NurFACE Posted February 20, 2004 Share Posted February 20, 2004 Trying to get rid of this pest. I started to go to backup but rather just fix this bug spyware. Norton got this message popup also apropos_client_loader.exe and WebInstall.exe both are download trojan. I'm starting to think no one is using my computer but since I put my son on restriction I believe he is culprit. Password to log on for users on my machine for now on. My better half always complains about why I have to use password to log on to my account, well since she doesn't have to fix this computer I will ask her to quietly place lips together when it comes to my pc. I tried running spybot and lava soft guess what no fix. google stated that on first page I went to so now I have to team up with GRNet so I don't lose any sleep. I would load ghost image but I have our taxes on computer and believe state was done after my last backup silly me. I may cut my lost and just go with image, but I believe with a few good men problem can be resolve here. PM or reply I will be checking here plus doing search for fix. "By the way; I do have Ad Adware and Spybot, they just detect the Look2Me and VX2 but they dont delete them" quote from Google search result. Look2me is the new home page that is hijack her account and vx2 is what spybot and lava find but don't delete. Quote Link to comment Share on other sites More sharing options...
Dannik Posted February 20, 2004 Share Posted February 20, 2004 I found a fix for vx2.dll: 1. Transponder is a DLL file called IEHelper.dll (Blackstone variant), VX2.dll (VX2 variant), TPS108.dll (TPS108 variant) or MSView.dll (MSView variant). This can be found in the Windows folder. You need first deregister the DLL file. Open a DOS command prompt window (from Start->Programs->Accessories) and enter the following commands: cd "%WinDir%\System" regsvr32 /u ..\IEHelper.dll ( for the Blackstone variant:) regsvr32 /u ..\VX2.dll ( for the VX2 variant) regsvr32 /u ..\TPS108.dll ( for the TPS108 variant) regsvr32 /u ..\MSView.dll ( for the MSView variant) regsvr32 /u ..\host.dll ( for the Host variant) regsvr32 /u ..\BI.dll ( for the BI variant) regsvr32 /u ..\SiteHlpr.dll (for the SiteHlpr variant) [/code] 2. Restart the computer. 3. Delete the DLL file as mentioned above from the Windows folder. In the MSView variant you can also delete MSView.ini in the same place; in the Blackstone variant domlst.cch can be deleted. The Host variant may leave 'hostprep.exe'. In the TPS108 variant there may be a tps108.html file in the root of the C:\ drive; in the SiteHlpr variant it may be called bc777.html. These can be deleted to clean up. 4. You can also clean up the registry (Start->Run->regedit) by deleting the 'Transponder' (Blackstone variant), 'RespondMiter' (VX2 variant), 'TPS108' (TPS108 variant), 'HostDll' (Host variant), 'MSView' (MSView variant) or 'SiteHlpr' (SiteHlpr variant) subkey of HKEY_LOCAL_MACHINE\Software. Here's a couple of other methods, that may be simpler. Quote Link to comment Share on other sites More sharing options...
Dannik Posted February 20, 2004 Share Posted February 20, 2004 Manual removal options for Look2Me. I just want to take this opportunity to encourage folks who are having browser-based troubles like these kinds of spyware, try an alternate browser, such as Opera or Mozilla and Firefox. They aren't entirely secure either, but certainly suffer less vulnerabilities than IE seems to. Quote Link to comment Share on other sites More sharing options...
NurFACE Posted February 21, 2004 Author Share Posted February 21, 2004 I appreciate your help Dannik. I removed msg118.dll by going to boot with command prompt then going to c:\windows\system32 edit msg118.dll taking information in document and cut not paste nor copy the contents, just to clear the dll then save blank msg118.dll file voila delete file no problem then. removed look2me and zesty, but now I have to remove 2020search. I cleared all temp internet files in all users documents so no user has in stored temp internet. I then ran adaware and spybot results no spyware. I shutdown computer each time as some sites suggested. Now, I have to deal with 2020search spyware that spybot and adaware are finding that has attach to c:\windows\svchost.exe. I will have to check to see if that is a real file for windows. Quote Link to comment Share on other sites More sharing options...
Dannik Posted February 21, 2004 Share Posted February 21, 2004 2020search removal. Keep `em coming. We'll get you cleaned out. Quote Link to comment Share on other sites More sharing options...
NurFACE Posted February 21, 2004 Author Share Posted February 21, 2004 I believe with your last bit of information I was able to remove 2020 about the same way. I just boot xp pro up to command prompt then edit file removing information. c:\cd windows then edit svchost.exe actually i changed name/extension to txt then cut out that written program typed hey in document then saved, then delete it c:\delete svchost.txt, you can boot normally and delete file after removing contents of file but command prompt will do the job as well. Thanks Dannik No more spyware now going to password protect machine so no user can log on without me giving them an account. Quote Link to comment Share on other sites More sharing options...
Dannik Posted February 21, 2004 Share Posted February 21, 2004 Have you configured the innoculation/anti-hijack settings in Spybot yet? If not, I'd be glad to lend a hand. Quote Link to comment Share on other sites More sharing options...
