Network Security Warning ..... How to Protect Yourself On The Internet

[Wry1]

Quote:

Originally posted by pointreyes
Just because Cisco has acquired Linksys does not mean that Linksys has gotten better. I have always been hesistant with a Linksys for a router and looks like it was a good thing I was.

http://techupdate.zdnet.com/techupda..._and_DDoS.html

Just to let people know, I have a Linksys BEFSX41 router/switch (firmware 1.45.6, Oct 20 2003) that is the subject of the article in the above link and I ran the ShieldsUp Scan seven times in a row and not once did it show a port that was not in stealth mode (I did however have to forward port 113 as indicated to stealth it, because it's default is just blocked as the article mentioned).

I ran S.O.S. (Sygate Online Services) and it returned all ports blocked (in stealth mode) on the stealth scan also.

I don't know why David Berlind (the author of the above links article) had trouble with the ShieldsUp scan returning different results on consecutive tries, but as can happen with all hardware, maybe he just got a bad router.

[GAM]

Quote:

Originally posted by 3 of 7
I'm having trouble sharing my printer on my network too...it was shared just fine till I applied MS HOTFIX 821557....I also updated the firmware on my dlink router on the same time

Hi there, sorry but I had meant to respond to this earlier. I hope you are still perusing the thread.

I did manage to get my 'Printer Sharing' working and it was a simple matter of installing the drivers from the local PC/Printer for the networked/shared PC/Printer.

This may not be the same issue, but just in case its worth a try:

1. Go to the properties page of the printer from the locally connected PC
2. Click on the Sharing tab
3. In the Drivers field box, click on the Additional Drivers button
4. Choose the applicable printer and follow your instincts from there.
(Sorry I can't be bothered going through it again but it was very easy. Don't sweat it.)

Although I had previously installed all the necessary drivers directly on the network PC in the past, something had gone astray somewhere along the lines and this fixed it.

No doubt this fix could apply to many of you out there with a similar issue.

Hope this helps.

Cheers

[3 of 7]

Quote:

Originally posted by GAM
Hi there, sorry but I had meant to respond to this earlier. I hope you are still perusing the thread.

I did manage to get my 'Printer Sharing' working and it was a simple matter of installing the drivers from the local PC/Printer for the networked/shared PC/Printer.

This may not be the same issue, but just in case its worth a try:

1. Go to the properties page of the printer from the locally connected PC
2. Click on the Sharing tab
3. In the Drivers field box, click on the Additional Drivers button
4. Choose the applicable printer and follow your instincts from there.
(Sorry I can't be bothered going through it again but it was very easy. Don't sweat it.)

Although I had previously installed all the necessary drivers directly on the network PC in the past, something had gone astray somewhere along the lines and this fixed it.

No doubt this fix could apply to many of you out there with a similar issue.

Hope this helps.

Cheers

I'm running xp pro on all 4 boxes, the printer works on 3 of them, but on the 4th I can't see it when I try and add a printer.....I can see it in network places when I click "show all computers" and click on the host.....when I try and connect, I get a printer isn't connected, or share name is misspelt message....

I did a reformat on the host box and with just xp and sp1 running I had the same problem, so I guess it wasn't the hotfix, more like something the kids have installed or changed on their box

[PCBruiser]

THIS IS A DUPLICATE POST. But considering the subject, and HOW NASTY AND DANGEROUS THIS THING IS, I consider it worthy of being noted in a sticky as well as in the News Forum. BEWARE OF THIS ONE, FOLKS!

And, all credit for this goes to DriverHeaven, where I have copied this from. My apologies to them if this is a NoNo, but the word on this has to get out.

Here's the bad new folks:

Adspy-Virus that Norton 2004, Adaware and Spybot can not remove
Posted on Monday, April 19, 2004
at 6:44 PM by zerodamage - 16 Comments

I've come across the ugliest spyware to date. This thing will just not go away by normal means. Adaware, Spybot, nothing will remove it at this time.

