I'm going nuts.

[jack]

I can not get rid of vbzuhlf.exe from my system32 directory. I've tried many
spyware hunter, but nothing can get rid of it. is there anything that can
delete it and keep it from coming back. my other spyware and viruses, I have
no problem deleting, just vbzuhlf. thanks for any help that someone can give
me

 

[Yves Leclerc]

Besides Spyware Hunter, try:

AD Aware SE 1.05
Spybot: Search and Destroy 1.3
CWShredder

Microsoft AntiSpyware Beta 1 (carefully) -- Technology is taken from
CounterSpy.

If all of these fail to remove it, try HiJackThis. Use it to make a scan
log and then post it to one of several web forums so as for someone could
guide you.

 

[kurttrail]

I can not get rid of vbzuhlf.exe from my system32 directory. I've
tried many spyware hunter, but nothing can get rid of it. is there
anything that can delete it and keep it from coming back. my other
spyware and viruses, I have no problem deleting, just vbzuhlf. thanks
for any help that someone can give me

http://groups-beta.google.com/group...e840da3b66aeee?q=vbzuhlf.exe#94e840da3b66aeee

--
Peace!
Kurt
Self-anointed Moderator
microscum.pubic.windowsexp.gonorrhea
http://microscum.com/mscommunity
"Trustworthy Computing" is only another example of an Oxymoron!
"Produkt-Aktivierung macht frei"

 

[Malke]

I can not get rid of vbzuhlf.exe from my system32 directory. I've
tried many spyware hunter, but nothing can get rid of it. is there
anything that can delete it and keep it from coming back. my other
spyware and viruses, I have no problem deleting, just vbzuhlf. thanks
for any help that someone can give me

Are you running your scans in Safe Mode? The malware you've got is
probably being respawned by some other file. Even though you've already
done some troubleshooting, go through the malware removal steps below.
Delete your Temporary and Temporary Internet files first and do
everything with updated tools in Safe Mode.

1) Scan in Safe Mode with current version (not earlier than 2004)
antivirus using updated definitions.

Before you remove malware, get LSPFix (or WinSockFix for XP which you
can get from MajorGeeks) - see links below.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

If the malware remains even after you used Ad-aware and Spybot, you can
scan with HijackThis. HijackThis is an excellent tool to discover and
disable hijackers, but it requires expert skill. See below for
HijackThis links, including sites where you can post your HJT logs. A
combination of HijackThis and About:Buster works well in removing the
About:Blank homepage hijacker. Again, this is an expert tool and
novices should get help with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore after the system is clean because malware will be in the
Restore Points. With ME, you must disable System Restore completely.
With XP, you can delete all but the most recent (presumably clean)
System Restore point from the More Options section of Disk Cleanup
(Run>cleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Links to help with malware:

Software/Methods:
http://www.safer-networking.org - Spybot Search & Destroy
http://www.lavasoftusa.com - Ad-aware
http://www.majorgeeks.com - good download site
http://www.intermute.com/spysubtract/cwshredder_download.html
http://www.silentrunners.org/sr_cwsremoval.html. - SilentRunners
http://www.cexx.org/lspfix.htm - Repair Winsock 2 settings after
removing spyware
http://www.spychecker.com/program/winsockxpfix.html - WinsockXPFix.exe

HijackThis:
http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Jim
Eshelman
http://aumha.net - forums
http://spywarewarrior.com/viewforum.php?f=5 - Spyware Warrior HijackThis
forum
http://www.wilderssecurity.com/
http://forums.tomcoyote.org/

General:
http://aumha.net - look under "Security" for various forums
http://rgharper.mvps.org/cleanit.htm
http://mvps.org/winhelp2002/unwanted.htm
http://www.aumha.org/a/parasite.htm - The Parasite Fight
http://www.spywarewarrior.com/rogue_anti-spyware.htm

Malke

 

[Menno Hershberger]

I can not get rid of vbzuhlf.exe from my system32 directory. I've
tried many spyware hunter, but nothing can get rid of it. is there
anything that can delete it and keep it from coming back. my other
spyware and viruses, I have no problem deleting, just vbzuhlf. thanks
for any help that someone can give me.

Download all these that you don't already have

Spybot Search and Destroy
http://www.safer-networking.org/en/mirrors/index.html
http://www.pcworld.com/downloads/file_description/0,fid,22262,00.asp

Adaware SE Personal
http://www.download.com/3000-2144-10045910.html

HiJack This
http://www.spywareinfo.com/~merijn/files/hijackthis.zip

CWShredder
http://www.intermute.com/spysubtract/cwshredder_download.html

LSPFix
http://www.cexx.org/lspfix.htm

Update AdAware and Spybot S&D with the latest definitions,

Open Task Manager (control-alt-delete).
Looks under the processes tab.
If "vbzuhlf.exe" is shown as a process then "End Task" on it.
End Task on *any* suspicious tasks that are running.
If you see WToolsA or WToolsS, make a note of it. You can try to end task
on them but they'll probably keep coming back. Then go to Start-Run and
type in "msconfig". Click on the Startup tab. Remove the checkmark from
any suspicious startup items. Namely "vbzuhlf.exe or WTools, or anything
that suggests Bargains, Save, Rebate, WhenU, etc.
Then reboot the computer in SAFE MODE. Do this my continually tapping on
the F8 key when the computer starts. You'll get a menu which will give
you several options. Pick Safe Mode. Then pick Windows XP, even if it's
the only choice you have. Next you'll be asked to log on. If it's Home
Edition, your choices will be Administrator or Owner. (Owner might be a
username). If the Owner or Username is an administrative account, then
pick that. If you're not sure, pick administrator. When you get booted
up, run msconfig again and see if the items you unchecked are still
unchecked. If they aren't, then uncheck them again. Then run CWShredder,
AdAware, SpyBot Search & Destroy over and over until none of them are
finding anything. In Windows Explorer, under Tools, Folder Options, View,
make sure "Show all Files" is selected. Make sure the next two
selections, "Hide extensions for known file types" and "Hide protected
operating system files" are UNchecked. Then search for "vbzuhlf.exe". If
you find it, delete it.
Then reboot into normal mode. If you now have a problem connecting to the
internet, then run LSPFix. See if you're OK now. If not, post back. You
may need to run Hijack This and post the logfile in an appropriate forum
for further help. I'll explain how to do that if need be.

 

[PA Bear]

Also see http://aumha.net/viewtopic.php?t=10610

 

[Kelly]

Hi Jack,

In most cases without using third party, this takes three steps.

1. Start/Run/Regedit

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Gain the exact path.
Note: Save these two to regedit favorites.

2. Start/Run/Msconfig/Startup

Gain the exact path.

3. Follow the path via Windows Explorer.

Leave/have all three windows opened, now open the Task Manager.

Once knowing the exact path, end the process via the Task Manager, then
delete the entry via Windows Explorer. From there, delete the run command
from both regedit and msconfig. With regedit still open, hit F5. If it
replaces itself, you didn't do it in a timely manner or you didn't follow
the exact placement path.

Note: In some cases, depending, you will be allowed to rename the .exe via
safe mode and then delete.

If the above hasn't helped:

Run Ad-Aware SE, Spybot and HijackThis:
http://www.majorgeeks.com/downloads31.html

Note: Update the first two programs, once installed, before running.

Free Online Virus Scan
http://housecall.trendmicro.com/housecall/start_corp.asp

Good luck and keep us posted!

--
All the Best,
Kelly (MS-MVP)

Troubleshooting Windows XP
http://www.kellys-korner-xp.com