Spyware Warrior

[wawadave]

http://www.driverheaven.net/
Adspy-Virus that Norton 2004, Adaware & Spybot can not remove
Posted on Monday, April 19, 2004
at 6:44 PM by zerodamage - 47 Comments


I've come across the ugliest spyware to date. This thing will just not go away by normal means. Adaware, Spybot, nothing will remove it at this time.

I've been working on removing this spyware infection on a customer's computer for 2 days now. Adaware has an update to find the infection but what happens is that it can not be removed. Spybot doesn't detect it either. What happens is that Adaware finds this and says it will have to reboot, even in safe mode, and when the computer restarts, this spyware kills Adaware from starting up at startup. This spyware also connects to the internet and installs other spyware. Not only that but it digs itself into the Winlogon.exe file. You do NOT want this thing on your computer. The only way to remove this thing right now is by reinstalling windows and possibly by other complicated methods. Norton Antivirus 2004 did not detect it.

Now this thing is called: VX2.BetterInternet
The file is ausmsext.cpy.dll located in your system32 folder. This thing uses different DLL files and makes copies.
There is also a registry entry going into Hkey_Local_Machine/Software/Microsoft/Windows NT/winlogon/notify/guardian

Adaware classifies this thing as a Data Miner. Now there are ways to remove this but none of them are 100% and it finds ways of getting back. So the only sure way of removing this is a format and reinstall of Windows. Adaware finds it but can not fully remove it.
You can see how ugly this thing can be at the Adaware forums Here.

To help you avoid getting this thing, avoid the sites listed at: PCSympathy.com

This seems to be the only working method for removing this thing. It did not work for me but has worked for many others if you have this thing on your computer. Read the instructions Here

There is some good news in all of this. Spyware Blaster blocks this from ever installing on your system. You can download it from Javacoolsoftware. Remember to update after installing it. Also make sure you enable all of the protection.

These types of infections are only going to get worse. Laws need to be put into place to punish companies that do this.

UPDATE: I noticed this and it should tell you a lot about this VX2 stuff. Companies name was VX2 based out of the U.K.
Read about it here: ZDnet http://news.zdnet.co.uk/internet/0,39020369,2103354,00.htm


_________________
RFID tags! SPYWARE
Tired of proprietary Cor-pirationware?
http://www.openoffice.org/
Installing Vista http://tinyurl.com/2l9qyd

[Nick]

I know, it is nasty and even using Hijackthis won't remove it, as it may not even show in the log. It's also known as Look2me. It hides very well and will change it's filenames when being searched for. It requires several special tools and lots knowlege and time to kill it and then it may still be there...
_________________
Nick's Security Ticker

[CalamityKen]

Nick, "We have our best people working on it!"
_________________
Install IE-SPYAD and SpywareBlaster updated regularly available in the following links .
How did I get infected? http://boards.cexx.org/viewtopic.php?t=957
Calendar Of Updates http://www.dozleng.com/updates/index.php?&act=calendar
member

[Angry Homer]

man, this thing sound like the flesh eating bacteria, but in computers!! damn them! damn them all to hell!!!
_________________
I say kill the bastards first and ask questions later!!