VX2 Problem

Hello.

I have used your forum to find information to help me help others in my area to fix their problems, but I'm having trouble fixing the VX2 issue. I assume it is VX2 because I have browsed the forum and found other people with similar issues to what this machine is doing and you diagnosis it with VX2.

I have followed the tutorial and had problems with Ad-Aware deleting xxx.dll (name changes after reboots), and with CWS Shredder crashing. I also get the exception window 'windows\system32\xxx.dll, UMonitor' error.

I have downloaded all the tools per the guides and ready to submit HiJackThis and GDT logs.

I've learned a fair ammount from watching you pros handling non-VX2 problems that I feel comfortable working with a lot of issues, but I'm at a bit of a loss as to how you use the two logs and determine which dll's are from VX2. If I understood better, I might not have to bother you guys again in the future.

Thanks again for your help!!!

 

Do you have the proper tools for your OS?

Did you download KillBox from my link? - You must have the latest version.

Go ahead and post the logs. Note that after posting, you must not reboot!

I will not be able to look at them until Saturday evening at earliest. Very busy! Chaslang may have time before then, though.

PP

 

Yes, I got all the tools, and yes I downloaded the latest version from your instructions on another thread. Here are the logs.

Thanks guys. I'm trying to learn how you are reading the logs to be able to help myself and others...I understand and appreciate the time burden you have for helping all of us.

 

Hi Deason,


Please download this tool:

LSP - Fix

Please run LSP-Fix.

Check the Box labeled "I know what I'm doing" and then click on the calsp.dll file (in the “Keep” section) to select it.

Then, Select the >> button to move calsp.dll into the Remove section.

Now, click the Finish Button. When the Repair Summary box appears, click OK.

Now, Reboot and then scan with HijackThis and attach that log. Also, give us a fresh Find.bat log. Chaslang or I will check back when time permits - For me, it's still Saturday evening.

You have additional malware in your log that needs to be addressed as well!

PP

 

I ran LSP-Fix and also reviewed the HiJack This file and deleted a couple processes that were malware. Here are the current logs.

 

Okay, I went ahead and used KillBox as instructed in other threads to delete

wwcsapi.dll
lv4o09h3e.dll
r6p8lg7u16.dll
ir02l5do1.dll
LVCMGR10.DLL
e0jmla111d.dll

I also got rid of guard.tmp. After reboot, I deleted desktop.ini via KillBox and used VX2Finer and clicked 'Restore Policy'

Here are the latest logs. Things seem to be better, but I might have missed something.

Thanks for the help PP.

 

You still need to deal with the User Agent, Narrator (Qoologic) etc. . .

Really busy, but will try to post something for you Tonight or Sunday Evening as time permits.

PP

 

Hi Deason,

Here are the finishing touches:

Please open Pocket KillBox and select the “Delete on Reboot” Option. Copy and Paste each of the following into the box, making sure Delete on Reboot is Checked for each entry. Click the Red X to Delete each one, but DO NOT Allow your machine to Reboot until the last item has been entered:


C:\WINDOWS\SYSTEM32\banooe.dll
C:\WINDOWS\SYSTEM32\opqyyc.dll
C:\WINDOWS\SYSTEM32\wqazzh.exe
C:\WINDOWS\SYSTEM32\bvkaap.dat
C:\WINDOWS\SYSTEM32\rkgiiw.exe
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\tniuuh.exe

When the last item has been entered and you are prompted to reboot, allow KillBox to Reboot your computer.


NOW:
Copy and paste the information below to notepad. Save it to your Desktop as type "all files" and name it fixvx2.reg


REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{F38AF37C-8813-4D16-B6BF-A335491482AC}"=-
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\MCD]
[-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Narrator"=-



Now:
Click on the fixvx2.reg file you made and allow it to merge the registry entries into the registry.


Attach a freshFind.bat log and a Fresh HJT log and we'll see where you stand.

I will try to check back when time permits.

PP

 

Well, had some problems.

I came back to the laptop which had gone to hibernate, and when the screen came back, Windows was frozen. Upon a hard reboot, Windows would not start due to a missing system file. I tried to run WinXP repair, but the program could not find the hard drive and after a subsequent reboot, the bios could not find the hard drive either. Needless to say, it is getting sent to Dell. Hopefully, once these issues are resolved, the rest of the spyware problems can be addressed.

I do not believe the spyware had anything to do with this system failure, but who knows for sure.

Thanks for the help.

 

Hope Dell can fix you up right. I haven't seen VX2 do this before, so what you surmise is likely correct. Good luck!

PP