1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

NAV fails to delete adware found. Any suggestions?

Discussion in 'Malware and Virus Removal Archive' started by rtstanley, 2005/01/08.

Thread Status:
Not open for further replies.
  1. 2005/01/08
    rtstanley

    rtstanley Inactive Thread Starter

    Joined:
    2002/04/20
    Messages:
    50
    Likes Received:
    0
    I'm running NAV 2005, Windows XP Professional. NAV finds the following 5 files: exdl.exe
    exul.exe
    javexulm.vxd
    mqexdlm.srq
    msexreq.exe

    When I try to delete them, all 5 fail to delete. When I click the file, I get the following message for all 5 files:

    "The compressed file <filename> within C:\WINDOWS\SYSTEM32\netut80ex.vxd is a Adware threat ".

    I've looked up this file extension: Microsoft Windows Virtual Device Driver - which I believe is used by the OS?

    I started to delete the file (netut80ex.vxd), but thought I should ask the experts in this forum.

    Any idea how these files got placed within this file?

    How does NAV find these files within this file?

    How do you actually look at this file? I tried with MS Word, but it looks like a binary file.

    I sure hope you can give some suggestions on how to clean this up.

    Thank you.
     
    rtstanley,
    #1
  2. 2005/01/09
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    Go to add/remove and if you have BarginBuddy installed, remove it.

    Download and update both ad-aware and spybot (see quicklinks in my signature). Boot to safe mode and run both. Let them delete what they find.

    C:\WINDOWS\SYSTEM32\netut80ex.vxd is NOT a windows system file. Safe to delete it although the above may remove it for you. The .vxd is a Virtual Device Driver extension but the file is dropped on you by spyware and may be mis-labeled as a .vxd to make it less likely to be blown away.

    Note that NAV is not alone in being unable to deal with spyware pieces within a compressed file. The behavior is well enough known that spyware and virus writers make use of it to safeguard their files.
     
    Newt,
    #2


  3. to hide this advert.

  4. 2005/01/09
    rtstanley

    rtstanley Inactive Thread Starter

    Joined:
    2002/04/20
    Messages:
    50
    Likes Received:
    0
    for NewT....

    Thank you for the reply. I failed to mention that I have run the latest spybot and adaware to death (yet, not in safe mode - which I'll have to go search on how to boot to safe mode with XP-Professional and then run these two programs). Also, I did have bargain buddy installed - which I have already deleted through add/remove.

    Don't you think it is safe to now just delete the file?

    Thanks again,

    rtstanley
     
    rtstanley,
    #3
  5. 2005/01/09
    Newt

    Newt Inactive

    Joined:
    2002/01/07
    Messages:
    10,974
    Likes Received:
    2
    The file is safe to delete.

    You need to turn System Restore off, reboot, and turn it back on after all cleaning is done.

    Safe Mode boot - on most PCs, if you reboot and start tapping the F8 key as soon as it starts to boot up, you should get a menu with options you can select via the arrow keys. Safe mode (not with networking but just safe mode) is the option you want.
     
    Newt,
    #4
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...