Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pain in the a** malware


  • Please log in to reply
1 reply to this topic

#1 krustyburger

krustyburger

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:17 AM

Posted 04 February 2005 - 02:28 AM

I have had several customers with what looks like a new VX2 variant. I can remove the other adware with Ad-Aware, SpyBot, and HJT. The problem is certain dlls and exes keep coming back.

This malware removes the "debug privilege" from all accounts so I can't run Sysinternal's FileMon or ListDLLs. Also the "local security policy" icon is missing from the Administrative tools and secpol.msc has been deleted.

I have deleted the files using the recovery console but they reappear. The filenames are random letters and numbers but the EXEs are usually 6 characters (yoyryp.exe) and the DLLs are approx. 12 (r9ap0qrvhae3.dll) and are located in %systemroot%\system32 and are set as hidden and system. I have tried unregistering with regsvr32 /u but Access is Denied.

Please advise on how to clean so I don't have to do a reformat and for future reference.

Thanks for any help.

BC AdBot (Login to Remove)

 


#2 daveai

daveai

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 05 February 2005 - 12:53 PM

Can you provide a HijackThis log of the infected system?

It sounds like the new VX2 (or Look2Me).

Thanks
daveai
"Applying computer technology is simply finding the right wrench to pound in the correct screw." Anonymous




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users