the left hand side of the main screen click Update
* Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net/en/download/updates/
Once the updates are installed do the following:
* Click on scanner
* Click on Complete System Scan and the scan will begin.
* While the scan is in progress you will be prompted to clean files, click OK
* When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop.
Now close ewido security suite.
I meant the HJT forum might want
by roddy32 - 8/31/05 7:19 PM
In reply to: There are many different variants by roddy32
to see the ewido log in addition to the hjt log.
HJT Log
by Bugbatter - 8/31/05 7:44 PM In reply to: Thanks for the reply... by stevevbWhich forum did you post your log on?
Additionally you could check this site....
by tobeach - 8/31/05 11:08 PM In reply to: VX2.Look2Me HELP!!!!!!! by stevevbhttp://www.siena.edu/antivirus/spyware/cws.asp
Although it's for CWS, The critical thing is the Smartkiller exe as it stops processes in background that prevent access for removal. I would run that first then Shredder both from safe mode. I don't think anyone mentioned it but you are possibly being re-infected from system restore points or from internet while trying to get help (downloading more in background).There may also be some other files buried that act to re-trigger payload if main removed. Be sure you're not connected to net while trying removals. This won't mean you can avoid HJT forums but may fix or at least reduce number of problems to present them. I'd be tempted to also try( from safe mode) Smartkiller followed immediately by Adaware VX2 remover hoping Smartkiller has stopped enough processes to allow AAW VX2 to get the rest.I believe AAW latest VX2 cleaner also now includes a process stopper. Worth a Try?? Roddy please correct me if I'm off base here. Hope this helps some. 
I'm trying to do this the same way
by roddy32 - 9/1/05 3:10 AM
In reply to: Additionally you could check this site.... by tobeach
the HJT forums do it instead of googling and giving him 100 different things for 100 different variants. I don't want to confuse things. He's already got a HJT log posted Tobeach.
Thanks You, But
by stevevb - 9/1/05 8:28 PM In reply to: I'm trying to do this the same way by roddy32
I just wanted to thank you all for your attention. Unfortunately, this was getting too complicated and time consuming. I spent the better part of my day today, restoring my computer. I'm left with several thoughts: 1. Anyone who pays for spyware removal software is wasting their money. 2. People who create spyware/malware should have the living &%$# kicked out of them!
You're welcome Steve and normally the
by roddy32 - 9/1/05 8:40 PM
In reply to: Thanks You, But by stevevb
free tools will remove everything but some are tougher than others and take more time and more tools. You had a real tough one there. The HJT forum would have gotten to you and fixed you up eventually, they are really swamped with logs and they have a hard time keeping up because of it. They are also volunteers, the same as we are here so it might be nice if you posted a message where you posted your log and told them you don't need it done anymore. I'm glad you got it straightened out though, regardless of how you did it. Anyway, all's well that ends well and I totally agree with you on about the malware writers. Also, thanks for posting back.
(NT) I understand. My Heart felt appologies offered !
by tobeach - 9/1/05 9:35 PM In reply to: I'm trying to do this the same way by roddy32
pop up
by Soniafm1027 - 7/17/06 5:41 AM In reply to: VX2.Look2Me HELP!!!!!!! by stevevbhi
Had same problem. only way i could stop the pop ups was to go to the root of the problem at gad-networks.com and downloaded the removal tool from the tossers.
Seems to have worked thus far.
good luck
Daryl Mushtaq
You sould stay off the p#$n sites!
by dragonsprayer - 10/27/06 2:24 PM In reply to: pop up by Soniafm1027I wonder where u got vx2 bug? Spydoctor removes this quite well! **** luck!
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
