Its from computerelvis.com so if it works pay them your regards,
Computer Elvis - The King of PCs xxxxHome
Getting Rid of VX, VX2, VX2.BetterInternet, ABetterInternet, Look2Me, and related variants.
Well, boys and girls, if you've found this page, you've probably gotten one of those nasty bugs listed above. Here's how to get them off your system.
First of all, these nasty parasites are produced by a sc*mbag company called Nictech, whose address is below. Perhaps you would like to file a suit against the company in small claims court for the cost value of your time in getting rid of their undesired, unrequested installation of their profit-motivated seizing of your hard drive space and utilization of the bandwidth which you pay for. Just go down to your local courthouse and file a small claims suit for say... $500??? $1000??? $4999.99??? That'll send them a good message about how happy you are!
Anyway, getting rid of it... Here's how:
Basically, these bugs work by surreptitiously installing themselves on your hard drives as hidden system read-only files which install a registry entry hooking them to Explorer.exe. This causes them to be installed every time you start your computer. These s-bags then use that file to download other nasty bugs onto your machine and hide them in the various places like the Windows\System directory and on some machines the Restore directory. These files are installed as hidden system read-only files.
New variants of this worm causes the file to re-install itself on every reboot by searching to see if it's components are present and if not, re-installing them with new randomly generated names. Nice guys, these s-bags, huh?
FINDING THE FILES:
You need to get a spyware program to find the file names you need to eliminate. Ad-aware 6 is good at finding spyware (here is a link), but due to the nature of the hidden read-only attributes and hook on re-start, it cannot get this bug off your machine. An even better program is ScanSpyware, which finds alot more pests. It is definitely worth every penny of its $19.95 price. They do offer a free version which will find the bugs, (here is a link) but then you'll have to write down the offenders. ScanSpyware, however, will not get this bug off your machine because of the previously mentioned file attributes. But Ad-Aware and ScanSpyware will get everything else off so that by process of elimination you will only be left with the hidden s-bag files when you re-run the spyware program after a re-boot.
CONFIRMING THE FILES:
Go Windows Explorer and select Folder Options, View, and make sure you select "Show Hidden Files and Folder".
In Windows Explorer, you should find the bugs in the Windows\System folder. Make sure you write down the names and match them up with what your spyware program has turned up. It is REALLY IMPORTANT to note the details on when the files were installed.
Go up the Windows Explorer tree to the _Restore folder (if you have Windows Millennium or 98) and took to see if there are files with the extension .0 or .1, which are installed into the TEMP directory and used to re-hook your machine. You'll want to get rid of them too!
Now, having your list of files and their directory locations written down, shut down your machine.
Now, with the machine off, make sure you disconnect your machine from the internet if you have a broadband connection (DSL, cable, network, etc).
When you re-boot your machine, you will want to hit the appropriate key just as the machine comes on so that you can go into the BIOS SET-UP and adjust your start sequence. On start, you get a first momentary screen that usually says "To Enter Set-up Press DEL", or "To Enter Set-up Press F1" before the Windows screen comes on. Do it. Then on the appropriate configuration page, make sure that the first boot device is your floppy instead of your IDE (hard drive). Save that configuration.
Now boot from your Emergency Start-Up disk in the floppy (if you don't have one, then make it!). Start with or without CD-Rom support, but do not use the basic command prompt option because it may not load the necessary DOS files.
Now at the command prompt A:>
type: C:
Press ENTER
That brings you into the command prompt C:>
Now type: cd windows\system
Press ENTER
That centers you in the directory C:\windows\system
Your command prompt should look like this:
C:\WINDOWS\SYSTEM>
Okay???? Now, look at the list of bad files. The one which keeps coming back after repeated Ad-aware and ScanSpyware runs is going to be something like "DfGSIG.DLL", so what we want to do it change the attributes in order to be able to delete it. (Since Microsoft has rigged it so hidden read-only system files cannot be deleted.)
So type: attrib DfGSIG.DLL -s -h -r
Press Enter
That will remove the system file attribute (-s), the hidden file attribute (-h), and the read-only file attribute (-r).
Now type: del DfGSIG.DLL
Press ENTER
BINGO! It's gone!
Now repeat the routine for all the offenders and the bug is squashed.
Now that you are a smarter computer operator, you might want to get TuneUp Toolkit 2004 and run a registry clean-up, because if this bug has been on your machine, it could have installed other registry entries not picked up by the spyware programs. Take a free download and run it.
If Computer Elvis has been helpful to you, you could show your appreciation by sending a donation.
Five dollars would be nice, since Computer Elvis has just saved you a whole lotta hassle.
Computer Elvis has been nice to you. So you should be nice to Computer Elvis.