NurFACE Posted February 21, 2004 Author Share Posted February 21, 2004 Nope, I haven't setup spybot for innoculation/anti-hijack settings. I would appreciate any assistance. Quote Link to comment Share on other sites More sharing options...
NurFACE Posted February 21, 2004 Author Share Posted February 21, 2004 I changed the way spybot scans but now I can't get back to settings. I choose to launch spybot and it starts scanning without any interface, so I placed one to many check marks without understanding scan on launch then exit. Is there a way to change settings in spybot folder on hard drive? Quote Link to comment Share on other sites More sharing options...
WhiteKnight77 Posted February 21, 2004 Share Posted February 21, 2004 Open the Deafult Configuration.ini file and look for the [Automation\ProgramStart] AutoCheck=0 AutoFix=0 RerunAfterFix=0 DontAsk=0 This is right from my setup and it only runs when I click on the button after Spybot is open. Compare yours with mine and see if it's different. To help keep things clean, click the Immunize button and run that. It will automatically help keep things from hijacking stuff on your PC. Quote Link to comment Share on other sites More sharing options...
NurFACE Posted February 21, 2004 Author Share Posted February 21, 2004 here is my default configuration setting file. [installation] DesktopIcon=1 StartmenuItem=1 [Main] Legals=0 ShowDetails=1 AutoSave=1 CreateBackups=1 CreateTrackBackups=1 CreateSystemBackups=1 IgnoreIncludeFileError=1 Priority=Normal RecoveryAged=1 [Main\WaveAlert] WaveAlertFile=0 [Automation\ProgramStart] AutoCheck=0 AutoFix=0 RerunAfterFix=0 DontAsk=0 [Automation\SystemStart] AutoRun=0 RunOnce=0 WaitStart=0 WaitPrograms=0 WaitMore=0 AutoClose=0 [Automation\WebUpdate] AutoCheck=1 AutoDownload=1 RemindUpdate=1 CheckBetas=0 CheckAllLanguages=0 CheckSignatures=0 [Automation\WebUpdate\Proxy] ProxyAddress=0 [Logfile] WriteCheckLog=1 WriteFixLog=1 IncludeLogDetails=1 OverwriteLog=0 [Look] Menu=MainMenu DisplayHeader=1 FloatInfo=1 BlindUser=1 [bugReport] UseDefaultMailer=1 IncludeSysInfo=1 IncludeResults=1 IncludeActiveX=1 IncludeBHO=1 IncludeBrowserPages=1 IncludeProcessList=1 IncludeStartup=1 IncludeClipboardText=0 IncludeClipboardImage=0 IncludeSpyFiles=0 CarbonCopy=1 IncludeWinsockLSPs=1 [Expert] ShredTracks=1 ShowResultsButtons=1 ShowRecoveryButtons=1 [Filesets] Spybot - Search & Destroy=1 Cookies.sbi=1 Dialer.sbi=1 Hijackers.sbi=1 Keyloggers.sbi=1 Malware.sbi=1 Security.sbi=1 Spybots.sbi=1 Trojans.sbi=1 System Internals=0 Usage Tracking=1 Tracks.uti=1 [Durations] Spybot - Search & Destroy=1 Cookies.sbi=1 Dialer.sbi=1 Hijackers.sbi=1 Keyloggers.sbi=1 Malware.sbi=1 Security.sbi=1 Spybots.sbi=1 Trojans.sbi=1 System Internals=1 Usage Tracking=1 Tracks.uti=1 Quote Link to comment Share on other sites More sharing options...
Dannik Posted February 21, 2004 Share Posted February 21, 2004 I can't see the cause of your issue in the settings, but the author of Spybot has a page with some small files to help solve small problems. One of the files, Spybot S&D Full Settings Removal, appears to remove the configuration info from your registry, which I assume would make Spybot do it's first-run dialog the next time you start it. As usual, edit your registry at your own risk, and always back it up, etc. Quote Link to comment Share on other sites More sharing options...