I've been working on removing this spyware infection on a customer's computer for 2 days now. Adaware has an update to find the infection but what happens is that it can not be removed. Spybot doesn't detect it either. What happens is that Adaware finds this and says it will have to reboot, even in safe mode, and when the computer restarts, this spyware kills Adaware from starting up at startup. This spyware also connects to the internet and installs other spyware. Not only that but it digs itself into the Winlogon.exe file. You do NOT want this thing on your computer. The only way to remove this thing right now is by reinstalling windows and possibly by other complicated methods. Norton Antivirus 2004 did not detect it.

Now this thing is called: VX2.BetterInternet
The file is ausmsext.cpy.dll located in your system32 folder. This thing uses different DLL files and makes copies.
There is also a registry entry going into Hkey_Local_Machine/Software/Microsoft/Windows NT/winlogon/notify/guardian

Adaware classifies this thing as a Data Miner. Now there are ways to remove this but none of them are 100% and it finds ways of getting back. So the only sure way of removing this is a format and reinstall of Windows. Adaware finds it but can not fully remove it.
You can see how ugly this thing can be at the Adaware forums Here.

To help you avoid getting this thing, avoid the sites listed at: PCSympathy.com

This seems to be the only working method for removing this thing. It did not work for me but has worked for many others if you have this thing on your computer. Read the instructions Here

There is some good news in all of this. Spyware Blaster blocks this from ever installing on your system. You can download it from Javacoolsoftware. Remember to update after installing it. Also make sure you enable all of the protection.

These types of infections are only going to get worse. Laws need to be put into place to punish companies that do this.

[PCBruiser]

Here is some more on this NASTY. Taken from PC Sympathy, and all credits to them for this info:

Thewatcher writes "Over the past month, I have seen an increase in infestations by a group called Bundleware.com which with the signature of Ad-aware calling it VX2.BetterInternet objects. Until last night, I believed it was wrong to label Bundelware with the VX2 Transponder signature as their methods were different from what I could see. Not so now however!

After running tests on one of their programs called SpyBan from SpyBan.net I now see why so much of the Better Internet Win32 BI Application and Bi Transponder variants show up with object comments pointing to Bundleware, Look2Me, and SimilarSingles. It is because that at the time of installing any software from that belongs to Nictech Networks, the first thing it does is access the Internet at the time of install and install one of the cab files directly from abetterinternet.com.

I officially add Nictech Networks and their sites to my Transponder Gang Listings.

NetPal of Mindset Internactive that had once worked with the VX2 Transponders are also again foisting the Bi transponder variants as is Nictech Networks. Once the Better Internet Transponders are installed they start using their own ad servers from abetterinternet.com and offeroptimizer.com (Both being owned by the VX2 Corporation aka Better Internet Inc. aka Direct-Revenue.com).

Here are my sites to stay away from and their software not to install.

Sites:
abetterinternet.com
cleangetaway.biz
mypanicbutton.com
vx2.cc
msview.cc
stop-popup-ads-now.com
tps108.org
ipinsight.com
outwar.com
mp3raid.com
chinatopnews.com
netpaloffers.net
netpalnow.com
bc777.com
f1organizer.net
n69.com
webdream.com
trafficstandard.com
internalmonkey.com
digitalrooster.com

BUNDLEWARE

nictechnetworks.com
thindivide.com
look2me.com
bundleware.com
similarsingles.com
spyban.net
gnutellaaccelerator.com
imbum.com -NetPal ActiveX
ZeroTrace.com

SOFTWARE

gnutella accelerator (thindivide)
spyban Spy remover(Spywarenuker/noadware)
thindivide p2p
similarsingles free Dating form
ZeroTrace - Windows Trace Remover

[Wingit]

Thanks for the update(s) PCB.....just checked those locations (Sys32 and registry) for the offending files as I had a hijacker earlier this week before adopting more stringent security precautions...I was clean, but took the opportunity to check my Spyware Blaster for updates, per your comments. This thread has been and continues to be of great service.


