Ad-Aware detects but does not remove VX2

[r_mervart]

Ad-Aware detects VX2 but fails to remove it. It just hangs. It points to
various registry entries and one program at C:/Windows/System/OICJVUX.EXE .
I cannot delete it manually as it reports being used by Windows . Any ideas?

Thanks
Roman

 

[Ian JP Kenefick]

Ad-Aware detects VX2 but fails to remove it. It just hangs. It points to
various registry entries and one program at C:/Windows/System/OICJVUX.EXE .
I cannot delete it manually as it reports being used by Windows . Any ideas?

Thanks
Roman

What OS are you using? If you use 2000 or XP then use Microsoft
Antispyware. It has better detection and removal routeen than adaware.
Otherwise try spybot s&d


Regards,
Ian Kenefick
http://www.ik-cs.com
no snake oil here!

 

[Dave Budd]

Ad-Aware detects VX2 but fails to remove it. It just hangs. It points to
various registry entries and one program at C:/Windows/System/OICJVUX.EXE .
I cannot delete it manually as it reports being used by Windows . Any ideas?

Thanks
Roman

Boot into Safe Mode or even Safe Mode With Command Prompt and
then delete it.
Of course, deleting files without sorting out how the registry
expects them to be used and what else they stitch into isn't
always a good idea. It's possible you'll end up with a machine
that won't boot at all.

 

[r_mervart]

What OS are you using? If you use 2000 or XP then use Microsoft
Antispyware. It has better detection and removal routeen than adaware.
Otherwise try spybot s&d

No, I am still on Windows 98SE. I did try spybot s&d , it has reported to
have found VX2/f,
then reported that it had been removed. But VX2/f appear to be some files in
C:/Windows/Temp, possibly regenerated every time the actually program runs.
I suspect it did not tackle C:/Windows/System/OICJVUX.EXE because Ad-Aware
still points to it and when I go back to Spybot Search&Destroy this VX2/f
reappears again.

Roman

 

[r_mervart]

Boot into Safe Mode or even Safe Mode With Command Prompt and
then delete it.
Of course, deleting files without sorting out how the registry
expects them to be used and what else they stitch into isn't
always a good idea. It's possible you'll end up with a machine
that won't boot at all.

Although it is reported by Ad-Aware as malware I am reluctant
to just delete that file even if I could without knowing
that this is definitely not required by Windows
Roman

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ad-Aware detects VX2 but fails to remove it. It just hangs. It points to
various registry entries and one program at C:/Windows/System/OICJVUX.EXE .
I cannot delete it manually as it reports being used by Windows . Any ideas?

Thanks
Roman

http://www.lavasoft.com/software/addons/vx2cleaner.shtml

"Lavasoft?s new add-on VX2 Cleaner detects the malware VX2 and offers you
the ability to remove it from your computer. Some users have experienced a
very difficult variant of VX2 which cannot be removed by Ad-Aware. For
those users which have this variant, we have developed an add-on to help
you remove this VX2 variant."

I can't say I've tried it before - post back your results!

HTH,


Adam.
- --
Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCLYwn7uRVdtPsXDkRAnJyAJ9vt2EpKnDdrQ8mCggRZIdhdTa8NgCfYBEJ
0KlEkx63zvxau0XE4IBRRsQ=
=yff9
-----END PGP SIGNATURE-----

 

[rjdriver]

Ad-Aware detects VX2 but fails to remove it. It just hangs. It points to
various registry entries and one program at C:/Windows/System/OICJVUX.EXE
.
I cannot delete it manually as it reports being used by Windows . Any
ideas?

Thanks
Roman

As Adam suggested, get the specific VX2 plug-in for AdAware. It does not
run when you do a regualr scan. You must go to the plug in section and run
it alone. And you should do this in Safe Mode.

But there is a new, more insidious, VX2/Cool Web variant out here now that
is extremely stubborn, regenerating itself after every removal attempt until
you get every last file. I don't know of any single app that will get rid
of it all in one step. Try a Google( and Google Group) search on VX2 and
look for the *newest* recomendations/solutions.

