Tech Support Forum - View Single Post

CTSNKY · 11-13-2004, 07:57 PM

Another shot:

You should clear out the files in the Prefetch folder. Download prefetch.bat and double click on it to run it.

Boot to Safe Mode and delete that immortal sucker. While you're there, check entire Registry for links to that file name (without the .exe) and delete. You appear to know your way around regedit.

Failing that:

This one is giving us trouble. I will ask you to run another program. Follow the instructions below.

Round One

Download VX2Finder (http://www.greyknight17.com/spy/VX2FinderNT.exe).

1: Shut off all open programs including printer and anything in the System Tray (virus scan, popup blocker, etc.).
2: Double click the VX2FinderNT.exe to launch the utility.
3: Click on Find VX2.BetterInternet button. The utility will display the bugs if they’re there.
4. Click on make log and post that log in your reply.

Round Two

Run VX2FinderNT.exe again and click the Click to Find VX2.BetterInternet button again. Place checkmarks next to each file and click the Delete these Files button. Click OK to each confirmation message. In this case, you might get a message that 1 or 2 cannot be deleted.

Click the Open regedit button. Look for a Guardian... line in the left column.

If it is there, then highlight the Guardian... line in the left column, right click it and choose Security/permissions. You'll get another window with advanced. Uncheck the lower box with inheritable permissions. Click Ok and then choose remove on the following security prompt. Restart computer.

After a restart, double click VX2FinderNT.exe again, click the Click to Find Vx2.BetterInternet button again. Place a checkmark next to the remaining file(s) and click the Delete these Files button. Then click the User Agent$ button to remove the registry entry.

Click the Open regedit button again. Highlight the Guardian... line in the left column, right click it and choose Security/permissions. You'll get another window with advanced. Place a checkmark in the lower box with inheritable permissions. Close the registry editor.+vbcrlf+vbcrlfClick the Guardian.reg key and Yes to the confirmation. This deletes that Guardian Key in the registry.

Click the 'Click to Find Vx2.BetterInternet' button again and you should get a clean log of blank values. If it looks different than this, then click the Make Log button and post the contents:

A clean log looks like this:

Files Found---

Guardian Key--- is called:

User Agent String---

Then click the Restore Policy button to restore the Debug policy altered in the look2Me installation. Reboot your computer when prompted to.

Finally, post a fresh HijackThis log to make sure you’re all cleaned up.

11-13-2004, 07:57 PM	#11 (permalink)
CTSNKY Knower of all that is MS Join Date: Aug 2004 Posts: 10,755 OS: (multiple machines) 95, 98, 2K & XP Home & Pro	Another shot: You should clear out the files in the Prefetch folder. Download prefetch.bat and double click on it to run it. Boot to Safe Mode and delete that immortal sucker. While you're there, check entire Registry for links to that file name (without the .exe) and delete. You appear to know your way around regedit. Failing that: This one is giving us trouble. I will ask you to run another program. Follow the instructions below. Round One Download VX2Finder (http://www.greyknight17.com/spy/VX2FinderNT.exe). 1: Shut off all open programs including printer and anything in the System Tray (virus scan, popup blocker, etc.). 2: Double click the VX2FinderNT.exe to launch the utility. 3: Click on Find VX2.BetterInternet button. The utility will display the bugs if they’re there. 4. Click on make log and post that log in your reply. Round Two Run VX2FinderNT.exe again and click the Click to Find VX2.BetterInternet button again. Place checkmarks next to each file and click the Delete these Files button. Click OK to each confirmation message. In this case, you might get a message that 1 or 2 cannot be deleted. Click the Open regedit button. Look for a Guardian... line in the left column. If it is there, then highlight the Guardian... line in the left column, right click it and choose Security/permissions. You'll get another window with advanced. Uncheck the lower box with inheritable permissions. Click Ok and then choose remove on the following security prompt. Restart computer. After a restart, double click VX2FinderNT.exe again, click the Click to Find Vx2.BetterInternet button again. Place a checkmark next to the remaining file(s) and click the Delete these Files button. Then click the User Agent$ button to remove the registry entry. Click the Open regedit button again. Highlight the Guardian... line in the left column, right click it and choose Security/permissions. You'll get another window with advanced. Place a checkmark in the lower box with inheritable permissions. Close the registry editor.+vbcrlf+vbcrlfClick the Guardian.reg key and Yes to the confirmation. This deletes that Guardian Key in the registry. Click the 'Click to Find Vx2.BetterInternet' button again and you should get a clean log of blank values. If it looks different than this, then click the Make Log button and post the contents: A clean log looks like this: Files Found--- Guardian Key--- is called: User Agent String--- Then click the Restore Policy button to restore the Debug policy altered in the look2Me installation. Reboot your computer when prompted to. Finally, post a fresh HijackThis log to make sure you’re all cleaned up. __________________ GO BIG BLUE!!