Certainly some sort of legislation addressing this is way overdue, but needs, of course, to be written with constitutional rights at the forefront of any considerations.....the path to achieving a balance of individual rights and common good is always a thorny one, even when seeking to curtail the rights/actions of those perceived as scum...a definition of these progenitors of malware I certainly adhere to.

[PCBruiser]

Wingit, just to clarify, the two posts were from DriverHeaven and PC sympathy, for which I can take no credit personally, other than knowing how to use the copy and paste functions properly. All credit for this goes to their respective authors.

[Wingit]

Quote:

Originally posted by PCBruiser
Wingit, just to clarify, the two posts were from DriverHeaven and PC sympathy, for which I can take no credit personally, other than knowing how to use the copy and paste functions properly. All credit for this goes to their respective authors.

The credit was for starting this thread AND for collecting this information...no one else had...take the compliment PCB (it wont hurt, honest!, lol)

[borodar]

interesting.
I am going to visit all listed sites, i want browser highjack to finally happen to me... Or get a trojan... or something...

Oh, carp! I need to install software from those sites! Now that's a diff. story...

Too bad. I thought that was a sure way to be finally proven wrong for not installing antivirus soft for past 5 years and using plain stupid ie.

[PCBruiser]

Quote:

Originally posted by borodar
Too bad. I thought that was a sure way to be finally proven wrong for not installing antivirus soft for past 5 years and using plain stupid ie.

I deeply respect the courage of a high-wire walker. But, that doesn't mean I can recommend emulating them.

[borodar]

u r probably right. I just wonder how many years shall pass before i'll finally get infected\highjacked\trojaned... 5 is sure too short of a term.

[wayne_abx]

Quote:

Originally posted by PCBruiser
THIS IS A DUPLICATE POST. But considering the subject, and HOW NASTY AND DANGEROUS THIS THING IS, I consider it worthy of being noted in a sticky as well as in the News Forum. BEWARE OF THIS ONE, FOLKS!

And, all credit for this goes to DriverHeaven, where I have copied this from. My apologies to them if this is a NoNo, but the word on this has to get out.

Here's the bad new folks:

Adspy-Virus that Norton 2004, Adaware and Spybot can not remove
Posted on Monday, April 19, 2004
at 6:44 PM by zerodamage - 16 Comments

I've come across the ugliest spyware to date. This thing will just not go away by normal means. Adaware, Spybot, nothing will remove it at this time.

I've been working on removing this spyware infection on a customer's computer for 2 days now. Adaware has an update to find the infection but what happens is that it can not be removed. Spybot doesn't detect it either. What happens is that Adaware finds this and says it will have to reboot, even in safe mode, and when the computer restarts, this spyware kills Adaware from starting up at startup. This spyware also connects to the internet and installs other spyware. Not only that but it digs itself into the Winlogon.exe file. You do NOT want this thing on your computer. The only way to remove this thing right now is by reinstalling windows and possibly by other complicated methods. Norton Antivirus 2004 did not detect it.

Now this thing is called: VX2.BetterInternet
The file is ausmsext.cpy.dll located in your system32 folder. This thing uses different DLL files and makes copies.
There is also a registry entry going into Hkey_Local_Machine/Software/Microsoft/Windows NT/winlogon/notify/guardian

Adaware classifies this thing as a Data Miner. Now there are ways to remove this but none of them are 100% and it finds ways of getting back. So the only sure way of removing this is a format and reinstall of Windows. Adaware finds it but can not fully remove it.
You can see how ugly this thing can be at the Adaware forums Here.

To help you avoid getting this thing, avoid the sites listed at: PCSympathy.com

This seems to be the only working method for removing this thing. It did not work for me but has worked for many others if you have this thing on your computer. Read the instructions Here

There is some good news in all of this. Spyware Blaster blocks this from ever installing on your system. You can download it from Javacoolsoftware. Remember to update after installing it. Also make sure you enable all of the protection.