WhiteKnight77 Posted February 21, 2004 Share Posted February 21, 2004 Here is my Config.ini file [installation] DesktopIcon=1 StartmenuItem=1 [Main] Legals=0 ShowDetails=1 AutoSave=1 CreateBackups=1 CreateTrackBackups=1 CreateSystemBackups=1 IgnoreIncludeFileError=1 Priority=Normal RecoveryAged=1 [Main\WaveAlert] WaveAlertFile=0 [Automation\ProgramStart] AutoCheck=0 AutoFix=0 RerunAfterFix=0 DontAsk=0 [Automation\SystemStart] AutoRun=0 RunOnce=0 WaitStart=0 WaitPrograms=0 WaitMore=0 AutoClose=0 [Automation\WebUpdate] AutoCheck=0 AutoDownload=0 RemindUpdate=0 CheckBetas=0 CheckAllLanguages=0 CheckSignatures=0 [Automation\WebUpdate\Proxy] ProxyAddress=0 [Logfile] WriteCheckLog=1 WriteFixLog=1 IncludeLogDetails=1 OverwriteLog=0 [Look] Menu=MainMenu DisplayHeader=1 FloatInfo=1 BlindUser=0 [bugReport] UseDefaultMailer=1 IncludeSysInfo=1 IncludeResults=1 IncludeActiveX=1 IncludeBHO=1 IncludeBrowserPages=1 IncludeProcessList=1 IncludeStartup=1 IncludeClipboardText=0 IncludeClipboardImage=0 IncludeSpyFiles=0 CarbonCopy=1 IncludeWinsockLSPs=1 [Expert] ShredTracks=1 ShowResultsButtons=0 ShowRecoveryButtons=0 [Filesets] Spybot - Search & Destroy=1 Cookies.sbi=1 Dialer.sbi=1 Hijackers.sbi=1 Keyloggers.sbi=1 Malware.sbi=1 Security.sbi=1 Spybots.sbi=1 Trojans.sbi=1 System Internals=0 Usage Tracking=1 Tracks.uti=1 [Durations] Spybot - Search & Destroy=1 Cookies.sbi=1 Dialer.sbi=1 Hijackers.sbi=1 Keyloggers.sbi=1 Malware.sbi=1 Security.sbi=1 Spybots.sbi=1 Trojans.sbi=1 System Internals=1 Usage Tracking=1 Tracks.uti=1 Maybe we can see if anything is different now. Quote Link to comment Share on other sites More sharing options...
WhiteKnight77 Posted February 21, 2004 Share Posted February 21, 2004 This is different between yours and mine: [Look] Menu=MainMenu DisplayHeader=1 FloatInfo=1 BlindUser=0 BlindUser= is set to 1 on yours and 0 for mine. Also this part is different: [Automation\WebUpdate] AutoCheck=0 AutoDownload=0 RemindUpdate=0 CheckBetas=0 CheckAllLanguages=0 CheckSignatures=0 Quote Link to comment Share on other sites More sharing options...
NurFACE Posted February 21, 2004 Author Share Posted February 21, 2004 Dannik, The link gives you option to choose language then for me it starts scan without me choosing any thing. I know its scanning but I want to change settings but can't get to that option. Quote Link to comment Share on other sites More sharing options...
NurFACE Posted February 23, 2004 Author Share Posted February 23, 2004 I have Spybot setup but not configured. I did an unistall and remove from registry. Dannik, you have some suggestions to configuring. Quote Link to comment Share on other sites More sharing options...
Dannik Posted February 23, 2004 Share Posted February 23, 2004 1. Make sure the program is fully updated. 2. Hit the 'Immunize' tab. 3. Under 'Permanent Internet Explorer immunity', ensure it has scanned, and apply the immunization recommended. Do this every time you update Spybot. 4. Under 'Permanently running bad download blocker for Internet Explorer' set it to your preference (I recommend silently, otherwise you'll get popups regularly) and 'Install' it. This will stop most of the bad stuff ever hitting your hard drive. 5. Under 'Recommended miscellaneous protections' I recommend you check all three, but at the minimum, lock your 'hosts' file. 6. Now, in the main toolbar, choose 'Tools' -> 'Hosts file', and click 'Add Spybot S&D hosts list' at the top of the window. This will likely take a minute or two. Now, malware will have a harder time getting to your system, and doing anything nasty even if it does get there. Also, the hosts file addition will block a large number of tracking advertising, so you'll likely see a lot of places where banners used to be, now empty. Them's the basics at least. Quote Link to comment Share on other sites More sharing options...
Rocky Posted February 23, 2004 Share Posted February 23, 2004 If you take a step back, and forget you are a computer whiz for just a second, this thread is extremely bizarre. Quote Link to comment Share on other sites More sharing options...
NurFACE Posted February 24, 2004 Author Share Posted February 24, 2004 I took two steps back. I started this thread because I lost sleep trying to fix this problem with spam and virus. Spybot was one of the tools I had to use make sure spyware was gone. Now, I want to set it up so I can approach spyware fast and quickly. cheers to the multiple support. thanks Dannik for configuration help. Quote Link to comment Share on other sites More sharing options...
Kaeri Posted March 8, 2004 Share Posted March 8, 2004 I am climbing the walls with the MSG118.dll. I tried all the suggestions above, including Safe w/Command and editing the msg118.dll file, but after it opens I get "Cannot Edit a Read-Only File". I rebooted (for the umpteenth time) and changed the properties on the msg118 (it wasn't "read only" but it was "archive" so I cleared the archive check-box) and tried again. STILL no luck. Any suggestions? Quote Link to comment Share on other sites More sharing options...
NurFACE Posted March 9, 2004 Author Share Posted March 9, 2004 You have xp pro or 2000 you don't change file or edit in graphic user interface. You have to choose F8 when booting so start hitting F8 after post screen then choose start with command prompt. You will need to remember or write down the path of MSG118.dll. Once your in the path. example c:\windwos> if MSG118.DLL is in your root of windows then you will go c:\windows>edit msg118.dll a window will open and you can highlight text and choose cut from list of options at top of menu window for notepad. I hope you are following me and know how to change directories in command prompt window. c:\documents and settings>cd.. will change directory to c:\> then you type the directory you would like to enter by c:\>cd windows will change to c:\windows> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.