vx2.narrator got me

ok im very new to this spyware stuff. so i hope my machine is fixable. i have ms antispyware and it keeps finding that vx2 and some content menu handler. ms antispy deletes it and of course as asson as i reboot it comes back. i also get some popups from urrlogic.com and other ad sites. i also noticed that when antispware removes the vx2 it deletes quyuuk.dat and guzuqq.dll from the win/sys32 dir. please im willin to try almost anything to fix this issue. please someone help. thanks in advance faztn

 

First, please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

After doing ALL of the above if you still have a problem:

• Download HijackThis 1.99.1

• Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

• Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file.

• Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

• Run HijackThis and save your log file.

• Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post).

Download the following items:

KILL 2 ME.zip

L2MeFix Tool

Generic Detection Tool - NT/2000/XP

VX2.BetterInternet Finder XP/2k - Version Msg126

Pocket KillBox

DO NOT USE ANY OF THESE TOOLS UNTIL TOLD TO!


Now, Run the L2MeFix Tool

Please move the L2MeFix Tool to your Desktop and DoubleClick l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix Folder on your Desktop. DoubleClick l2mfix.bat and Type 1 and ENTER to select Option #1 for Run Find Log . Allow it as much time as it needs to run until NotePad opens with a log. Attach this log!

NOTE: Please do not run any other options or files in the l2mfix Folder!

 

ok i did all the steps. when i got to the part to log on to windows in safe mode with networking. i did it but it wouldnt let me connect to the internet in safe mode. so i did the online scan at Trend Micro's Free Online Virus Scan and the online scan at Symantec Security Check in normal mode. the Trend Micro's found 7 vx2 files that were uncleanable. but it deleted them. i did all the other cleans and scans and worked pretty much like normal. some cookies here and etc... windows update is automatic but i didnt Remove Microsoft Java. if i really need to to remove the vx2.narrator then i will. but as far as everthing else you said to do ive done and posted the 2 files as attachments here. once again thanks in advance. faztn

 

Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file vx2fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the vx2fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge, click YES!


NOW:
Scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://hsremove.com/done.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner


Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

Reboot!

Scan with HijackThis and attach the new log.

Unzip the Generic Detection Tool to a safe folder of your choice and run "find.bat" - Allow it as much time as it needs to run. You may get an error message of "File Not Found," but just let it go.

The tool should generate a long text file. Attach this log as an attachment to your next post.


Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

Good Luck!

 

ok the instructions you gave me were fine and went fine. my system does seem to be runnin a little better. also when i rebooted i didnt see ms antispyware come on and say that the vx2.narrator is trying to install. that may be a good sign. i appreciate the help and so far so good. i thought this would be harder or maybe it gets harder, well see. the 2 files requested are attached. once again thanks alot. faztn

 

Locate Pocket Killbox

Copy and Paste E:\WINDOWS\System32\zllictbl.dat into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO .

NOW:
Open VX2Finder and Click on the "Find Vx2.BetterInternet" button.

Then click on these buttons in the right pane unless they are not enabled:

UserAgent$ Button

Guardian.reg

Restore Policy

Allow Machine to Reboot.

After windows has loaded, run find.bat and attach the log. HJT log looked good.

Are you still having any problems?

 

ok i did everything you said and that file did show up in blue and it deleted it. also as far as zone alarm goes. i used to have it and once i found out i had the vx2.narrator i did some lookin around and switched to sygate personal firewall. ok i did the VX2Finder and only the restore policy button would let me click it. the other 2 were greyed out. the file from find.bat is attached as requested. i would really like to say thanks a lot for the help. i appreciate it greatly. it looks like the vx2.narrator is gone or at least it isnt coming up at all after reboot. like it used to even after deleted. im also curious as to how i even got infected with it. also out of all the progs you had me install and what i have, ms antispyware, pop upstopper pro. which ones i need to keep running. once again thanks faztn

 

First:
Copy the contents of the Quote Box below to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file vx2fix1.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.)

Double-click on the vx2fix1.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to merge, click YES!

Second:

After doing the above, reboot and post a new HJT log and a fresh output.txt log from the Generic Detection Tool.

 

Thought it was VX2 related, my mistake!

 

faztn,

Ignore post #9 it was my mistake.

Are you having any further problems?

 

no more problems. everything seems fine. thanks alot for the help

 

Good Deal!

If you have anymore problems just come back and we will get you fixed up.

You should see this article on How to Protect yourself from malware!

Browse Safely!