These types of infections are only going to get worse. Laws need to be put into place to punish companies that do this.

Ya, this is nasty...
To Remove VX2

Stop Running Processes:
Kill these running processes with Task Manager:

profilepath+\local settings\temporary internet files\content.ie5\ot2jqp0h\bi[1].exe
profilepath+\local settings\temp\belt.exe
profilepath+\local settings\temp\biprep.exe
profilepath+\local settings\temp\preinsbi.exe
programfilesdir+\clean get-away\cgetwy.exe
programfilesdir+\clean get-away\deletelockedfiles.exe
programfilesdir+\my panicbutton\deletelockedfiles.exe
programfilesdir+\my panicbutton\mypbtn.exe
systemroot+\belt.exe
systemroot+\bi.exe
systemroot+\biprep.exe
systemroot+\lastgood\biprep.exe
systemroot+\preinsbi.exe
systemroot+\temp\biprep.exeft1_01_0_279_gepfah.exe

Remove AutoRun Reference:
Go To the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Unregister DLLs:
Unregister these DLLs with Regsvr32, then reboot:

profilepath+\local settings\temp\bi.dll
programfilesdir+\clean get-away\cleanhistories.dll
programfilesdir+\common files\betterinternet\ssuvtmr.dll
programfilesdir+\common files\betterinternet\ssuvtmr6.dll
programfilesdir+\common files\betterinternet\utils_21.dll
programfilesdir+\common files\betterinternet\vbalicom6.dll
systemroot+\bi.dll
systemroot+\system32\bi.dll
systemroot+\system32\msg{10d1ea6f-2635-4aa0-9f1e-c06ab193eca0}0111.dll
systemroot+\system32\msg{46a90020-f0d5-11d7-b75c-000ae6dff293}0111.dll
systemroot+\system32\msg{486f2c20-e64b-11d7-aaa2-0040058246b3}0111.dll
systemroot+\system32\msg{5b32dacd-56a9-4ddf-899d-f4419956f855}0112.dll
systemroot+\system32\msg{67dc41a0-f3e4-11d7-8fc4-0010dcf3f9b3}0111.dll
systemroot+\system32\msg{89200fed-9d24-41ca-906fa89e97cba292}0111.dll
systemroot+\system32\msg{92718eea-cc55-4576-ac52-d377170d24c5}0111.dll
systemroot+\system32\msg{a54e2100-e1da-11d7-b93a-00096bf2a541}0111.dll
systemroot+\system32\msg{a70745d6-od8c-4a4d-b9b8-c594598d3afd}0112.dll
systemroot+\system32\msg{b5211e71-7ca6-4cdd-96fc-7d30768858c3}0112.dll
systemroot+\system32\msg{e85eacfd-6a79-4643-b02e-2690b134b288}0111.dll
systemroot+\system32\msg{e912ec00-e76a-11d7-a9d1-0050ba0ba538}0111.dll
systemroot+\system32\msg{f7c98852-ba58-4a8f-a54f-646c03042b4a}0112.dll
systemroot+\system32\sitehlpr.dll
systemroot+\system32\vx2.dll
systemroot+\system\bi.dll
systemroot+\system\ehelper.dll
systemroot+\system\kernellos.dll
systemroot+\system\msg{10d1ea6f-2635-4aa0-9f1e-c06ab193eca0}0111.dll
systemroot+\system\msg{46a90020-f0d5-11d7-b75c-000ae6dff293}0111.dll
systemroot+\system\msg{486f2c20-e64b-11d7-aaa2-0040058246b3}0111.dll
systemroot+\system\msg{5b32dacd-56a9-4ddf-899d-f4419956f855}0112.dll
systemroot+\system\msg{67dc41a0-f3e4-11d7-8fc4-0010dcf3f9b3}0111.dll
systemroot+\system\msg{89200fed-9d24-41ca-906fa89e97cba292}0111.dll
systemroot+\system\msg{92718eea-cc55-4576-ac52-d377170d24c5}0111.dll
systemroot+\system\msg{a54e2100-e1da-11d7-b93a-00096bf2a541}0111.dll
systemroot+\system\msg{a70745d6-od8c-4a4d-b9b8-c594598d3afd}0112.dll
systemroot+\system\msg{b5211e71-7ca6-4cdd-96fc-7d30768858c3}0112.dll
systemroot+\system\msg{e85eacfd-6a79-4643-b02e-2690b134b288}0111.dll
systemroot+\system\msg{e912ec00-e76a-11d7-a9d1-0050ba0ba538}0111.dll
systemroot+\system\msg{f7c98852-ba58-4a8f-a54f-646c03042b4a}0112.dll
systemroot+\system\msg{f7c98852-ba58-4a8f-a54f-646c03042b4a}0113.dll
systemroot+\system\sitehlpr.dll
systemroot+\system\vx2.dll
systemroot+\temp\bi.dllmsg{7825467c-d5db-4708-b0bf-2943792fab60}0115.dll
msg{c4079322-f5d9-45c1-aa42-8e3acbc43fd6}0112.dll
msg{c4079322-f5d9-45c1-aa42-8e3acbc43fd6}0113.dll
msg{c4079322-f5d9-45c1-aa42-8e3acbc43fd6}0115.dll
msview.dll
ssubtmr.dll
ssubtmr6.dll