Bob

 

[Ian JP Kenefick]

As Adam suggested, get the specific VX2 plug-in for AdAware. It does not
run when you do a regualr scan. You must go to the plug in section and run
it alone. And you should do this in Safe Mode.

But there is a new, more insidious, VX2/Cool Web variant out here now that
is extremely stubborn, regenerating itself after every removal attempt until
you get every last file. I don't know of any single app that will get rid
of it all in one step. Try a Google( and Google Group) search on VX2 and
look for the *newest* recomendations/solutions.

Bob

If I am not very much mistaken kaspersky antivirus detects and removes
the latest variants. Download Personal 5 from www.kaspersky.com/trials
and install/update then scan and delete. Please note 'extended bases'
need to be enabled. There is full instructions available on my website
in the 'Disinfect' section under 'Removal procedure b'


Regards,
Ian Kenefick
http://www.ik-cs.com
no snake oil here!

 

[r_mervart]

If I am not very much mistaken kaspersky antivirus detects and removes
the latest variants. Download Personal 5 from www.kaspersky.com/trials
and install/update then scan and delete. Please note 'extended bases'
need to be enabled. There is full instructions available on my website
in the 'Disinfect' section under 'Removal procedure b'

I have AVG on my PC, would it not be a problem to use kaspersky antivirus
while AVG is installed? (I probably try the suggested Ad-Aware plug-in
first)
Roman

 

[r_mervart]

As Adam suggested, get the specific VX2 plug-in for AdAware. It does not
run when you do a regualr scan. You must go to the plug in section and run
it alone. And you should do this in Safe Mode.

But there is a new, more insidious, VX2/Cool Web variant out here now that
is extremely stubborn, regenerating itself after every removal attempt until
you get every last file. I don't know of any single app that will get rid
of it all in one step. Try a Google( and Google Group) search on VX2 and
look for the *newest* recomendations/solutions.

I am probably a bit paranoid but what stops anyone to create a website that
would
tell me how to remove this and that but in fact would be designed to infect
my PC?
That is why I turned to the newsgroup first hoping for either a specific
advice or
a recommended source of reliable advice.
Roman
Roman

 

[Ian JP Kenefick]

I have AVG on my PC, would it not be a problem to use kaspersky antivirus
while AVG is installed? (I probably try the suggested Ad-Aware plug-in
first)
Roman

Yes, you would either have to stop the AVG engine service or uninstall
it. You cannot run 2 resident scanners simultaneously unless they were
deisgned to do so. In the case of Kaspersky and AVG neither of them
were.



Regards,
Ian Kenefick
http://www.ik-cs.com
no snake oil here!

 

[Dave Budd]

I have AVG on my PC, would it not be a problem to use kaspersky antivirus
while AVG is installed? (I probably try the suggested Ad-Aware plug-in
first)
Roman

Only if you run both as memory-resident. Try it in Safe Mode -
the memory-resident parts don't run there.

 

[Ian JP Kenefick]

I am probably a bit paranoid but what stops anyone to create a website that
would
tell me how to remove this and that but in fact would be designed to infect
my PC?

a dilemma for sure - some people in here are regulars and can be
considered trustworthy : I like to consider myself one of them. My
website contains such procedures in the 'Disinfect!' section. What's
to stop me from putting malicious instructions in place of the
legitimate/helpful ones? Nothing I suppose - I just value my
interests.

That is why I turned to the newsgroup first hoping for either a specific
advice or
a recommended source of reliable advice.

And you get it. There are many other sites - Art Kopps website,
Claymania, my own website..... there are lots of regs in here with
websites you just have to ask if you are unsure.


Regards,
Ian Kenefick
http://www.ik-cs.com
no snake oil here!

