new vx2 malware

Discussion in 'Trojan Defence Suite' started by mimo2005, Dec 18, 2004.

Thread Status:
Not open for further replies.
  1. mimo2005

    mimo2005 Registered Member

    Joined:
    Dec 4, 2004
    Posts:
    8
    hi

    is tds3 fix this new vx2 malware o_O??

    O1 - Hosts: 69.20.16.183 auto.search.msn.com
    O1 - Hosts: 69.20.16.183 search.netscape.com
    O1 - Hosts: 69.20.16.183 ieautosearch
    O1 - Hosts: 69.20.16.183 ieautosearch

    IF yes , is there any specific steps to follow to get rid of this malware ,or simply just make with tds3 full system scan ,and tds will take care of it ?

    any explanations are welcome ,thank you .

    if tds3 really fix this ,i ll make sure to boost the sales for it .believe me ,this one is a nasty one .

    have a good day .
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi mimo2005,

    TDS does detect the files that are planted on your PC by the same VX2 variant that makes those changes to the hosts file.

    It also recognizes the installer.

    Regards,

    Pieter
     
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    However TDS or any automatic fixer cannot fix this one on it's own, but should prevent it being installed on your computer if you have exec protection enabled

    The only "cure" known so far is displayed here BUT it is NOT guaranteed to work but it is the best that has been found so far

    http://www.lavasoftsupport.com/index.php?showtopic=54511

    It takes a lot of work and careful interpretation of the results of the applications used to find the hidden bad files that continually reinsatll themselves unless all steps are followed carefully
     
  4. mimo2005

    mimo2005 Registered Member

    Joined:
    Dec 4, 2004
    Posts:
    8
    thank you DVK1 and pieter..


    so dvk1 , you think tds 3 full scan wont kick that vx2 malware out ?

    the only option is that tricky method , i did understand how it works ,but still it s a lot of work !
    i ve seen some they had to repeat that operation more than 3 times , until the expert hjt feds up , it s frustrating !
    you mean in all softwares in this world ,there s no one that can beat the hell out of this bug !!!!

    ps : i m not the one infected , but gatther infos to help friends ,thanx a million .
     
  5. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    One of the problems with this VX2 malware is is changes the permissions on the computer, that is why it's so hard to remove as it prevents the system or the owner accessing the files to remove them amongst other nasty little tricks

    Previous versions have been removable by automatic means, but this one is just too devious to do that and as good as TDS3 is, it has it's limitations

    Most trojans and this is a trojan don't want to damage the computer because they need to stay on a working computer to do their deeds

    The scum who develop this one don't care about damage to the computer or crashing the computer or whatever providing they get their scummy advertising over and that is all it's about advertising and money. If 1 in 1000 see their adverts and buy something, they don't care about the 999 other wrecked computers
     
  6. ?GlennyBoy

    ?GlennyBoy Guest

    FANTASTIC INSTRUCTIONS !!

    Sisters PC is finally rid of vx2..

    Many many thanks!
     
  7. zarp200

    zarp200 Registered Member

    Joined:
    Jan 4, 2005
    Posts:
    1
    actually, i think the simplest way to fix this is to remove the hard drive and scan it from an uninfected machine.

    it certainly worked for me.... :D

    I originally wasted an hour trying to fix it while in safe mode with the usual tools (ad-aware, hijack-this, etc... but the bugger kept coming back). Making the infected hard drive a slave I was able to whack the problem.

    In case anyone else has this problem, I would advise them not to waste time trying to clean it the conventional way, and simply scan it from a different drive....

    p.s. I registered here just to post this message, so that's saying something about how insidious I feel this trojan is
     
    Last edited: Jan 4, 2005
  8. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    If you can slave the drive then the os is not operational on that drive and TDS and adaware both fix the files on the slave drive

    neither will do a complete cure though and there will still need to be some cleanups donme using vx2finder to reset the default settings one the disc is back in the original computer


    Unfortunately most people don't have access to a separate computer to slave the drive to so other methods of fixing need to be done
     
  9. lewis11777

    lewis11777 Registered Member

    Joined:
    Jan 14, 2005
    Posts:
    3
    I recently picked up the VX2 spyware and spent a very frustrating hour trying to delete the infected files from my computer before giving up. I was looking on line for support on this spyware when I came across several forums on VX2. It appears to be a fairly common problem so now I don't feel so bad. I was at first encouraged thinking someone has posted the answer to this nasty little problem. Not having much computer experience and seeing the complex solution I was a little discouraged. Since it appears that you would have to spend a couple of hours using the fix recommended on this forum, why has no one suggested erasing and rebooting the hard drive. Would this not fix the problem? Lewis
     
