Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


VX2 Virus

  • Please log in to reply
2 replies to this topic

#1 Mephisto


  • Members
  • 4 posts
  • Local time:07:05 AM

Posted 03 January 2005 - 06:02 AM

If you are having problems with the new generation VX2 Virus, and are using WinXP Pro, here is an easy way to rid yourself of it. Go to My Computer, C drive, Windows. In tools pulldown, select folder options then view. Scroll down and untick the 'Use simple file sharing' box. This allows you security rights over your files. Run Ad aware full scan. After it is done, Go to My Computer, C Drive, Windows, System 32 and run a search for files. Run a search for dll files and name the current day. It should show you 2 files. Go into properties and set deny to all user groups. Do both files the same.
Do another search in system 32 and instead of dll, search for guard. There should be one file there. Do the same to it. Deny it rights also in all groups. Go back to the dll files and delete them. It might take a few minutes for the second one to finally be deleted. Finally, search for guard and delete it. It might also not go right away. If it doesn't, just keep trying until it does. Re-boot and run the ad aware scan again and it should be gone. You will feel wonderful and your computer will feel healthy again. By the way, this is my first post to your group. I just wanted to help because this is a nasty one. I haven't found a proggie to get rid of it so far and anything else is a little complicated. May all that make these virus programs die horrible deaths. Best wishes, Mephisto..

BC AdBot (Login to Remove)


#2 groovicus


  • Security Colleague
  • 9,963 posts
  • Gender:Male
  • Location:Centerville, SD
  • Local time:06:05 AM

Posted 03 January 2005 - 10:46 AM

What about the fact that the Guard.exe file is hidden by a rootkit and can't be seen? Also, how does this restore alll the altered winlogon registry keys? How does this take care of all of the manifest files that end up in the dllCache?

Is this something you came up with on your own? What happens if you try this fix on Win ME or Win 98?

This infection is very hard to clean properly..I am curious as to how you figured this info out? :thumbsup:

Edited by groovicus, 03 January 2005 - 10:46 AM.

#3 Mephisto

  • Topic Starter

  • Members
  • 4 posts
  • Local time:07:05 AM

Posted 03 January 2005 - 04:55 PM

I wish I could lay claim to finding the fix but I can't. I saw it after days of investigation on another site, Lavasoft Support Forums.


The directions originally did not include how to get into Windows Explorer to be able to deny file rights, I found that out for myself.

I couldn't find the guard file until I destroyed the other two, so my guess is it must expose it from the rootkit after cleaning out those others. Sorry Mate, I am no techno head. Maybe someone here knows how it works?

As for the other bad files, Ad aware removed them in its full scan pass. If there is anything left, they don't do anything now anyway.

All I can tell you is that the folks using this on the other site are all as happy as I am. Try it, it works on WinXP Pro. The infection has gone and I have scanned it with the most popular half dozen programs. There is no manifestation of it at all now.

Sorry, I have no idea if it works on ME or 98 but I imagine it would.

Power to the righteous.

Good luck, I hated it when it was on my machine.


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users