Spyware, Viruses, & Security forum

General discussion

Spyware Help please

by Flyersguy172 / May 6, 2004 11:47 AM PDT

Today upon doing some normal surfing, I got some terrible spyware on my machine.

At first, the spyware acted as a Browser hijack and completely took away my internet. After doing a few ad-aware and spybot scans, I regained the use of my internet, however, I am still getting tracking cookies and spyware registry files placed on my system everytime I reboot or after a few minutes of the computer being idle.

I took this from my Ad-Aware scan log...this is the spyware that started it all and I think may be causing my current spyware....Can anyone make sense of this? Betterinternet was given access by my firewall for the internet (i accidentally clicked yes to allow it...I removed that program from the firewall now though)

VX2.BETTERINTERNET

Discussion is locked
You are posting a reply to: Spyware Help please
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Spyware Help please
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Re:Spyware Help please
by Marianna Schmudlach / May 6, 2004 12:40 PM PDT
In reply to: Spyware Help please

Hi Flyersguy

yep, is a PITA Sad

Try this for "betterinternet"


This is how I finally got it cleaned.

With regedit

Hkey_local_machine\software\microsoft\windows nt\current version\winlogon\notify\guardian

Right click on the guardian folder and select permissions
Advanced button
Uncheck inherit from parent permissions

You should be able to clean in off after that.


You will have to click remove on the first little window that comes up .
Then you will have to click apply, and then ok.

After that you will have to remove the offensive files.

The two files you probably want to delete are :
C:\WINDOWS\SYSTEM32\akmpvcno.cpy.dll
and
C:\WINDOWS\SYSTEM32\akmpvcno.dll

You may be able to delete akmpvcno.cpy.dll once you remove the permissions from 'guardian' I think. However, you will have to restart your machine to remove akmpvcno.dll

So restart, This worked for me, but my 'offensive' files were named afsldpc.cpy.dll and afsldpc.dll adaware only noticed afsldpc.cpy.dll .

I should also note that I am using windows XP home. I knew this worked right away when I restarted because it didn't sit there loading up my personal preferences FOREVER anymore.

good luck and i hope this works for you too.
(p.s. do an adaware scan after you are finished to see if you actually killed it, and to clean out all the gunk it leaves behind)


I removed permissions. I left the guardian 'folder' thinger there. It's turned into an empty folder, and I'm happy with it if it really wants to be there.

then i restarted and removed the 2 dll files in the system32 directory. It's 3 days later, and still no sign of vx2.

Found it here: http://www.lavasoftsupport.com/index.php?showtopic=24265


Have to look around for VIRTUMUNDO though ... will post if I find something\anything Happy

Collapse -
VIRTUMUNDO, INC.
by Marianna Schmudlach / May 6, 2004 12:45 PM PDT
In reply to: Spyware Help please
Collapse -
Re:VIRTUMUNDO, INC.
by Flyersguy172 / May 6, 2004 2:06 PM PDT
In reply to: VIRTUMUNDO, INC.

Thanks for help.

Before I did your advice, I ran a virus scan from pandascan free online virus scan. I believe it found a Trojan Horse Virus (didnt give me the name, just called it Tjr or something like that) It disenfected the file and I thought that would completely fix it, however, it didnt.

I did not have that virus on my system this morning, so I am sure its associated in someway with the spyware on my machine.

Either way, after getting rid of the virus I am still getting tracking cookies in my ad-aware scans, firewall alerts asking if I want programs to access the internet, and also everynow and then when I am on IE, a seperate IE windows will popup that just says Microsoft as its name...it wont open or anything...it immediately closes.

I just tried what you told me and am about to reboot. Thanks for help, keep that advice comming if you can.

Brian

Collapse -
Re:Re:VIRTUMUNDO, INC.
by Flyersguy172 / May 6, 2004 2:07 PM PDT
In reply to: Re:VIRTUMUNDO, INC.

Also, when I reboot, I have noticed that Rundll32.exe is running in my backround programs even though I have it disabled in my msconfig...does this mean anything?

thanks

Brian

Collapse -
Re:VIRTUMUNDO, INC.
by Marianna Schmudlach / May 6, 2004 3:53 PM PDT
In reply to: Re:Re:VIRTUMUNDO, INC.

Yep - have seen it ......

I guess, the easiest way to figure it out is:

Download and run HijackThis - get it here:

http://www.tomcoyote.org/hjt/


Unzip, double-click "HijackThis.exe" and Press "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Click: "Save Log" (generates: "hijackthis.log")

Next, HijackThis | Config [button] | Misc Tools [button]
Click: Generate StartupList log [button] (generates: "startuplist.txt")

Next, go to the link below.

http://www.wilderssecurity.com/ > Browser Hijacks and Spyware Problems > Browser Hijacks and Spyware Problems


and post your "hijackthis.log". There are the experts and they will tell you what to do.

This will also be the "fastest" way to remove this stuff.

Pls. as you post your log - you should save HijackThis in its own folder like C:\Hijackthis - so the backups will stay in that folder.
Also pls. tell them what you already have done to get rid of it - this way it will be easier for you and them to help you.

Good Luck!

Collapse -
Re:Re:VIRTUMUNDO, INC.
by kafoste / May 6, 2004 10:35 PM PDT
In reply to: Re:VIRTUMUNDO, INC.

plz let me know how it goes..for 2 days ive tried most everything asked and i cant get rid of it...exactly the same thing youve described..i am the point this weekend of putting my recovery disk in and starting over

Popular Forums

icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

FALL TV PREMIERES

Your favorite shows are back!

Don’t miss your dramas, sitcoms and reality shows. Find out when and where they’re airing!