Clean Registry:
Remove these registry items (if present) with RegEdit:

HKEY_CLASSES_ROOT\bidll.bidllobj.1
HKEY_CLASSES_ROOT\clsid\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_CLASSES_ROOT\clsid\{000006b1-19b5-414a-849f-2a3c64ae6939}
HKEY_CLASSES_ROOT\clsid\{ddffa75a-e81d-4454-89fc-b9fd0631e726}
HKEY_CLASSES_ROOT\clsid\{ef100607-f409-426a-9e7c-cb211f2a9030}
HKEY_CLASSES_ROOT\f1.organizer
HKEY_CLASSES_ROOT\f1.organizer.1
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{000006b1-19b5-414a-849f-2a3c64ae6939}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_CLASSES_ROOT\typelib\{11cc62b2-65f2-4a82-b332-5de4e8384422}
HKEY_CLASSES_ROOT\typelib\{ef100007-f409-426a-9e7c-cb211f2a9786}
HKEY_CLASSES_ROOT\vx2.vx2obj
HKEY_LOCAL_MACHINE\clsid\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_LOCAL_MACHINE\clsid\{000006b1-19b5-414a-849f-2a3c64ae6939}
HKEY_LOCAL_MACHINE\clsid\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_LOCAL_MACHINE\software\classes\clsid\{000006b1-19b5-414a-849f-2a3c64ae6939}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ddffa75a-e81d-4454-89fc-b9fd0631e726}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_LOCAL_MACHINE\software\dbi
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{11111111-1111-1111-1111-111111111111}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20000273-8230-4dd4-be4f-6889d1e74167}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{30000273-8230-4dd4-be4f-6889d1e74167}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{000006b1-19b5-414a-849f-2a3c64ae6939}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\belt
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shell extensions\approved\{ddffa75a-e81d-4454-89fc-b9fd0631e726}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\dbi
HKEY_USERS\s-1-5-21-2333004253-142840635-331808302-1009\software\destiny

