Re: HOWTO: How to remove VX2 spyware (the latest and worst versions)

This administrator requested that no one installs SP2 NOR ANY OTHER
UPDATES.

Just going to a web site or even seeing AN ADVERT that exploits some
old security hole will literally ravage your computer.

What is the purpose of having an Internet connection if you can't use a
browser?

If you're telling me that it's OK to tell people not to install
patches, I'm sorry, but you are giving people TERRIBLE advice.

Because of people like you, my friend got infected with VX2 and that
SpyAxe malware and I wasted 5 hours of my life because of that dickhead
administrator, so that my friend can do his job normally.

So don't give people crazy advice or I'll think you work for SpyAxe.


Winux P wrote:
> Dude,
>
> Thanks dude, keep in mind though there are lots of machines out there with
> Windows98, ME, 2000, XP that have and have not been updated, patched with
> service packs and still don't get virus or spyware infected. It's not
> because some idiot administrator ordered SP2 doesn't get installed, but most
> probably some idiot administrator (or user) got themselves infected.
>
> As long as you're running a good AV, firewall and Spyware protector\cleanser
> that's always kept updated, and you don't click the, "Click OK button to be
> eligible for $US 400, 000.00..." button on some websites, and other such
> things you should be OK.
>
> Such things are not attributable to the lack of SP2 on WinXP.
>
> - Winux P
>
> "dude" <deepdark@xxxxxxxxx> wrote in message
> news:1134513325.587288.264190@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> : Hi,
> :
> : A friend of mine got infected with a variant of VX2 spyware because
> : some idiot administrator at their work ordered that they don't install
> : SP2 or any other updates.
> :
> : This particular flavor of VX2 that he got is extremely difficult to
> : remove. NONE of the anti-spyware programs could remove it on their own.
> : AdAware WITH the VX2 Cleaner plug-in also said that it's a new variant
> : that it can't do anything about.
> :
> : After about 3 hours of analysis, I found a way to remove it. It's
> : pretty difficult for a normal user.
> :
> : 1. Clean all spyware that normal tools like AdAware and Search&Destroy
> : can clean.
> :
> : 2. Download "HijackThis", run it and click "Do a system scan only"
> :
> : 3. Under "Winlogon Notify" in the list that HijackThis produces, you
> : will find a DLL file in windows\system32 with a random name, such as
> : t85r03194w.dll. WRITE IT DOWN. Close HijackThis.
> :
> : 4. Open regedit. Go to
> : HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
> : Extensions\Approved
> :
> : 5. On the right hand side, look for an item that has something in the
> : "Name" column but NO DATA on the right (in the "Data" column). There's
> : normally only one shell extension like that, for VX2. Click that item,
> : press F2, Ctrl+C, Esc (to copy the GUID).
> :
> : 6. Go to My Computer in regedit, and press Ctrl+F, Ctrl+C, Enter (to
> : find this GUID). When regedit finds the key, expand it, and under
> : InProcServer32 you will see, on the right hand side, the "(Default)"
> : key that will contain a file name such as
> : C:\WINDOWS\SYSTEM32\askjhas.dll. WRITE IT DOWN AS WELL.
> :
> : 7. Get a XP installation CD ready.
> :
> : 8. THE FOLLOWING IS THE MOST IMPORTANT STEP.
> :
> : 9. SWITCH OFF THE COMPUTER FROM THE MAINS. DO *NOT* SHUT DOWN THE
> : COMPUTER - SWITCH IT OFF FROM THE POWER PLUG. This is to prevent VX2
> : renaming the DLL files, which it ALWAYS does. Do **NOT** use the Power
> : Off button on your computer - plug off the CABLE that's in the wall
> : socket.
> :
> : 10. Power on the computer, and immediately insert the XP installation
> : CD. Make sure the computer boots from the CD. If the computer starts
> : booting from the hard disk, SWITCH IT OFF FROM THE MAINS STRAIGHT AWAY
> : and repeat the step 10 again. If you fail here, you'll have to start
> : from the beginning.
> :
> : 11. Once XP setup starts, choose R (for Recovery console).
> :
> : 12. Choose 1 as the Windows installation.
> :
> : 13. Type in the administrator password for your computer.
> :
> : 14. Type in "CD WINDOWS\SYSTEM32" and press Enter
> :
> : 15. Type in "ren X1.DLL SHIT1.TXT". x1.dll is the name of the file you
> : wrote down the first time.
> :
> : 16. Type in "ren X2.DLL SHIT2.TXT". x2.dll is the name of the file you
> : wrote down the *second* time (step 6).
> :
> : 17. Type EXIT and reboot your computer normally.
> :
> : This worked beautifully for me.
> :
> : In conclusion, whoever wrote this VX2 spyware should be imprisoned for
> : a very, very long time and his computer burned at stake.
> :

.