bjgarrick Question about VX2 and its variants

Didn't want to clutter Dstruve's thread on installing spyware faster than I can remove them with chatter.

I went back through the HijackThis Log and saw a couple of the lines I missed.

When it comes to VX2 and its variants what exactly should I be looking for?

TIA
Shadow

 

In a HJT log you will see an entry similiar to the one below.

O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\m8ls0i37e8.dll <-- Notice the odd file name, most infected files hide around in the system32 directory but can be anywhere. Files like this with the letters and numbers usually indicate a VX2\Qoologic infection. They will add themselves to the Winlogon Notify key just like in this entry, this is the easiest way to detect this infection.

 

Ok, so the following line is the VX2

O20 - Winlogon Notify: StillImage - F:\WINDOWS\system32\lvlm0931e.dll

Using L2MeFix Tool, Generic Detection Tool - NT/2000/XP & Pocket KillBox how do you get rid of the VX2 infection?

 

It appears to be, the L2MeFix Tool will remove this infection. The L2MeFix Tool has several options, you can run and do a log or run and do a fix.

The Generic Detection Tool and Killbox is to remove any leftover infections. You will see these from the logs the tools produce.

I will check the logs and so forth in the thread with this infection and go thru and you can watch every step so you can learn it.

 

deal