VX2, PeopleOnPage,etc

I have been trying to get rid of vx2, peopleOnPage and a few other spyware/malware from my computer for a month. I have read many of the support forum postings, and was going to attempt to follow the directions for removal, but I get the impression that I need to run hijackthis first as the vx2 renames itself differently (dill names may not be the same as what I have been reading). I am ready to call dell and have them walk me through a clean install of windows xp home (my existing os) but I hate to do that since my wireless network drivers are very difficult to find and install.....HELP...I have run spybot S&D, adaware with the vx2 fix, a2, and cwshredder...my desktop looks like an ad for antispyware...I have the same problem as many others....it is detected, but not removed in safe and reg mode and vx2 fix says system clean....I am somewhat of a novice, so I really need detailed help. Thanks.

 

Hi screedman2,

Please start with the Cleanup Tutorial HERE:

READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan and Virus Removal

There are only a few of us Volunteers who regularly offer advice in this forum. Running through the above Tutorial will remove a lot of stuff that would otherwise clog a HijackThis Log and save us valuable time.

Please let us know the steps that you are able to complete and the ones that give you problems. Note that you need to be in Safe Mode with System Restore OFF (if you have it) and have the Viewing of Hidden Files ENABLED as per the instructions in the link. Make sure to do the Online Scans.

Post back and let us know how you fared. Also, send us a HijackThis Log. Please be sure to follow the instructions below:

Note that your HijackThis should be up-to-date (v1.99) and MUST be extracted to its own safe folder – C:\Program Files\HijackThis!
Should you need a Fresh Download of HJT, get it HERE: HijackThis v1.99

Also note that, before you scan, you MUST close all running programs including your web browser, e-mail and items in the system tray.

Please save your HJT Log as a .txt File and attach it via the "Manage Attachments" tool in the Additional Options section when you post.

Completing the above Tutorial should put your machine in a good state to go after that peasky VX2 variant if you are indeed infected with it. I’m not around this forum too often these days, but somebody will try to take a look when they get a chance.

Best luck
PP

 

I just installed and ran the microsoft windows antispyware software...it is taking forever, then I will install and run the rest of the downloading tools you stated. I will then run hijack this and send you the report. THanks for getting me started....I will be back to you with the hijack this report as soon as I finish.....Is it okay if I do all the requirements, send the hijackthis report and shut down, while I await your answer? Thanks, Screedman2

 

Yes, go ahead and shut down. After I take a look (Probably get some free time Sunday evening), if further scans are needed you will not be able to reboot after doing them. But, we'll wait and see.

PP

 

Now I have a real problem...I finished the microsoft windows antispyware scan, removed all it suggested, rebooted as told, and now when I reboot, it gives the message cannot find C: I keep hitting okay until it goes away and the desktop comes back up....HOWEVER, my firewall is off and will not allow me to turn it on....On Boot up it says:
an exception occured while trying to run "c:\windows\system32\cjrpol.dll", umonitor----------I press okay
windows cannot find C:\progra~1\toolbar\tbps.exe type name correctly and search..............i press okay
windows cannot find c:............i press okay
windows cannot find c:............i press okay
desktop loads and message tells me firewall is off, i open security center and try to enable and it says security center could not turn on windows firewall
to to control panel and open windows firewall and try to turn on and I get the message windows firewall cannot be displayed because associated service is not running..do you want to start windows internet connection sharing (ICS) I say yes and it tells me it cannot start windows internet connection sharing....
PLEASE help...without a firewall, I am in worse shape for getting more viruses and adaware

 

Hi Screedman2,

I'm sorry - I did not realize that M$ Anti-spy had made it into the tutorial. When you mentioned it, I thought it was something you were doing on your own.

cjrpol.dll & tbps.exe are Malware. The M$ program obviously did not remove them thoroughly.

Try to get me a HJT log in normal boot. Also, see if you can run Spybot and Ad-Aware in safe mode to clean up those remnants.

I won't be here again until Sunday night at the earliest. I dropped a message to Chaslang to take a look at this thread and he may have a suggestion or two.


For your Firewall concerns, try one of these FREE ones temporarily until we figure this out! Actually, if you have been using the Windows Firewall, you may find either of these preferable as they monitor both inbound and outbound traffic:

Sygate Personal Firewall Free

ZoneAlarm Free

Hang in there! I will try to check back Sunday night and we will work this out!

