Back in August I showed how to remove a variant of the VXGame spyware. A few days ago, while on the lookout for some random spyware, I ran into another variant of VXGame. The number of modifications this spyware does to a computer is astonishing: It prevents the user from starting the Task Manager, changes the desktop background image, registers a component to get notifications when users logs on and off, registers a large number of programs to start when users logs on - one of them is BraveSentry - a rogue antispyware application. The infection also adds new drivers and services and on top of that it breaks the Internet connection. Below is the FreeFixer log and as you can see it's a total mess:
FreeFixer v0.22 log http://www.freefixer.com/ Operating system: Windows NT 5.1 Log dated 2007-10-08 23:19 Winlogon Notify (9 whitelisted) partnershipreg - C:\Documents and Settings\All Users\Dokument\Settings\partnership.dll (Remove) System policies HKCU\..\policies\system, DisableTaskMgr = 1 (Remove) HKCU\..\policies\system, Wallpaper = C:\WINDOWS\desktop.html (Remove) Registry Startups HKLM\..\Run, System = C:\WINDOWS\System32\kernelwind32.exe (Remove) HKLM\..\Run, SystemSv12 = C:\WINDOWS\System32\newmaxxsv234.exe (Remove) HKLM\..\Run, runner1 = C:\WINDOWS\tsitra27.exe 61A847B5BBF72810358.. (Remove) HKLM\..\Run, RegistryMonitor1 = (file is missing) (Remove) HKCU\..\Run, MSMSGS = "C:\Program\Messenger\msmsgs.exe" /background HKCU\..\Run, Windows update loader = C:\Windows\xpupdate.exe (Remove) HKCU\..\Run, Service Pack 1 = C:\WINDOWS\System32\vedxg6ame4.exe (Remove) HKCU\..\Run, Brave-Sentry = C:\Program Files\BraveSentry\BraveSentry.exe (Remove) HKCU\..\Run, WinAble = C:\Program\WinAble\winable.exe (Remove) Processes (18 whitelisted) C:\Program\Messenger\msmsgs.exe C:\Program\FreeFixer\freefixer.exe C:\WINDOWS\System32\dllh8jkd1q2.exe (Remove) C:\WINDOWS\System32\max1d11643v.exe (Remove) C:\WINDOWS\System32\vedxg6ame4.exe (Remove) C:\WINDOWS\System32\vedxga1me4t1.exe (Remove) C:\WINDOWS\System32\vedxg4am1et2.exe (Remove) C:\WINDOWS\System32\vedxga4m1et4.exe (Remove) C:\WINDOWS\System32\vedxg6ame4.exe (Remove) C:\DOCUME~1\Roger\LOKALA~1\Temp\5.tmp (Remove) C:\DOCUME~1\Roger\LOKALA~1\Temp\4.tmp (Remove) C:\WINDOWS\tsitra27.exe (Remove) C:\WINDOWS\tsitra27.exe (Remove) C:\Program Files\BraveSentry\BraveSentry.exe (Remove) c:\DOCUME~1\Roger\LOKALA~1\Temp\ic11.exe (Remove) C:\WINDOWS\b122.exe (Remove) C:\Program\WinAble\winable.exe (Remove) Application modules (45 whitelisted) C:\WINDOWS\System32\msvcrt64.dll (Remove) Services (33 whitelisted) aspimgr, Microsoft ASPI Manager, c:\windows\system32\aspimgr.exe (Remove) Drivers (26 whitelisted) Driver, , c:\windows\system32\kernelw.sys (Remove)
KIANOOOO writes