msg121 zestyfind removal

Discussion in 'news, general information and FAQs' started by Pieter_Arntz, Mar 31, 2004.

Thread Status:
Not open for further replies.
  1. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Last edited by a moderator: Apr 14, 2004
  2. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    unfortunately the fix on F A L 's page has been taken down because it has been found that using it on the latest versions of L2M is ineffective so he has removed it and will not allow it to be used any longer

    The L2M parasite will autoupdate and the fix won't work at all
     
    Last edited: Apr 11, 2004
  3. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    http://forums.net-integration.net/index.php?showtopic=12810&st=15�entry63572

    Work is being done and progress is made, but very slowly. We will keep you posted.

    Regards,

    Pieter
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    A workable solution has been found for Windows 2000 and XP Pro. Posted here by Option^Explicit:
    http://forums.broadbandmedic.com/cgi-bin/ib3/ikonboard.cgi?;act=ST;f=1;t=6

    Copying it here for ease of use

    Hope it helps some of you,

    Pieter
     
    Last edited: Apr 15, 2004
  5. Unzy

    Unzy Registered Member

    Joined:
    Nov 2, 2003
    Posts:
    1,098
    Location:
    Belgium
    Re: msg12x zestyfind removal

    In the meantime they are already on 124

    To quote Katie (Mosaic) :

     
    Last edited: May 25, 2004
  6. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Re: msg12x zestyfind removal

    Updated

    Now an easy cure courtesy of adaware,

    New plug-in available - VX2 Cleaner
    ------------------------------------------------------------
    By Åsa Karlsson - Content Manager
    Contributions by Mårten Holmqvist - Research, Stefan Lundström - Software Development

    Lavasoft's new plug-in VX2 Cleaner detects the malware VX2 and offers you the ability to remove it from your computer. Some users have experienced a very difficult variant of VX2 which cannot be removed by Ad-Aware. For those users which have this variant, we have developed a plug-in to help you remove this VX2 variant.

    This VX2 variant registers itself in a way, which gives it system privileges. It also prevents the user from viewing this information by removing the user's rights to do so. Furthermore it constantly monitors the registry and prevents any attempts to remove its associated values. This makes it very difficult for the user to manually remove it.

    The VX2 Cleaner works with all editions of Ad-Aware 6 build 181.


    How to use Lavasoft's VX2 Cleaner plug-in

    - Close Ad-Aware 6 build 181 and Ad-Watch (if running)
    - Download the free VX2 Cleaner at http://updates.ls-servers.com/plvx2cleaner.exe
    - Install the VX2 Cleaner
    - Start Ad-Aware 6 build 181
    - Go to "Plug-ins"
    - Select the VX2 Cleaner plug-in and click "Run Plugin"
    - If your computer isn't infected, click "Close".


    If your computer is infected

    - Select "Clean system"
    - Reboot your computer
    - Scan your computer with Ad-Aware
    - Remove any VX2 objects detected
    - Reboot your computer again
    - Run a second scan to make sure the files have been removed from your computer

    More information on VX2 can be found in the TAC database at http://www.lavasoftnews.com/ms/display_main.php?tac=VX2

    Download Lavasoft's VX2 Cleaner plug-in at http://updates.ls-servers.com/plvx2cleaner.exe



    IMPORTANT INFORMATION
    --------------------------------------------------------
    * 8 of the 9 new VX2 variants have the same payload: a
    DLL file which resists removal. This DLL is different
    than what our original VX2 Cleaner plug-in was designed
    to locate and remove. The plug-in has been updated
    accordingly to allow for removal of this update. The
    new version number is 1.01, and can be verified after
    running the plug-in. If you have downloaded version
    1.00 of the plug-in, you do not need to uninstall prior
    to installing this version. Download using the plug-in
    download link on our site. For more information, visit
    http://www.lavasoft.de/software/plugins/vx2cleaner.shtml
     
    Last edited: Jul 1, 2004
  7. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Automated fix for version 200 (also known as UMonitor) is available. (courtesy of Shadowwar and OSC)

    Part 1
    Part 2
    NOTE: There is a slightly newer version of this one using a (re-)infector starting as:
    O4 - HKLM\..\Run: [ntsmod] C:\WINDOWS\system32\ntsmod.exe

    Other files will need to be removed from the system(32) folder:
    mplay32.dll = 126976 bytes (a BHO, not always present)
    ntec32.exe = 26112 bytes
    ntsmod.exe = 28672 bytes
    sysdebug32.exe = 28672 bytes

    Also look for: msts32.exe

    Install report of msts32.exe
     
  8. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Last edited: Feb 2, 2005
Loading...
Thread Status:
Not open for further replies.