does anyone know how to remove VX2? i use adaware, which detects it, but if you remove it, it rewrites itself! very frustrating! Ive tried the adaware add on, to no effect. I have also tried switching off system restore and running scans in safe mode. any ideas other than reformatting?

You'll find an automatic removal tool you can download from this webpage.

Beer, Barbeque, Best Movies

Report Offensive Follow Up For Removal

The problem is, their removal tool doesn't work.

Download VX2 cleaner AddOn from LavaSoft and install it:

http://www.lavasoftusa.com/

Remove ALL "Temporary Internet Files" from each users profile.

Empty "Recycle Bin"

Restart in Safe Mode

Run AdAware SE full scan and remove all problems found in normal scan.

Next click on "Add-Ons"

Run VX2 cleaner

Restart to Windoze, rescan.

_________________________
The internet is no longer a toy, it's a COMBAT ZONE!

DANG, turn off "System Restore" before booting into "Safe Mode"

_________________________
The internet is no longer a toy, it's a COMBAT ZONE!

Thanks Martin, after a week of head banging, i came across this site trying to find a solution and found it. I have finally got rid of that vx2 crap. Thanks again.

I tried all of the above (apart from turning off System Restore as I am trying to clean a W2K machine) and it still resurfaces.

Each time AdAware says it cannot delete one of the randomly generated dll's, and can it run again on startup. I always respond Yes, but it never runs automatically (as Spybot S&D does). I have to launch it myself. And every time it finds VX2, but it appears to only find the randomly generated dll's.

So I downloaded the add-in, ran it, but it says the system is clean. Then I run a full AdAware scan again, and it finds it again. Did both these in Safe Mode also.

I've checked several forums, tried lots of suggestions, but still no success.

Any ideas before I rebuild the user's machine?

I'm having the same issues. I've tried all of the above suggestions and have even tried other removal tools to no avail. The one nugget of information that I did find is that even in Safe Mode, there's a module running called stayerxp.dll in addition to the randomly generated .dll that it seems to throw in there upon any reboot.

AdAware and Spybot S&D both say they need to run on reboot to remove any of the associated VX2 files. Unfortunately, they never do.

That's all the information I can provide right now. Hopefully I'll be able to nail it down tonight. Any additional information on this newest version of VX2 would be greatly appreciated. TIA.

-Dar

My PC was also infected by VX2 Malware as described by CPOREILLY (Response Number 5). It was really frustrating to remove it but then I have tried to remove VX2 Malware as mentioned by Martin Crandall (Response Number 2) and finally I got my PC cleaned from VX2 Malware. I want to tell you 2 things:
1) Complete all the procedure/scan with Ad-Aware SE in SAFE as well as normal mode, means don't leave any scan with Ad-Aware in between.
2) I have used A2 Free Malware (http://www.emsisoft.com/en/software/free/), which has helped me to remove 4-5 malware files. Exactly I don't know whether these files were related to VX2 Malware or not.

I want to say thanx to Martin.

debu

Time for me to chip in -- and thank Deven for the suggestion, it lead me in the right direction but wasn't everything. So here's what I had to do... [My system: Win2000, and AdAware Pro 1.05 + VX2 Tool didn't work.]

I followed Deven's instruction to download A², which said that calsp.dll was infected. While online, I also downloaded LSPFix from http://cexx.org/LSPFix.exe and set that aside. A² said it removed the file but it didn't (I had a Search window open and it stayed).

I immediately rebooted off DOS floppy (okay, Windows98 CD, my 3.5" drive is toast) and went to c:\winnt\system32 and typed DEL CALSP.DLL then hit Enter. File gone. Boot into Windows again, here we are. I can ping my DNS but not use canonical names, blah. Run the LSPFix tool, check into "I know what I'm doing", select calsp.dll for removal, registry entries removed. Reboot, and here I am browsing.

