Hi Folks

Firstly I am sorry, I know a lot of this is covered in the sticky thread, but I have tried all the suggestions in there and they work temporarily, but next time I reboot these :mad: popups are back!

I had used Adaware (updated version of), Spyboy, Crap Cleaner, Trend Micro house call virus scanner etc... done all those things, each time I run them they find this VX2 malware and remove it. I reboot, and its back!!! :mad: :mad: :mad: What oh what can I do to permanently get rid of it? I know a pop-up blocker will do exactly that (block the pop ups) but I want to treat the cause, rather than masking the symptoms... Even did a search through the registry and cant find any entries regarding it!

Its a popup that appears advertising different things (casinos, Ebay, viagra etc) each time you open a new internet explorer window

Any thoughts??? :confused:

again I am sorry, I did read all the way through the sticky thread, and am still stuck with the problem....

Have you tried Zone Alarm? The free one seems to work well for me and know others who have good success with it.

Zone Alarm (http://www.zonelabs.com/store/application?namespace=zls_main&origin=global.jsp&event=link.home&&zl_catalog_view_id=201)

PW

sinala1,

If you are still having problems after trying Mike Jenvey's suggestion, then:

Download Hijack This! (http://www.thespykiller.co.uk) and post the log file here. Do NOT make any repairs. (Hijack This! pulls up everything, including programs that are supposed to be in your computer.)

Take Care,

Richard

You could try down loading Mozilla or Mozilla Firefox, and running that as your browser instead of IE. These have inbuilt popup stoppers, and are not as prone to such things and security problems.

I run Mozilla and find it pretty good.:ok:

Hi folks, thanks for all your help! On running Adaware with the VX2 addon, it claims I dont have the VX2 malware? I did, but now something else is coming up :{ , which I am trying to find the name of so I can then find a specific addon to try and remove it!

Richard thanks for the suggestion. I ran Hijackthis and got the following error about 4 seconds after it begins the scan:

"An unexpected error has occurred at procedure: modMain_FixUNIXHostsFile()
Error #28 - Application-defined or object-defined error

Please email me at [email protected], reporting the following:
* What you were doing when the error occurred
* How you can reproduce the error
* A complete HijackThis scan log, if possible

Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.98.2

This message has been copied to your clipboard."

It finds 2 entries before it gets to that stage, but then it does not complete the scan and closes the program - so there is no log that I can show you unfortunately.

It is scanning "O1 Hosts Files redirection" when it displays the error. The 2 entries it finds are:

* R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\InternetSetti ngs,ProxyOverride = 127.0.0.1

* F2 - REG:system:ini Userint=C: \WINDOWS\system32\userint.exe, C: \WINDOWS\system32\wsaupdater.exe,

The F2 one looks like it has more info on the end of it, but I am unable to view it...

I tried re-downloading HijackThis incase it was corrupted during download, but get the same problem. Is there anything I should be changing in the Config section?

Thanks again folks for all your help, we can beat this b:mad: tard thing yet! :ok:

Oh and for the record, I am running Windows XP with Service Pack 2 (which I think was a mistake to download, problems just getting worse since I have done that!) - guessing XP is just a later version of NT?

(edited to put a space between the c: and the \, otherwise you get emoticons there - oops!)

sinala1,

I have not seen HJT! error before. I would send off the email and see what kind of a reply you get.

We should wait to see what comments Liam has. He is the expert with HJT!

Take Care,

Richard

sinala1,

If HJT giving problems - would suggest trying Symantec's free online security checker.. here:-

http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=in&venid=sym

It may well be able to identify any malware and offer some removal tools..

It may be a good idea to do a fresh reboot immediately prior to visiting the site; as I've found some malware has little immediate effect straight after a reboot!

If no joy - wait for E-Liam to arrive on this thread..

I'm sure he'll be along soon!

Best of luck! - Let us know how you get on

- cheers

Out of Trim.

;)

Hi Sinala,

Look for this folder..

C:\Program Files\WindowsSA

and delete it, then look for this file and delete also..

C:\Windows\System32\wsaupdater.exe

Then reboot and have another go at running HJT. If that still doesn't work, then you will need to replace the hosts file in IE. You'll need the Windows disc to do this, or I can give you a link to a pre-written hosts file, especially designed to stop you having any more problems.. (within reason), but let's see how you get on with the above first.

Cheers

Liam

Try turning off the system restore points too as the little beggars can still hide in there.....

After taking the advice on this (http://www.pprune.org/forums/showthread.php?s=&threadid=135966) thread I have not had a problem.