Help
How does a sane person (rapidly becoming insane) get rid of this critter ??
Page 1 of 1
Vbsys2.dll ?????
#1
- New Member
-
- Group: Members
- Posts: 4
- Joined: 24-October 05
- Location:North Carolina
Posted 24 October 2005 - 08:36 AM
Back to top
#2
- Distinguished Member
-
- Group: Members
- Posts: 641
- Joined: 25-November 04
Posted 24 October 2005 - 08:57 AM
Bleeping Computer on Vbsys2.dll
Sophos
If you think you are infected submit a hijackthis log here.
How to submit a hijackthis log
Download Hijackthis
Try running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.com
or
DrWeb CureIT
If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.
If you can't get into safe mode download the following - Ultimate Boot CD however you will need to update the definitions on the disk see here how to do that. Alternatively download a archive version of Public AntiVirus again this will need updating but full instructions are here.
If you want a smaller download look here for instructions on how to create your own boot CD.
Also try installing and running A2 Free and Ewido
I'd also run Spybot(Spybot Tutorial) and Adaware
If your using Win2K/XP run adaware/spybot from "safe mode with command prompt"
At the C:\ prompt type the following:-
cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe
Sophos
Quote
Troj/AdClick-AZ is a Trojan for the Windows platform.
The following registry entries are created to run code exported by the Trojan library on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
SystemCheck2
{54645654-2225-4455-44A1-9F4543D34545}
HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34545}\InProcServer32
(default)
<Windows system folder>\vbsys2.dll
Troj/AdClick-AZ monitors internet sessions in Internet Explorer and can record and/or modify data transmission.
The following registry entries are created to run code exported by the Trojan library on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
SystemCheck2
{54645654-2225-4455-44A1-9F4543D34545}
HKCR\CLSID\{54645654-2225-4455-44A1-9F4543D34545}\InProcServer32
(default)
<Windows system folder>\vbsys2.dll
Troj/AdClick-AZ monitors internet sessions in Internet Explorer and can record and/or modify data transmission.
If you think you are infected submit a hijackthis log here.
How to submit a hijackthis log
Download Hijackthis
Try running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.com
or
DrWeb CureIT
If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.
If you can't get into safe mode download the following - Ultimate Boot CD however you will need to update the definitions on the disk see here how to do that. Alternatively download a archive version of Public AntiVirus again this will need updating but full instructions are here.
If you want a smaller download look here for instructions on how to create your own boot CD.
Also try installing and running A2 Free and Ewido
I'd also run Spybot(Spybot Tutorial) and Adaware
If your using Win2K/XP run adaware/spybot from "safe mode with command prompt"
At the C:\ prompt type the following:-
cd\
C:\progra~1\spybot~1\spybotsd.exe /autocheck /autofix
cd\
C:\progra~1\lavasoft\ad-awa~1\ad-aware.exe
#3
- New Member
-
- Group: Members
- Posts: 4
- Joined: 24-October 05
- Location:North Carolina
Posted 24 October 2005 - 09:15 AM
Thanks for all the info and suggestions. I'll give a bunch of them a try this pm and post the results tmw.
Have a GREAT day !!
Have a GREAT day !!
Share this topic:
Page 1 of 1