Thursday, November 13, 2008

VX2 Adware

How To Remove VX2?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
VX2 is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer.

As this information is entered by the user, it is captured by the BHO (Browser Helper Object) and
sent back to the attacker.
Typically, keyloggers of this type will send the stolen information back to the attacker via email
or HTTP POST, which can appear suspicious.A desktop hijacker replaces the desktop wallpaper with advertising
for products and services on the desktop.
The downloader either launches the new malware or registers it to enable autorun
according to the local operating system requirements.


VX2 It also known as:

[Kaspersky]Backdoor.Bionet.405,Backdoor.IRC.Zapchast,Backdoor.IRC.Zcrew,DoS.Win32.Nenet,Flooder.Win32.WarPing,TrojanDownloader.Win32.Femad.b;
[Eset]Win32/Femad.B trojan;
[McAfee]RemoteProcessLaunch;
[Panda]Adware/MSView,Application/HideWindow.A,Application/Psexec.A,Application/ToolWget.A,Backdoor Program,Bck/IRC.Mirc.Based,Bck/Multi.I,Bck/Zcrew.B,Bck/Zcrew.G,Flooder/Nenet. A,Spyware/BetterInet,Trj/Femad.A,Trj/Flood.BI,Trj/Passer.C,Trojan Horse;
[Computer Associates]Backdoor/Bionet.405!Server,Backdoor/IRC.Zcrew,Backdoor/ZCrew.B,Backdoor/ZCrew.B.IRC,Backdoor/Zcrew.G,BAT.IRCFlood,BAT.Noshare.B,Bat/Flood.C!Trojan,IRC.Flood,mIRC/Flood.I!Trojan,mIRC/Flood.RmtCfg!Trojan,Win32.BettInet.C,Win32.Bionet.405,Win32.Femad.A,Win32.IRCFlood,Win32.Startpage.KF!downloader,Win32/Rslocal.B!Downloader,Win32/SillyDL.70656!Trojan,Win32/Spybot.FR!Worm,Win32/Startpage.KF!Downloader;
[Other]Trojan

VX2 Symptoms:

Files:
[%PROFILE_TEMP%]\tm1180.exe
[%SYSTEM%]\TPS108.dll
[%WINDOWS%]\Help\nocontnt.GID
[%WINDOWS%]\TEMP\upd209.exe
[%PROFILE%]\desktop\clean get-away.lnk
[%PROFILE%]\desktop\my panicbutton.lnk
[%SYSTEM%]\3lviewer.dll
[%SYSTEM%]\3vviewer.dll
[%SYSTEM%]\3zviewer.dll
[%SYSTEM%]\6eo4svc.dll
[%SYSTEM%]\6fo4svc.dll
[%SYSTEM%]\6uo4svc.dll
[%SYSTEM%]\host.dll
[%SYSTEM%]\lyiclp.dll
[%SYSTEM%]\msview.dll
[%SYSTEM%]\sitehlpr.dll
[%SYSTEM%]\tps108.dll
[%SYSTEM%]\vx2.dll
[%WINDOWS%]\system\ehelper.dll
[%WINDOWS%]\system\host.dll
[%WINDOWS%]\system\kernellos.dll
[%WINDOWS%]\system\msview.dll
[%WINDOWS%]\system\sitehlpr.dll
[%WINDOWS%]\system\tps108.dll
[%WINDOWS%]\system\vx2.dll
[%PROFILE_TEMP%]\tm1180.exe
[%SYSTEM%]\TPS108.dll
[%WINDOWS%]\Help\nocontnt.GID
[%WINDOWS%]\TEMP\upd209.exe
[%PROFILE%]\desktop\clean get-away.lnk
[%PROFILE%]\desktop\my panicbutton.lnk
[%SYSTEM%]\3lviewer.dll
[%SYSTEM%]\3vviewer.dll
[%SYSTEM%]\3zviewer.dll
[%SYSTEM%]\6eo4svc.dll
[%SYSTEM%]\6fo4svc.dll
[%SYSTEM%]\6uo4svc.dll
[%SYSTEM%]\host.dll
[%SYSTEM%]\lyiclp.dll
[%SYSTEM%]\msview.dll
[%SYSTEM%]\sitehlpr.dll
[%SYSTEM%]\tps108.dll
[%SYSTEM%]\vx2.dll
[%WINDOWS%]\system\ehelper.dll
[%WINDOWS%]\system\host.dll
[%WINDOWS%]\system\kernellos.dll
[%WINDOWS%]\system\msview.dll
[%WINDOWS%]\system\sitehlpr.dll
[%WINDOWS%]\system\tps108.dll
[%WINDOWS%]\system\vx2.dll