Remove Files:
Remove these files (if present) with Windows Explorer:

profilepath+\desktop\clean get-away.lnk
profilepath+\desktop\my panicbutton.lnk
profilepath+\local settings\temporary internet files\content.ie5\ot2jqp0h\bi[1].exe
profilepath+\local settings\temp\belt.exe
profilepath+\local settings\temp\bi.dll
profilepath+\local settings\temp\bi.inf
profilepath+\local settings\temp\bi.ini
profilepath+\local settings\temp\biini.inf
profilepath+\local settings\temp\biprep.exe
profilepath+\local settings\temp\preinsbi.exe
profilepath+\start menu\programs\netturbo.lnk
profilepath+\start menu\programs\startup\cliptrakker.lnk
profilepath+\start menu\programs\startup\controller.lnk
profilepath+\start menu\programs\startup\memturbo.lnk
profilepath+\start menu\programs\startup\netturbo.lnk
programfilesdir+\clean get-away\cgetwy.exe
programfilesdir+\clean get-away\cleanhistories.dll
programfilesdir+\clean get-away\deletelockedfiles.exe
programfilesdir+\clean get-away\eventfirer.ocx
programfilesdir+\clean get-away\help.chm
programfilesdir+\common files\betterinternet\ssuvtmr.dll
programfilesdir+\common files\betterinternet\ssuvtmr6.dll
programfilesdir+\common files\betterinternet\utils_21.dll
programfilesdir+\common files\betterinternet\vbalicom6.dll
programfilesdir+\my panicbutton\deletelockedfiles.exe
programfilesdir+\my panicbutton\help.chm
programfilesdir+\my panicbutton\mypbtn.exe
systemroot+\belt.exe
systemroot+\bi.dll
systemroot+\bi.exe
systemroot+\bi.ini
systemroot+\biprep.exe
systemroot+\downloaded program files\payload2.inf
systemroot+\inf\bi.inf
systemroot+\inf\payload2.inf
systemroot+\lastgood\biprep.exe
systemroot+\preinsbi.exe
systemroot+\system32\bi.dll
systemroot+\system32\msg{10d1ea6f-2635-4aa0-9f1e-c06ab193eca0}0111.dll
systemroot+\system32\msg{46a90020-f0d5-11d7-b75c-000ae6dff293}0111.dll
systemroot+\system32\msg{486f2c20-e64b-11d7-aaa2-0040058246b3}0111.dll
systemroot+\system32\msg{5b32dacd-56a9-4ddf-899d-f4419956f855}0112.dll
systemroot+\system32\msg{67dc41a0-f3e4-11d7-8fc4-0010dcf3f9b3}0111.dll
systemroot+\system32\msg{89200fed-9d24-41ca-906fa89e97cba292}0111.dll
systemroot+\system32\msg{92718eea-cc55-4576-ac52-d377170d24c5}0111.dll
systemroot+\system32\msg{a54e2100-e1da-11d7-b93a-00096bf2a541}0111.dll
systemroot+\system32\msg{a70745d6-od8c-4a4d-b9b8-c594598d3afd}0112.dll
systemroot+\system32\msg{b5211e71-7ca6-4cdd-96fc-7d30768858c3}0112.dll
systemroot+\system32\msg{e85eacfd-6a79-4643-b02e-2690b134b288}0111.dll
systemroot+\system32\msg{e912ec00-e76a-11d7-a9d1-0050ba0ba538}0111.dll
systemroot+\system32\msg{f7c98852-ba58-4a8f-a54f-646c03042b4a}0112.dll
systemroot+\system32\sitehlpr.dll
systemroot+\system32\vx2.dll
systemroot+\system\bi.dll
systemroot+\system\ehelper.dll
systemroot+\system\kernellos.dll
systemroot+\system\msg{10d1ea6f-2635-4aa0-9f1e-c06ab193eca0}0111.dll
systemroot+\system\msg{46a90020-f0d5-11d7-b75c-000ae6dff293}0111.dll
systemroot+\system\msg{486f2c20-e64b-11d7-aaa2-0040058246b3}0111.dll
systemroot+\system\msg{5b32dacd-56a9-4ddf-899d-f4419956f855}0112.dll
systemroot+\system\msg{67dc41a0-f3e4-11d7-8fc4-0010dcf3f9b3}0111.dll
systemroot+\system\msg{89200fed-9d24-41ca-906fa89e97cba292}0111.dll
systemroot+\system\msg{92718eea-cc55-4576-ac52-d377170d24c5}0111.dll
systemroot+\system\msg{a54e2100-e1da-11d7-b93a-00096bf2a541}0111.dll
systemroot+\system\msg{a70745d6-od8c-4a4d-b9b8-c594598d3afd}0112.dll
systemroot+\system\msg{b5211e71-7ca6-4cdd-96fc-7d30768858c3}0112.dll
systemroot+\system\msg{e85eacfd-6a79-4643-b02e-2690b134b288}0111.dll
systemroot+\system\msg{e912ec00-e76a-11d7-a9d1-0050ba0ba538}0111.dll
systemroot+\system\msg{f7c98852-ba58-4a8f-a54f-646c03042b4a}0112.dll
systemroot+\system\msg{f7c98852-ba58-4a8f-a54f-646c03042b4a}0113.dll
systemroot+\system\sitehlpr.dll
systemroot+\system\vx2.dll
systemroot+\temp\bi.dll
systemroot+\temp\bi.ini
systemroot+\temp\biprep.exebc777.html
ccrpftv6.ocx
ft1_01_0_279_gepfah.exe
msg{7825467c-d5db-4708-b0bf-2943792fab60}0115.dll
msg{c4079322-f5d9-45c1-aa42-8e3acbc43fd6}0112.dll
msg{c4079322-f5d9-45c1-aa42-8e3acbc43fd6}0113.dll
msg{c4079322-f5d9-45c1-aa42-8e3acbc43fd6}0115.dll
msview.dll
sitehlpr.inf
ssubtmr.dll
ssubtmr6.dll
vbaliml6.ocx