  10. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    Yes a complete wipe of the hard drive and a new installation of windows and all programs will certainly cure the problem

    BUT most people haven't got a backup of important documents etc so don't want to do that
     
  11. lewis11777

    lewis11777 Registered Member

    Joined:
    Jan 14, 2005
    Posts:
    3
    Derek, thanks! I just didn't want to reinstall my system for nothing. After doing so what is the best freeware to prevent this from getting back into my system?
     
  12. Hurricanetracker

    Hurricanetracker Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    46
    I had this pest myself . I installed the following after having removed it ( just the freeware I'm listing ) :

    - Spywareblaster ( http://www.javacoolsoftware.com/products.html )
    - spyware guard ( http://www.javacoolsoftware.com/products.html )
    - Spybot S&D ( http://www.safer-networking.org/nl/index.html )
    - Adaware with VX2 plugin ( http://www.lavasoftusa.com/software/adaware/)
    - MS anti spyware , which is - actually - Giant anti spyware , they just put the MS logo on it .It's still in beta-stage , but I press anyone to point out the difference with last "official " release of Giant Anti spyware , apart from the logo .


    - Hijackthis ( http://www.spywareinfoforum.com/~merijn/downloads.html )

    and a number of others . The above are the most important though . Most vitak ones are spywareguard,spywareblaster , adaware and Spybot I think ( MS anti spyware is good , but not essential ) .




    Hijackthis is THE tool to see what has happened with your settings and to fix it ( not for novice though ) .
     
  13. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Indeed it isn't. In fact, people should stay away from this very powerful tool unless being an expert on the subject or being guarded by an expert handling it.

    regards,

    paul
     
  14. lewis11777

    lewis11777 Registered Member

    Joined:
    Jan 14, 2005
    Posts:
    3
    I have Adaware and Spybot S-D. I will try Spyware Guard and Spyware Blaster, after I reinstall my software. Thanks for the heads up!
     
  15. fred22

    fred22 Registered Member

    Joined:
    Dec 6, 2004
    Posts:
    229
    for hijack log's there's a great online analyzer
    http://www.hijackthis.de/

    upload and let it analyze the log
    scroll true the list and fix whatever is RED

    be carefull though :D
     

    Attached Files:

    Last edited by a moderator: Jan 15, 2005
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
  17. Hurricanetracker

    Hurricanetracker Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    46
    My advice regarding Hijackthis is this : stay clear of it, unless you absolutely know what you're doing

    Instead - when you have serious problems - let it produce a log and post this at one of the various forums ( Castlecop does this for example ) for the experts to analyze . Don't try to fix anything unless you know the ins-and outs of this tool fully .
     
  18. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Re: HJT logs
    Good advice indeed :)

    Remember that TDS3 full version can prevent this malware being installed providing that TDS3's Execution Protection is enabled and TDS3 is running it's GUI or iconised to the sys tray.

    Thanks. Pilli
     
  19. Hurricanetracker

    Hurricanetracker Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    46

    Bought it yesterday - awaiting license . One more question : TDS 3 now says Thank you for evaluating TDS on startup and that the evaluation is expired - that can't be , can it ?? I installed this only 3 days ago .
     
  20. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    It should last for 30 days. Had you installed it any tiime previously?

    "Evaluation Version Restrictions

    The evaluation version of TDS is time-limited to 30 days and missing some features."

    Pilli
     
  21. Hurricanetracker

    Hurricanetracker Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    46
    No, this was the first install . i did , however , also install the trial on another partition - could be it's reading the expiry date from that one . That's another thing I wanted to ask : I have two OS's installed on same computer .Is the single license applicable to a COMPUTER or to an OS - installation ??
     
  22. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Directly from the license we have...
    I have two boot partitions on my PC, with TDS-3 installed to both. Works fine.

    Blue
     
  23. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    To one computer but it may make a difference if you have TDS on an unusual partition.

    Anyway Gavin (DCS) will be on in a few hours and may be able to answer your questions more fully.

    Pilli.
     
Thread Status:
Not open for further replies.