AdAware/NoAdware/Spybot all failed...

In trying to rid my box (w2000Pro) of adledit.dll file.

This file, when the box starts up, is reponsible for switching my own google toolbar search querys directly over to a page called www.zestyfind.com and it answers the query.

I WANT THIS GONE!

Can anyone help? I've run the above 3 anti-spyware apps. Spybot can't find the intruder. NoAdware can't find it. AdAware finds it, but says it can't delete it till after a restart, which I click YES to..and then restart, and then it's still here!

Anyone got a pointer to get rid of this crap?

Jim

 

For Windows 2000 the instructions in the last post here should work:
https://www.wilderssecurity.com/showthread.php?goto=lastpost&t=26403

Regards,

Pieter

 

thanks for that pointer...I'll try it next....

BUT...

AdAware now says that I'm infected with VX2.BetterInternet -- which is both a Registry entry and it uses adledit.dll.

First, is this true?
Second, okay, so how do I kill the VX2 puppy - as each time I ask AdAware to do that, it does report that it erases the Reg entry, but it can't erase the .dll till I restart...which I do...and it's still there....I run AdAware and it reports I've got VX2....get the round-and-round picture?

Another pointer, if you or anyone knows?

Jim

 

Jim,

Please follow the link I posted. You can use Ad-Aware as a last step in the cleaning process, but you will have to do some other things first and they are explained there.
If you have any questions about the procedure, let us know.

Regards,

Pieter

 

Thanks Pieter...

I'm working my way thru the "fix"....and will report back here if it's successful...

DAMN crap....is there ANYWAY to protect against it all when surfing?



Jim

 

You will find some very usefull tips on protecting yourself over here: https://www.wilderssecurity.com/showthread.php?t=27971

Regards,

Pieter

 

Oh-Oh....

I am following the link instructions that you gave...but my box is w2kPRO....not XP...so "some" names are different....

I got Killbox fine...it unzipped fine too

next, I went to the Control panel to make those changes -- but the names were slightly diff. Under UserRightsAssignment, I clicked Debug Programs and that opened up SECURTY, with a window pane that's empty. I then clicked ADD and got a new "SELECT Users or Groups" window that was chock full of itmes....scrolled till I found the Administrator one, clicked it and then hit ADD. it now was alone in the bottom pane....clicked OKAY...then see that it alone has been added to the LOCAL Security Policy Setting window pane under Assinged to and there is now a checkbox that says (it's checked too) Local Policy Setting...closed all up and restarted as per instructions.

Opened up Killbox, menubar'd the Fix L2M > Kill VX2.BetterInternet and it opened up a new window....saw it searching....and then that new window reported that it had found those 2 .dlls in my system32 folder correctly.

This now paused for a sec or two...and then I note that down in my taskbar, a new file has opened up in DOS....it's title was cmd.exe....I waited about 5 minutes...

Then I maximized that new window...and I see that it is scrolling faster than I can see...and I can barely pickout that it is attempting to "do" somehthing in my system32 folder...but I really can't see it....

I am now "ASSUMING" that something is wrong...but I wait...but after 25 minutes there is nothing new...that window's still scolling a hundred miles an hour.

What'd I do wrong?

Jim

 

Kill the scrolling Window and continue with the L2M.reg

As long as both the files were deleted by Killbox we still have a fighting chance in this round.

Regards,

Pieter

 

do you mean for me to do this...

Click Fix L2M > Import L2m.reg to remove....

That one?

Jim

 

<sigh>it appears that I'm VERY stuck...here's the skinny....

I can not -- it seems -- ADD the Administrator to the proper Local Security Settings. Oh, I can do the proper add function, and yes, just before I quit the User Rights Assigment window, the word ADMINISTRATOR is properly placed in the right column....

I restart as per instrucions...then when I try to use the next part, the KillBox part, I get that scrolling window that never seems to do what it's supposed to. So I checked, on the offchance that the ADMINISTRATOR was still where it was supposed to be -- it's NOT.

I can not assign the ADMINISTRATOR to the DEBUG line....

Will that mean then that this fix will not work?

IN fact, on my box, there is NO name beside the DEBUG line under UserRightsAssignments...

Help here, someone

Jim

 

Oh...and the Fix L2M > Import L2m.reg did nothing either...



Jim

 

Man oh man....this was a very tough one indeed!

But I got it -- I did a simple google on the vx2.betterinternet name, got lotsa hits and found a much easier 'fix' on the Lavasoft board....

thanks to you Pieter tho, for getting me started...

;-)


Jim