Antispyware beta

  • Thread starter Thread starter J Hatch
  • Start date Start date
J

J Hatch

This software does not remove a variant of the VX2, which
no other antispyware can either. It can only be prevented
from running by modifying the programs files under the
system32 folder (XP) and adjusting the permissions etc.
 
Hi J,
Did you try booting from Safe Mode (F8) and scanning from there?

I would also suggest Adaware with the VX2 add-on as a tool to use in your
circumstances.

Ron Chamberlin
MS-MVP
 
In addition to Ron's able advice--can I suggest that you submit a Tools,
suspected spyware report from an infected machine, if possible?
 
-----Original Message-----
This software does not remove a variant of the VX2, which
no other antispyware can either. It can only be prevented
from running by modifying the programs files under the
system32 folder (XP) and adjusting the permissions etc.
.
Click to expand...

I have found 3 more that the software also has a problem
with. Like you stated you can only block them, not
remove them.
4tpg95.exe
qpws32.exe
upppx.exe
But I have to say that it has got rid of Sypware other
software couldn't handle. Overall I'm pretty pleased
with it.
 
If you can find a machine which is capable of submitting Tools, Suspected
spyware reports--such reports with one or more of these critters in place
would be welcome.
 
-----Original Message-----
This software does not remove a variant of the VX2, which
no other antispyware can either. It can only be prevented
from running by modifying the programs files under the
system32 folder (XP) and adjusting the permissions etc.
.
Click to expand...

Do you have any specifics of how to get rid of VX2??? Or
how I got it? Or does ANY spyware block it?

Help me... What can I do to avoid this in the future?

Thanks
 
To avoid it in the future, keep Microsoft Antispyware's real-time protection
running.

To remove it-there are a number of Vx2 variants.

Microsoft Antispyware, especially when run in safe mode, will remove some of
these variants.

Lavasoft's ad-aware, with the Vx2 cleaner add on tool, will remove others.

Still others still require expert attention via HijackThis logs, and posting
in forums such as those provided at www.aumha.org

The VX2 variant I tested was installed by me, in the guise of a freeware
utility from a site which had a collection of such utilitys very
professionally displayed, whose sole purpose was to install the spyware
which went along with them.
 
I too have found this with 5 scans of MS Anti-spyware
Numerous Ad Aware SE scans & spybotSD , none seem to
effective on it. although Ad Aware has a plug in for this
Varmit it is uneffective on the variation of it. It seems
that the Vx2 is some how using and installing a random name
dll or install , Even doing a Registry search to mannualy
remove all its remote calls, deleting the files in system
32 , all of the known file names that link to Vx2 . So i
think Vx2 and alike code should be a focus for future
updates. Maybe Notification of Known & Unknown File writing
or copying files with the opiton to turn the Known file
feature on and off . ALso MS ASW is not to effective
against WOUWK files. it could be that the two are linked to
Vx2 or are alike in code, but I can't comfirm that . I
also think that MS anit spyware should have an option in it
to set the permissions of the questionable file in
addition, notification that the file is in use or is being
access and by what file , program , port . I know Firewalls
listen to the ports, i have 3 running 2 physical and 1
software But that doesn't even stop this clever little bit
of code.
 
TheKidGuf said:
I too have found this with 5 scans of MS Anti-spyware
Numerous Ad Aware SE scans & spybotSD , none seem to
effective on it. although Ad Aware has a plug in for this
Varmit it is uneffective on the variation of it. It seems
that the Vx2 is some how using and installing a random name
dll or install , Even doing a Registry search to mannualy
remove all its remote calls, deleting the files in system
32 , all of the known file names that link to Vx2 .
Click to expand...

We are dealing with rootkits and with newer variants of
these petst are an rather big challenge to solve.

These dll,s are also hidden in stealth mode.

Sysinternals have a new tool for finding rootkits.

http://www.sysinternals.com/ntw2k/freeware/rootkitreveal.shtml

This is research from MS about this:

http://research.microsoft.com/rootkit/


We have the same situation with CWS and about:blank.


You can find a lot of how to solve with different tools
within these Forums.

http://www.a-sap.org/

So i think Vx2 and alike code should be a focus for future
updates. Maybe Notification of Known & Unknown File writing
or copying files with the opiton to turn the Known file
feature on and off .
Click to expand...

This is rather difficult beacuse this will also block
friendly programs
with friendly dll,s.
 
Back
Top