How to Get Rid of VX2-BetterInternet-Look2Me 1

[Gabriel714]

I got the latest variant of this Look2Me spyware and I couldn't get rid of it. It also goes by the names of VX2.BetterInternet, VX2, NicTech, and some others.
It was found by Ad-Aware and ScanSpyware, but even after removal, on reboot they came coming back. And each time they loaded more parasites onto my system.
I finally found out how the damned thing worked and got removal instructions which absolutely cleaned my system. The cleansing routine is here:

http://www.computerelvis.com/SquashingBugs.htm

If you've got these variants and their pestulant pop-ups and browser hijacking, the longer you wait to remove them, the more work you'll have to do.

 

[CableInstaller]

Gabriel714

Theres a little more to it than just deleting the file(s).

You still have a reg key under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
called Guardian<something> that will attempt to load a now, non-existent dll file.
Those VX2 files also remove the Administrators group from the local security policy, and denying access to the seDEBUG privilege.
With WinXP Pro or 2K Pro you can re-add the policy using the policy editor/User Rights Assignment
WinXP home users are out of luck.
or
This program will fix it all

http://www.downloads.subratam.org/VX2Finder.exe

Also will repair the seDEBUG policy automatically in any version of NT Windows