PP

 

Thanks, I am running spybot and adaware in safe mode now....then I will reboot in normal mood and run hijack this and send you the log....I will install one of the other firewalls in the meantime for safety. THanks, Screedman

 

Okay...ran spybot and adaware in safe mode. When I rebooted I said to go back to last known good configuration. Norton came up on boot and said fixing log on c and I did not get a message that windows could not find c: this time....however, I still cannot turn on my firewall...I am sending you the logfile from hijack this....it is attached. Now I will try to download one of the other firewalls you sent me so I can feel safe until we fix the windows firewall. My fear is I had so much trouble getting my existing dlink wireless network card to work with the windows firewall, I am afraid to install another firewall for fear the network will not work.....I hope this doesn't happen....maybe I'll just keep the system shut down until I hear back from you.....I did uninstall ms antispyware....I thought it best to get rid of it after it "lost" my firewall ability. Anyway, thanks again and the logfile is attached. Screedman

 

Thanks, I will go do that. After I installed zone alarm last night, I ran adaware and spybot in reg mode and for the first time in a month, I did not see vx2, but peopleOnPage came back. And the computer is still running very slow and sluggish. I am guessing this lrccp32 and lap1_qc hold the remaining spyware located on this computer...possibly vx2 leftover files or PeopleOnPage?
I guess the microsoft antispyware may have gotten rid of it or most of it....along with my ability to use the windows firewall? I did remove it from my computer completely after what happened, and because it constantly warned me about "hunter" trying to access my system, and no matter how many times I said remove and it successfully removed access and files, the message came back. I think I will wait on installing their new antispyware until it is more perfected.
Just as an aside, will what you have told me to do allow me to enable my windows firewall again, or is that gone for good? Do you know of any way to possibly get it back? I have zone alarm installed now and running with my norton antivirus, and I plan to finally install spyblaster, which I have been holding off on until I got this thing under control, which I hope is now under control. Any suggestions on other software I should have to avoid going through this again? Thanks again for all your help...Screedman

 

Decided to run adaware in safe mode one more time before trying your fix and guess what? I lied! It found VX2 again, so it is NOT gone...still there....I guess it was just wishful thinking.......and as usual, it could not delete the system32 guard temp. I will go try your fix now.....and send you the log file...hopefully that will help. Thanks, Screedman

 

Okay...I ran your fix and have attached both the hijack this file and the findit log....just as an aside...after the fix, my webjal program no longer works. Is this because we did a fix on hosts:216.19.0.250 idenupdate.motorola.com? Can this be fixed or do I need to reinstall the program? I am ready for the next step on the vx2 problem....Thanks, Screedmam

 

Hi Guys, sorry it took a day for me to get back to you, but what I feared most, reformatting the entire system, happened. The whole system started doing weird things....cannot find c:, a host of other crazy messages, and many of my programs just stopped working....so, I spent the day reformatting the hard drive and reinstalling the os and all the software....This is the second time in a year I have had to do this with two different computers due to spyware.....what a pain in the neck. Anyway, system is back up and running and the only problem I seem to have is spybot removed "wild tangent" and now I get an rundll error message every time I boot up saying: Error loading c:\Program Files\Wild Tangent\Apps\CDA\CDA Engine0400.dll
Don't know what that means, but I click okay and everything appears to be up and running....Any idea what the message means and if it can cause a problem? Thanks, Screedman

 

Hi Screedman,

I just wanted to extend an apology for the hassle that the M$ tool caused. It has been removed from the Cleanup Tutorial, at least until the bugs get worked out! Even though Chas and I volunteer our free time in this forum and offer our advice free of charge, we take pride in doing the best job possible. This incident reflects poorly upon us.
Please accept my sincere apology for the inconvenience this has caused you.

PP

 

Hey Phil...you have nothing to appologize about....you guys provide a great service and my incident is rare from what I have seen in your forum. Looking on the bright side, at least we all were able to discover some bugs with the new ms antispyware that may help others.....I appreciate the time you guys took to help me and I plan to continue as a member of your site. You guys are very knowledgable and helpful to so many of us, and when you think about all the bad out there on the internet, it is great to have a reliable and resourceful site to turn to...Thanks again, Screedman