(now must remove the browser hijacker, twice while I was typing this note the browser suddenly decided to go to 69.20.16.183 to tell me about spyware removal tools... Spybot keeps pointing out those are there but hasn't actually removed them, so I will do that manually in the registry)

Task Manager has been open the whole time I've been typing this, and no crapware has materialized in the last 15 minutes. :-D

Thanks for all the help and it's nice to have the computer back. Best of luck, all; this thing is a fricking NUTCRACKER.

Say something cryptic, then leave snickering.

Next day: Okay, so maybe I was wrong about it ALL being gone... [sudden hijack!] but VX2 seems to be gone, now I must get rid of CoolWWW. CWShredder doesn't work. Heck, making the file "HOSTS" read-only doesn't work. This is getting annoying......

Say something cryptic, then leave snickering.

If all normal spyware removal attempts fail to remove persistent spyware such as VX2, remove the infested HDD and install it as a slave in another system (preferable a Win98 or Win2K system, in the unlikely event that a reboot scan is required) and scan with Ad-aware. The problems should be neutralized on the first scan, eliminating the need for a reboot scan. However, if that scan is required, that Win98 or Win2K system should let it run on reboot.

This might seem like an extreme solution, but extreme problems such as the VX2 spyware sometimes require extreme solutions.

Why can't some law demand that the companies who benefit from the install of this crap BE FINED IN A BIG WAY?!? They're easy to trace surely?

Or at least, anyone who actively wants it gone, but are unable to remove it, should be provided with some form of compensation (other than that dubious "You accepted this crap when you installed Program X (even tho' we never told you what a nightmare can of worms you opened").

I can help you! It's both more involved, but easier than you think. Using two free utilities that you can find on the web - DLL Compare and Pocket Killbox - you can easily wipe out VX2. You need to follow a procedure which I'll explain if you're interested. The problem is randomly named dll files in the system32 folder. Each time you reboot, they rename themselves! Someone should be shot for creating this. Send subject "Help me Jim" to tasar@aol.com - otherwise I delete email from unknowns without opening - explain you're looking for the VX2 solution - I won't charge you - I just don't have time right now at work!
Later - Jim

Soldiers against spyware, Unite!!

I am in a good mood because I just removed the pesky VX2 - thanks to the posting by Tasar (#12). So I will divulge the method. If you are like me then you've tried everything outthere to clean your pc and got no where. The first step is getting Hijackthis - this program will not remove the malware, but it is a good method of checking whether it is still there. If you have what I have then one of the lines in Hijack search (20) will beging with Winlogin Notify - followed by the file located in c:\windows\system32\*some wierd file name".dll. If this is what you have then this method is for you.

The reason why you cannot remove this file is because it gets reloaded at start up - with the same or another similar file(not going into details about this works because i dont know - I am a psychologist by profession).

So now that you've used hijack to establish that you have this specific VX2 problem, you must download 2 programs: 1)DLL compare, and 2) KillBox.

the fixing begins by runnin DLL compare - to scan the directory - c:\windows\system32 for dll files that are "devious." This step should identify all the devious files and create a log of them. this is where the tedious process begins. Keeping the DLL compare log open you must run KillBox. In kill box you will select the option "delete on reboot" and proceed to enter the files identified in DLL Compare ONE BY ONE. After you enter each file click the delete button BUT DO NOT REBOOT. You should only reboot once you've entered the last file (Killbox will know to delete all the files that you've entered on reboot.

you know that the process worked by running "devious" DLL files if you've done everything correctly.
The next step is to run hijack this - the entry will still be there followed by the following: (file missing). Now you can remove this entry and it will not come back again. You should also run Adaware to make sure that all the s--- that accumulated is cleared. AND VX3 is gone.

thank you very much to Jim (Tasar) for pitching the idea.

necessary links:

http://www.majorgeeks.com/download3155.html
http://www.bleepingcomputer.com/files/killbox.php
http://www.cybertechhelp.com/download/file/dll-compare

Good luck,

Igor