A
Adam
I struggled with this for a week, and finally figured out
how~!!!
VX2 seems to come in many variations, but they all seem
similar. The one I had planted atleast 2 files on my
computer:
msguard.dll
msg118.dll
These files cannot be deleted because they are in use.
The program also made a registry key:
hkeylocalmachine\software\microsoft\windows
nt\currentversion\winlogon\notify\guardian\.....
There was also another key that was the same except
instead of \notify\ it was \notify_disabled\
The way I got rid of this bug was to go into regedit and
right-click on the "guardian" subkeys and change the
permissions for the system service to disabled. Note that
there is a switch to disable that holds permissions from
previous subkeys, and I switched that off.
Then I rebooted. I went into safe-mode dos prompt. I dont
think it is necessary, since that never helped in the
past, but I wanted to be SURE as little programs run as
possible. At the dos prompt, I deleted these two
programs, windows\system32\msguard.dll and msg118.dll (I
have seen reports that there are sometimes a msg117.dll
too -- if you have it delete it!) I wasnt able to do that
before, but since the key that calls these programs is
disabled from running, the files are nolonger in use.
Then I re-booted and ran my favorite anti-spyware program,
and it ran out of virtual memory while trying to delete!
The problem was that it couldnt access the key it was
trying to delete, so it just kept trying! I went back
into the registry and re-enabled the keys and re-ran the
spyware and voila! Its gone!!!!!!!! I have seen other
people do things that worked once for one person, and
maybe this was my lucky break, but this is what worked for
me so maybe it will work for you!!!!!
how~!!!
VX2 seems to come in many variations, but they all seem
similar. The one I had planted atleast 2 files on my
computer:
msguard.dll
msg118.dll
These files cannot be deleted because they are in use.
The program also made a registry key:
hkeylocalmachine\software\microsoft\windows
nt\currentversion\winlogon\notify\guardian\.....
There was also another key that was the same except
instead of \notify\ it was \notify_disabled\
The way I got rid of this bug was to go into regedit and
right-click on the "guardian" subkeys and change the
permissions for the system service to disabled. Note that
there is a switch to disable that holds permissions from
previous subkeys, and I switched that off.
Then I rebooted. I went into safe-mode dos prompt. I dont
think it is necessary, since that never helped in the
past, but I wanted to be SURE as little programs run as
possible. At the dos prompt, I deleted these two
programs, windows\system32\msguard.dll and msg118.dll (I
have seen reports that there are sometimes a msg117.dll
too -- if you have it delete it!) I wasnt able to do that
before, but since the key that calls these programs is
disabled from running, the files are nolonger in use.
Then I re-booted and ran my favorite anti-spyware program,
and it ran out of virtual memory while trying to delete!
The problem was that it couldnt access the key it was
trying to delete, so it just kept trying! I went back
into the registry and re-enabled the keys and re-ran the
spyware and voila! Its gone!!!!!!!! I have seen other
people do things that worked once for one person, and
maybe this was my lucky break, but this is what worked for
me so maybe it will work for you!!!!!