Folders:
[%PROGRAM_FILES%]\clean get-away
[%PROGRAM_FILES%]\my panicbutton

Registry Keys:
HKEY_CLASSES_ROOT\CLSID\{0000026A-8230-4DD4-BE4F-6889D1E74167}
HKEY_CLASSES_ROOT\clsid\{00000580-c637-11d5-831c-00105ad6acf0}
HKEY_CLASSES_ROOT\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}
HKEY_CLASSES_ROOT\clsid\{4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}
HKEY_CLASSES_ROOT\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
HKEY_CLASSES_ROOT\interface\{50f646b1-1c3e-4b01-b818-437e1276e5be}
HKEY_CLASSES_ROOT\typelib\{690bccb4-6b83-4203-ae77-038c116594ec}
HKEY_CLASSES_ROOT\typelib\{7efe1256-ab56-44b3-a63a-eb1a2208a490}
HKEY_CLASSES_ROOT\vx2.vx2obj
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{11111111-1111-1111-1111-111111111111}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0000026A-8230-4DD4-BE4F-6889D1E74167}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adbehavior
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\system monitor for windows 98\nt\xp\2000\2003_is1
HKEY_LOCAL_MACHINE\SOFTWARE\RespondMiter
HKEY_LOCAL_MACHINE\SOFTWARE\Transponder
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\print\monitors\zepmon
HKEY_CLASSES_ROOT\*\shellex\contextmenuhandlers\ffqnkgtx
HKEY_CLASSES_ROOT\clsid\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_CLASSES_ROOT\clsid\{0000026a-8230-4dd4-be4f-6889d1e74167}
HKEY_CLASSES_ROOT\clsid\{00000273-8230-4dd4-be4f-6889d1e74167}
HKEY_CLASSES_ROOT\clsid\{002eb272-2590-4693-b166-fbd5d9b6fea6}
HKEY_CLASSES_ROOT\clsid\{0ef3e768-48d4-40d2-91a6-7d2b816a6e55}
HKEY_CLASSES_ROOT\clsid\{1000026a-8230-4dd4-be4f-6889d1e74167}
HKEY_CLASSES_ROOT\clsid\{11111111-1111-1111-1111-111111111111}
HKEY_CLASSES_ROOT\clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
HKEY_CLASSES_ROOT\clsid\{daeacd99-d7c4-4b98-9fd1-8077f69310ea}
HKEY_CLASSES_ROOT\clsid\{eee2ecb9-eac0-4d02-8360-4c0de4d23abc}
HKEY_CLASSES_ROOT\clsid\{ef100607-f409-426a-9e7c-cb211f2a9030}
HKEY_CLASSES_ROOT\clsid\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_CLASSES_ROOT\dlexpertclick
HKEY_CLASSES_ROOT\multimppdll.multimppdllobj
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0000026a-8230-4dd4-be4f-6889d1e74167}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000273-8230-4dd4-be4f-6889d1e74167}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000580-c637-11d5-831c-00105ad6acf0}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_CLASSES_ROOT\typelib\{11cc62b2-65f2-4a82-b332-5de4e8384422}
HKEY_CLASSES_ROOT\\multimppdll.multimppdllobj.1
HKEY_CURRENT_USER\software\multimpp
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\f1e45b94-76ba-4e62-9fe8-a72a04ec35a9
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{11111111-1111-1111-1111-111111111111}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20000273-8230-4dd4-be4f-6889d1e74167}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0000026a-8230-4dd4-be4f-6889d1e74167}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000273-8230-4dd4-be4f-6889d1e74167}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000580-c637-11d5-831c-00105ad6acf0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{002eb272-2590-4693-b166-fbd5d9b6fea6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_LOCAL_MACHINE\software\respondmiter
HKEY_LOCAL_MACHINE\software\transponder

Registry Values:
HKEY_CURRENT_USER\software\bundles
HKEY_CLASSES_ROOT\activexctrl\clsid
HKEY_CURRENT_USER\software\bundles
HKEY_CURRENT_USER\software\microsoft\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run
HKEY_LOCAL_MACHINE\software\topconverting


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:

No comments: