Dante
Apr 22nd '04, 12:03 AM
A workable solution has been found for Windows 2000 and XP Pro. Posted here by Option^Explicit:
http://forums.broadbandmedic.com/cgi-bin/ib3/ikonboard.cgi?;act=ST;f=1;t=6
Copying it here for ease of use:
<blockquote>Alrighty,
I have some info on fixing the Admin accounts so you can deal with Killing these files without all the booting from Recovery Console, Although that is a fairly efficient way of removing files such as these.
This info is for XP Pro only but the same method applies for 2000, just the names may vary slightly, but operations are done from the same panels.
Steps to take:
You will need KillBox ver.2.00.0179 (http://download.broadbandmedic.com/VbStuff/KillBox.zip), so download that and keep it handy, we will need it to remove the Look2Me files.(unzip the files to your Desktop)
Or if you used the recovery console to remove the files, you won't need it.
1.) From Control Panel>>Administrative Tools>>Local Security Policy & Under Local Profiles>>User Rights Assignment...and on the right side look for Debug Programs>>Right Click>>Select Properties.
2.)Click Add User or Group and when the next Window opens, click the Object Types button, and now put a Check in the box for Groups. click OK
3.)That Window will close, and the one you are left with click Advanced and from the next Window Find Now
*Look under Name(RDN) for Administrators and select it & Click OK.
4.)Administrators should show up in the box beside "Check Names" just Click OK, then that Window will close..and the next Window under the only Tab "Local Security Setting" should have Administrators listed in it, if it does Click Apply then OK again.
A ScreenShot (http://www.broadbandmedic.com/download/VbStuff/images/Pol.JPG) of what you should have.
and
Screenshot (http://www.broadbandmedic.com/download/VbStuff/images/NFG.JPG) of what an infected system looks like.
With a reboot that fixes that.
*Make sure you reboot!
After rebooting...
Close all open Windows, open KillBox and under Fix L2M>>Kill VX2.BetterInternet.
As before your Computer will Shut down..
On rebooting, the 2 files will be deleted.
*The Problem
Because we accessed these .dll files, they will have corrupted the User Rights Assignment again , but no big deal.
Repeat the Process of Adding the Administrators Group to the Debug Programs again, and since the offending files are gone, this time those settings will stay put.
Things to do with Killbox after removing these files:
1.)Click Find>>Find VX2.BetterInternet
*Nothing Should show up in the next window, if it does you are infected still. But if Clean then...
2.)Click Find>>User Agent String, click on the CLSID key, and under Action>>Delete User Agent String
3.)Click Fix L2M>>Import L2M.reg to remove various registry keys set by the software.
Run Ad-aware using an Updated reference file to remove anything else I missed.
Edited by Option^Explicit on April 15 2004,01:23</blockquote>
Hope this helps any of you that come across this.
http://forums.broadbandmedic.com/cgi-bin/ib3/ikonboard.cgi?;act=ST;f=1;t=6
Copying it here for ease of use:
<blockquote>Alrighty,
I have some info on fixing the Admin accounts so you can deal with Killing these files without all the booting from Recovery Console, Although that is a fairly efficient way of removing files such as these.
This info is for XP Pro only but the same method applies for 2000, just the names may vary slightly, but operations are done from the same panels.
Steps to take:
You will need KillBox ver.2.00.0179 (http://download.broadbandmedic.com/VbStuff/KillBox.zip), so download that and keep it handy, we will need it to remove the Look2Me files.(unzip the files to your Desktop)
Or if you used the recovery console to remove the files, you won't need it.
1.) From Control Panel>>Administrative Tools>>Local Security Policy & Under Local Profiles>>User Rights Assignment...and on the right side look for Debug Programs>>Right Click>>Select Properties.
2.)Click Add User or Group and when the next Window opens, click the Object Types button, and now put a Check in the box for Groups. click OK
3.)That Window will close, and the one you are left with click Advanced and from the next Window Find Now
*Look under Name(RDN) for Administrators and select it & Click OK.
4.)Administrators should show up in the box beside "Check Names" just Click OK, then that Window will close..and the next Window under the only Tab "Local Security Setting" should have Administrators listed in it, if it does Click Apply then OK again.
A ScreenShot (http://www.broadbandmedic.com/download/VbStuff/images/Pol.JPG) of what you should have.
and
Screenshot (http://www.broadbandmedic.com/download/VbStuff/images/NFG.JPG) of what an infected system looks like.
With a reboot that fixes that.
*Make sure you reboot!
After rebooting...
Close all open Windows, open KillBox and under Fix L2M>>Kill VX2.BetterInternet.
As before your Computer will Shut down..
On rebooting, the 2 files will be deleted.
*The Problem
Because we accessed these .dll files, they will have corrupted the User Rights Assignment again , but no big deal.
Repeat the Process of Adding the Administrators Group to the Debug Programs again, and since the offending files are gone, this time those settings will stay put.
Things to do with Killbox after removing these files:
1.)Click Find>>Find VX2.BetterInternet
*Nothing Should show up in the next window, if it does you are infected still. But if Clean then...
2.)Click Find>>User Agent String, click on the CLSID key, and under Action>>Delete User Agent String
3.)Click Fix L2M>>Import L2M.reg to remove various registry keys set by the software.
Run Ad-aware using an Updated reference file to remove anything else I missed.
Edited by Option^Explicit on April 15 2004,01:23</blockquote>
Hope this helps any of you that come across this.