Anyone been successful removing Virtual Bouncer spyware yet?

Ad-Aware should remove it , also

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run and delete any values pertaining to "Virtual Bouncer."

Verify its uninstalled in add\remove programs as well.


Additional resources:
http://sarc.com/avcenter/venc/data/adware.virtualbouncer.html
http://www.pestpatrol.com/pestinfo/v/virtual_bouncer.asp

 

Hijack This would show us what is running and might give us some insight. Heck, you might find the problem yourself. Im assuming something is running at startup, so run Hijack This through the tutorial and get back to us with a log if needed.


P.S Symantec gives different steps, including uninstalling Virtual Bouncer from add\remove programs, I asusme you did this?

 

Heres some pointers, stuff to remove, etc:

Have not seen C:\WINDOWS\goidr.exe before, looks like a trojan:
http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=126656

C:\WINDOWS\System32\nvsvc32.exe
Go to your control panel, administrative tools, services and disable Nvidia driver helper service. That ends that one

Remove:
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

Woops, heres the problem:
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL
Theres a folder there, you might want to try and delete the folder from safe mode, delete these lines in Hijack This and verify add\remove programs as well as not in startup.

Trojan again, same as first mention:
O4 - HKLM\..\Run: [goidr] C:\WINDOWS\goidr.exe




UNSURE, hopefully Chaslang or someone recognizes them. Searched, found nothing either:
O4 - HKLM\..\Run: [hxdebc] C:\WINDOWS\System32\hxdebc.exe
O4 - HKLM\..\Run: [izonax] C:\WINDOWS\izonax.exe
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O2 - BHO: SDWin32 Class - {78F8226C-86D7-4892-9CBE-3B584AE70A16} - C:\WINDOWS\System32\hxdeb.dll
O4 - HKLM\..\Run: [Windows SA] C:\Program Files\WindowsSA\omniscient.exe

 

You found them all Major! I agree. Even the ones you said "Unsure" have to go. One of them (C:\WINDOWS\aqadcup.exe )
is on PestPatrol's unknow trojan list.

The omniscient.exe file is a Search Assistant. See:
http://www.pestpatrol.com/PestInfo/s/search_assistant.asp

BluesMan,
You had more than VirtualBouncer problems. I'm sure you will have no problem following the PestPatrol info for omniscient.exe removal. But before beginning to remove any of these first check Add/Remove programs. The MyWay Search Assistant stuff may be removable from there and so might be WindowsSA.
If not, do it manually.

Kill all the EXE processes from Task Manager (if found):
goidr.exe
hxdebc.exe
izonax.exe
aqadcup.exe
omniscient.exe

Then you should try to unregister MYSRCHAS.DLL and hxdeb.dll first (using regsvr32 /u dllfilename) from the run dialog box.

Now fix all the recommend lines with HijackThis (first select the lines then exit all browser sessions before fixing).

After that reboot to safe mode and delete:
C:\Program Files\MyWay\SrchAstt <--- the whole directory in Add/Remove did not do it
C:\WINDOWS\goidr.exe
C:\WINDOWS\System32\hxdebc.exe
C:\WINDOWS\izonax.exe
C:\WINDOWS\aqadcup.exe
C:\WINDOWS\System32\hxdeb.dll
C:\Program Files\WindowsSA <--- the whole directory in Add/Remove did not do it

Now reboot in normal mode. If still having Virtual Bounce problems, try this:

• step 1: Remove these registry items (if present) with RegEdit:
  
  HKEY_LOCAL_MACHINE\software\microsoft\cryptography\services\durl

HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\virtual bouncer​

• step 2: Remove this file (if present) with Windows Explorer from your profile path:
  
  start menu\programs\startup\virtual bouncer.lnk
• step 3: Remove this directory (if present) with Windows Explorer from your profile path:
  
  
  \start menu\programs\virtual bouncer

Let us know how this all works out. If still having a problem, tell us and give us a new HJT log attachment.

 

Cool, do I like get a cookie or something?! Log files are tough to analyze for sure because these parasites are getting trickier. Finding theres a new variant to this didnt make me too happy either, just means more, random filenames. Let us know Bluesman.

 

FYI, Hijack This was updated minutes ago, everyone using it, get a new copy.

 

BluesMan,

Did we get everything fixed?
And thanks for feeding back the additional info on the other items you found.

Major,
Yeah! I got a big fat chocolate chip cookie waiting for you. You just have to ride down here and get it.