Results 1 to 5 of 5
  1. #1
    bubba0216
    Guest

    Default Please help, VX2 problem

    I have this god dang VX2 crap on my computer that I cant get rid of. Every post on the net that I have looked at talking about this thing say to use either the VX2 finder program or the plug in for Adaware to get rid of it. VX2 finder finds no files, and no "Guardian" thing, it just finds a UserAgentString. Also, the plug in for adaware says that my system is clean. When I run a regular scan with adaware though, it finds VX2 crap, and a file named 6kO4SVC.cpy.dll that it is unable to delete. I have been working on this thing for more hours than I ever have for any other problem on a computer, and any help would be greatly appreciated.

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    You say { VX2 finder finds no files, and no "Guardian" thing,}

    Have you looked for a guardian folder with regedit ?

    Navigate to the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Guardian.

    If the Guardian folder is there, I can give you manual instructions to delete the malware...

    If it isn't ... you will need to use the "recovery console"

    You will need your XP cd

    Let me know

    cheers

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  3. #3
    bubba0216
    Guest

    Default Guardian

    Yeah I did find the guardian folder, and there were some entries (3 i think) related to VX2. Just for your info, if I delete one of these keys then it simply reapears in a second or two.

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Start->Run and type regedt32 then hit enter

    Navigate to the key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Guardian.

    Click on the "Guardian" folder in the left pane and there should be a filename in the right pane with a path to the System32 directory. Make a note of that file name (it may be the 6kO4SVC.cpy.dll file you saw earlier).

    With the Guardian folder still highlighted, go to the top menu on that screen and click on Security->Permissions> then uncheck the box: "Allow inheritable permissions". Hit ok, and REMOVE on the next prompt.

    - Restart the computer

    When back in windows, find and delete the 6kO4SVC.dll in the System32 directory that you noted above, along with it's companion that will also be in the System32 folder and will have the name 6kO4SVC.cpy.dll

    After deleting those two files, start regedt32 again and navigate back to the same key as before. Highlight the Guardian folder, then choose Security->Permissions and recheck the box on that key that you unchecked earlier and click Ok. Now right click on the Guardian folder and select "Delete".

    Then run Ad-Aware again. While online, start Ad-Aware, click on the "Check for Updates Now" link at the bottom right, then click "Connect". After it updates, click "Finish". Back on the main screen, click "Start" then check "Perform Smart System Scan" and make sure ""Activate In-Depth Scanning" is green, then hit "Next". When it finishes scanning and the "Scanning Results" screen shows up, right click in the window and choose "Select All Objects" then click on "Next" then "OK". Reboot.

    let us know

    cheers

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    bubba0216
    Guest

    Default

    Dude, you da man. I've been trying to kill that thing using help from www.computercops.biz for like 10 hours, they had me doing all kinds of crap. Your method took about 3 min and was much easier.
    Greatly appreciate the help

    -bubba