Remove Directories:
Remove these directories (if present) with Windows Explorer:

programfilesdir+\clean get-away
programfilesdir+\common files\betterinternet
programfilesdir+\my panicbutton
programfilesdir+\netturbotrial


-wayne

[PCBruiser]

Thank you Wayne. I sincerely hope that no one ever has to use your instructions, but it is very helpful to have them here, just in case.

A personal observation. This kind of thing is outrageous. It is pure theft, nothing more, nothing less. Theft of privacy, theft of your property - your OS and system, theft of your personal information, theft, pure and simple. These people are simply criminals and lowlife scum. White collar perhaps, but no better than the thug who sticks a gun in your ear at an ATM.

Protect yourselves, be smart.

[wayne_abx]

Additional information

Origins

Group: Mindset Interactive
http://www.mindsetinteractive.com/

==========

Domain Name: MINDSETINTERACTIVE.COM
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: NS1.VEL.NET
Name Server: NS2.VEL.NET
Status: ACTIVE
Updated Date: 31-mar-2003
Creation Date: 09-jun-2000
Expiration Date: 09-jun-2006



5 Corporate Park, Suite 160
Irvine, CA 92606
Phone: (949) 419-0262
Fax: (949) 419-0268

e-mail
Info@mindsetinteractive.com

Careers@mindsetinteractive.com


==========

FavoriteMan
FavoriteMan.FOne
FavoriteMan.SpyAssault
NetPal
NetPal.PrizePopper
VX2.a
VX2.b
VX2.BetterInternet
VX2.c
VX2.Clean Get-Away
VX2.d
VX2.e
VX2.f
VX2.h.ABetterInternet
VX2.h.ABetterInternet.e
VX2.MSView
VX2.My PanicButton
VX2.new variant
VX2.Respondmiter
VX2.SiteHelper
VX2.Transponder

What installes VX2:
Transponder/VX2
NetPal
ClickTheButton
ezCyberSearch toolbar
SideStep
BargainBuddy/Adp
NewDotNet
IGetNet
HotBar
n-Case
Mail.com Alerts
BargainBuddy
Apuc

-wayne

[wayne_abx]

Perhaps some email to these scum bags!!
(provided above)

-wayne