AdAware/NoAdware/Spybot all failed...

Discussion in 'adware, spyware & hijack cleaning' started by JVRudnick, Apr 23, 2004.

Thread Status:
Not open for further replies.
  1. JVRudnick

    JVRudnick Guest

    In trying to rid my box (w2000Pro) of adledit.dll file.

    This file, when the box starts up, is reponsible for switching my own google toolbar search querys directly over to a page called www.zestyfind.com and it answers the query.

    I WANT THIS GONE!

    Can anyone help? I've run the above 3 anti-spyware apps. Spybot can't find the intruder. NoAdware can't find it. AdAware finds it, but says it can't delete it till after a restart, which I click YES to..and then restart, and then it's still here!

    Anyone got a pointer to get rid of this crap?

    Jim
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
  3. JVRudnick

    JVRudnick Guest

    thanks for that pointer...I'll try it next....

    BUT...

    AdAware now says that I'm infected with VX2.BetterInternet -- which is both a Registry entry and it uses adledit.dll.

    First, is this true?
    Second, okay, so how do I kill the VX2 puppy - as each time I ask AdAware to do that, it does report that it erases the Reg entry, but it can't erase the .dll till I restart...which I do...and it's still there....I run AdAware and it reports I've got VX2....get the round-and-round picture?

    Another pointer, if you or anyone knows?

    Jim
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Jim,

    Please follow the link I posted. You can use Ad-Aware as a last step in the cleaning process, but you will have to do some other things first and they are explained there.
    If you have any questions about the procedure, let us know.

    Regards,

    Pieter
     
  5. JVRudnick

    JVRudnick Guest

    Thanks Pieter...

    I'm working my way thru the "fix"....and will report back here if it's successful...

    DAMN crap....is there ANYWAY to protect against it all when surfing?

    o_O

    Jim
     
  6. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
  7. JVRudnick

    JVRudnick Guest

    Oh-Oh....

    I am following the link instructions that you gave...but my box is w2kPRO....not XP...so "some" names are different....

    I got Killbox fine...it unzipped fine too

    next, I went to the Control panel to make those changes -- but the names were slightly diff. Under UserRightsAssignment, I clicked Debug Programs and that opened up SECURTY, with a window pane that's empty. I then clicked ADD and got a new "SELECT Users or Groups" window that was chock full of itmes....scrolled till I found the Administrator one, clicked it and then hit ADD. it now was alone in the bottom pane....clicked OKAY...then see that it alone has been added to the LOCAL Security Policy Setting window pane under Assinged to and there is now a checkbox that says (it's checked too) Local Policy Setting...closed all up and restarted as per instructions.

    Opened up Killbox, menubar'd the Fix L2M > Kill VX2.BetterInternet and it opened up a new window....saw it searching....and then that new window reported that it had found those 2 .dlls in my system32 folder correctly.

    This now paused for a sec or two...and then I note that down in my taskbar, a new file has opened up in DOS....it's title was cmd.exe....I waited about 5 minutes...

    Then I maximized that new window...and I see that it is scrolling faster than I can see...and I can barely pickout that it is attempting to "do" somehthing in my system32 folder...but I really can't see it....

    I am now "ASSUMING" that something is wrong...but I wait...but after 25 minutes there is nothing new...that window's still scolling a hundred miles an hour.

    What'd I do wrong?

    Jim
     
  8. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    Kill the scrolling Window and continue with the L2M.reg

    As long as both the files were deleted by Killbox we still have a fighting chance in this round.

    Regards,

    Pieter
     
  9. JVRudnick

    JVRudnick Guest

    do you mean for me to do this...

    Click Fix L2M > Import L2m.reg to remove....

    That one?

    Jim
     
  10. JVRudnick

    JVRudnick Guest

    <sigh>it appears that I'm VERY stuck...here's the skinny....

    I can not -- it seems -- ADD the Administrator to the proper Local Security Settings. Oh, I can do the proper add function, and yes, just before I quit the User Rights Assigment window, the word ADMINISTRATOR is properly placed in the right column....

    I restart as per instrucions...then when I try to use the next part, the KillBox part, I get that scrolling window that never seems to do what it's supposed to. So I checked, on the offchance that the ADMINISTRATOR was still where it was supposed to be -- it's NOT.

    I can not assign the ADMINISTRATOR to the DEBUG line....

    Will that mean then that this fix will not work?

    IN fact, on my box, there is NO name beside the DEBUG line under UserRightsAssignments...

    Help here, someoneo_O

    Jim
     
  11. JVRudnick

    JVRudnick Guest

    Oh...and the Fix L2M > Import L2m.reg did nothing either...

    o_O

    Jim
     
  12. JVRudnick

    JVRudnick Guest

    Man oh man....this was a very tough one indeed!

    But I got it -- I did a simple google on the vx2.betterinternet name, got lotsa hits and found a much easier 'fix' on the Lavasoft board....

    thanks to you Pieter tho, for getting me started...

    ;-)


    Jim
     
Thread Status:
Not open for further replies.