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I am probably a bit paranoid but what stops anyone to create a website that
would
tell me how to remove this and that but in fact would be designed to infect
my PC?
That is why I turned to the newsgroup first hoping for either a specific
advice or
a recommended source of reliable advice.
Roman

A very good point. I have found the web site http://www.spywarewarrior.com
a good starting reference for spyware information, including which programs
you can trust.

I have read through the PDF file attributed to Ian's "Removal Procedure B"
and can confirm it merely walks you through installing Kaspersky Antivirus
and does not seem to contain any malicious instruction or content.

If anyone's got a copy of the new/improved VX2 I'd be happy to have a few
rounds with it to see if I can get a removal procedure.


Adam.
- --
Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCLaCZ7uRVdtPsXDkRAtBwAJ9gQBKcTwbc8bSHd6fVb/Xgi4q8WgCfZer1
pfKaogqLX1bwH4bd3Zelrfc=
=IdEG
-----END PGP SIGNATURE-----

 

[Ian JP Kenefick]

I have read through the PDF file attributed to Ian's "Removal Procedure B"
and can confirm it merely walks you through installing Kaspersky Antivirus

not ot mention optimal coniguration, extra database options etc...



Regards,
Ian Kenefick
http://www.ik-cs.com
no snake oil here!

 

[r_mervart]

And you get it. There are many other sites - Art Kopps website,
Claymania, my own website..... there are lots of regs in here with
websites you just have to ask if you are unsure.

Newsgroups are useful because it is difficult for someone to give a
deliberately
bad advice without that being noticed. What I was really referring to was to
just
Google and then trust whatever comes up there.
Two sites AdwareSpy.com and Spywareguide.com came at the top of the list,
the second with a detailed manual removal instructions and that scared
me -

Roman

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

not ot mention optimal coniguration, extra database options etc...

Sorry - that came out wrong, I didn't mean to belittle your instructions!
What I meant to say that it didn't have anything untoward in it

Regards,


Adam.

- --
Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCLaxx7uRVdtPsXDkRAiegAJ9X4AToSP1C8ArF6bKswU93hvOUlQCgnksI
eybuC/YBaFv81fZsOjN4jjA=
=gO8X
-----END PGP SIGNATURE-----

 

[Ian JP Kenefick]

Sorry - that came out wrong, I didn't mean to belittle your instructions!
What I meant to say that it didn't have anything untoward in it

Regards,


Adam.

Yer grande boi. I know what ya meant


Regards,
Ian Kenefick
http://www.ik-cs.com
no snake oil here!

 

[r_mervart]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



http://www.lavasoft.com/software/addons/vx2cleaner.shtml

"Lavasoft?s new add-on VX2 Cleaner detects the malware VX2 and offers you
the ability to remove it from your computer. Some users have experienced a
very difficult variant of VX2 which cannot be removed by Ad-Aware. For
those users which have this variant, we have developed an add-on to help
you remove this VX2 variant."

I installed it and tried it but. It reports system as clear and so does
nothing.
If I run Ad-Aware after that VX2 file and related registry entries are
still there.
Admittedly I did not do it in safe mode but if it cannot see it in normal
mode
I surmise it will not see it in safe mode either -
Roman

 

[Adam Piggott]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

C:/Windows/System/OICJVUX.EXE .




I installed it and tried it but. It reports system as clear and so does
nothing.
If I run Ad-Aware after that VX2 file and related registry entries are
still there.
Admittedly I did not do it in safe mode but if it cannot see it in normal
mode
I surmise it will not see it in safe mode either -
Roman

It is important that you follow the disinfection procedures in Safe Mode.
Running the computer in Safe Mode will stop any spyware/virus before it
starts. Once it starts, it can stop other programs "seeing" it, or even
removing it.

Adam.

- --
Please replace dot invalid with dot uk to email me.
Apply personally for PGP public key.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (MingW32)

iD8DBQFCLf/17uRVdtPsXDkRAjKYAJ9ziBmIGuWLtZxCPeLjvY69L9vRuACfR5qb
JeFVJaA/Fo7n/rlU5CRh0s8=
=2Yv/
-----END PGP SIGNATURE-----