vx2.look2me

[osborned_rcc]

Alright, I'm unsure at what point this started, but every PC I've slipstreamed with my latest round of disks have come up with the vx2.look2me trojan in them. MS AntiSpyware grabs it as soon as I log in for the first time. I've torn my dev computer up trying to find any traces of it, and while I DID remove it with CWShredder, my new slipstreams are still coming up with it. I'm trying to determine if it's really on my slipstream, or if it's propagating through our network somehow. I've run Trojanhunter on full scan through my PC and through the DVD, which supposedly can find all traces of this, but has so far turned up a blank. Anybody else having these problems?

[tarquel]

hmmmm.....

a small thought but are you sure that all you sources for the slipstreaming are from MS? (silly I know but worth asking)

I suggest disconnecting every machine from the network and go thru each one with a fine tooth comb - or a cd of removal tools and/or printed removal instructures.

I found this handy link - http://www.spywareguide.com/product_show.php?id=25 - which describes all the points of infection.

You need to check out all the points on the list and also (previous to that) run the following tools:

- MS Antispyware Beta 1 (i know you are but for the sake of saying it )

- CWShredder

- Spybot - Search & Destroy

- Ad-Aware Personal SE (i think this one has a VX2 plugin tool that you should install/run)

- HijackThis (careful with this one)

- Autoruns (careful here too - useful tho as I'm sure you already know)

[sorry for the lack of links but i better had get on with the washing up before my g/f gets home lol ]

Once fully removed, install SpywareBlaster & latest definitions - it "may" prevent it reapearing (only a maybe - and should help prevent the browser hijacker side of things lol)

If needs be - connect to the lan/internet and update the programs with the latest versions and defs but dont allow any other machine to be connected to the same network - just in case - and also update you A/V proggy with the latest defs.

Also, when you've done as much as you can to remove it - even the manual processes mentioned there, try a FULL A/V scan to get rid of any dropped files that may be linked to the problem.

Good luck and let us know how it goes

Nath.

[osborned_rcc]

Alright, another neat thing shows up and helps me out, I tried the Foxie plugin for IE, and the built-in spyware tool ripped out a reg key I had hidden away that nothing else found.

www.getfoxie.com