Tough one please help - Techist - Tech Forum

Go Back   Techist - Tech Forum > Computer Software > Microsoft Windows and Software
Click Here to Login
Closed Thread
 
Thread Tools Display Modes
 
Old 07-08-2004, 11:26 AM   #1 (permalink)
Newb Techie
 
Join Date: Mar 2004
Posts: 16
Default Tough one please help

I have a client and his homepage keeps getting reset no problem just run ad-aware. Well I have ran Ad-aware and a trendmicro and removed everything they came up with. His homepage still resets. Let me tell you about it. His home page gets reset to something like res://vztlq.dll and so on. The important thing is the vztlq.dll that can be found in c:\windows on my clients computer. so I remove vztlq.dll in safemode and not in safemode. I also scaned the reg for everything that has vztlq.dll in it and delete it. click on ie it resets to vztlq.dll the file is back in c:windows and all the reg keys are back. It comes back without a restart. my search on the internet has came up short. Can really use the help thanks guys
Matt
__________________

Matt0202 is offline  
Old 07-08-2004, 11:57 AM   #2 (permalink)
Super Techie
 
Join Date: Feb 2004
Posts: 416
Send a message via AIM to chog
Default

Did you try Spybot Search and Destroy?
__________________

chog is offline  
Old 07-08-2004, 12:01 PM   #3 (permalink)
Newb Techie
 
Join Date: Mar 2004
Posts: 16
Default

I have not I will try that one. Ad-aware has never let me down I didnt think about using a different program. I will let you guys know. If anyone knows what it is and how to remove it I would love to hear it.
Matt0202 is offline  
Old 07-08-2004, 12:20 PM   #4 (permalink)
Super Techie
 
Join Date: Feb 2004
Posts: 416
Send a message via AIM to chog
Default

I allways run both S&D and Adaware because theres stuff that each other wont find. Also make sure you update them both before every scan.
chog is offline  
Old 07-08-2004, 12:24 PM   #5 (permalink)
Ultra Techie
 
Join Date: Apr 2004
Posts: 617
Default

Let us know how it goes so for as i know neither of those two will take this hijacker out but doesn't hurt to try

Lobos
__________________
AdAware | Spybot S&D 1.4 | spyware guard & spyware blaster |

How did I get infected in the first place By Tony Klein

If you use IE I suggest using thes two programs IE Hosts & IE-SPYAD


Lobos is offline  
Old 07-09-2004, 08:35 AM   #6 (permalink)
Newb Techie
 
Join Date: Mar 2004
Posts: 16
Default

I went out and deleted the dll again went through the reg and removed everything dealing with vztlq again. I also ran Spybot S&D and used the IE Host trick that Lobos has on his post. The only thing that came about was the host file blocked the website from loading. this one is causing a lot of problems. its to the point where the client just wants a new computer. Im starting to agree with him.
Matt0202 is offline  
Old 07-09-2004, 08:48 AM   #7 (permalink)
Ultra Techie
 
Join Date: Apr 2004
Posts: 617
Default

First, create a folder for HijackThis in the root folder of your hard drive so it can make proper backups

example

C:/HJT/hijackthis.exe
C:/hijackthis/hijackthis.exe

next

Click here to download Hijack This. Save it to the folder you have just created

Close all open windows and open HIJACK THIS. Click “Scan” . When the scan is finished (it only takes a second), the scan button will change to“Save Log”. Click on“Save Log” and save it to NotePad. Copy the entire log and paste it here.

DO NOT FIX ANYTHING YET , most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.


this varient can't be fixed with just hijack this alone i need to see it to advise you which files to fix if there are any then we can run a tool designed just for this hijacker

Lobos
__________________
AdAware | Spybot S&D 1.4 | spyware guard & spyware blaster |

How did I get infected in the first place By Tony Klein

If you use IE I suggest using thes two programs IE Hosts & IE-SPYAD


Lobos is offline  
Old 03-23-2005, 04:57 PM   #8 (permalink)
Super Techie
 
Join Date: Sep 2003
Posts: 374
Send a message via AIM to Soloman02
Default

I had a similar problem to you. my home page would get reset everytime in IE. I ran spybot and adaware to no avail. I also had a dialog box come up whenever I opened my network places or my computer. It said something like windows cannot open this file, access is denied. it was some dll file that i knew was not supposed to be there. I said screw it and ran system restore to a week earlier and I have had no problems since then. so if your client has a recent system restore point try that. You could also reformat, that is always an option (but it is also time and labor consuming).
__________________
Desktop specs:
AMD Athlon XP 2500+@ 200x11 - EPoX 8rda3I - Thermaltake 420watt silent PSU - 2x512MB PNY PC3200(DualChannel) - TT HSF - PNY 5900SE, 128MB DDR, 256-bit - - Toshiba SD-R5002: DVD-RW - NEC DVD-RW - 2 Antec 80mm fans - 1 Delta 92mm fan - 1 Antec 120mm fan- 1 TT 120mm fan - Windows XP Pro - WD special edition 80GB 7200 RPM- Seagate 80GB 7200 RPM 8MB cache - Onboard Sound - Onboard Ethernet

Notebook specs:
ACER Travel Mmate 4000LCi - Intel Pentium M 710 - 15\" XGA TFT - 512MB DDR333 - 40 GB HD - DVD-rom/CD-RW Drive - WLAN 802.11b/g - Winxp Home - Intel Extreme Graphics - Average Battery Life: 4-5 hours - 6.4 lbs
Soloman02 is offline  
Old 03-23-2005, 08:27 PM   #9 (permalink)
True Techie
 
Join Date: Jan 2005
Posts: 158
Default

Try the MS antispywear.
__________________

__________________
I\'m not your Google Butler!
dexta182 is offline  
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off




Copyright 2002- Social Knowledge, LLC All Rights Reserved.

All times are GMT -5. The time now is 10:32 AM.


Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.