Hi bee4u,
Unfortunately you're the victim of what is rightly known as
"scumware." You probably received a spam email that opened a browser
window to a pornography site, and now that browser window is
periodically re-opening. Here's what you need to do to fix the
problem...
First, do a search for the executable "ukvideo2.exe." which you may
find in your Startup folder or elsewhere. Delete it. If you haven't
already, delete the folder called "Dialers" and its contents that the
program installed when it first ran. Then install and run the freeware
program "Ad-Aware". From their FAQ,
"Ad-aware is a powerful removal utility designed for Windows 98 / 98SE
/ ME / NT40 / 2000 / XP Home / XP Pro platforms that scans your system
for components of known Spyware/Adware parasites, Malware, Browser
hijackers, Scumware, Foistware, and allows you remove them efficiently
and safely."
Ad-Aware can be found at...
http://www.lavasoftusa.com/index.html
Download page is here...
http://www.lavasoftusa.com/downloads.html
...and Lavasoft recommends that you read their "Getting started..."
page at
http://www.lavasoftusa.com/manual.html
Running Ad-Aware should fix the problem for you. This, however, seems
to be a particularly nasty piece of scumware, and may also require
fixes to your registry. First run Ad-Aware, and see if that solves the
problem. Do NOT attempt to make changes to your registry unless you
feel confident in doing so. Have a computer-savvy friend or technician
do it for you. If you do find you need to make registry changes. You
can use the regedit tool that came with your system, or use the free
"RegHance" editor from Lavasoft available at...
http://www.lavasoftusa.com/rhc.html
You''ll need to do a search for the term "UKVideo2" For a discussion
of what may need to be deleted, please see the thread...
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&threadm=ajpegr%241cvq59%241%40ID-42773.news.dfncis.de&rnum=1&prev=/groups%3Fq%3DUKVideo2%26hl%3Den%26lr%3D%26ie%3DUTF-8%26c2coff%3D1%26selm%3Dajpegr%25241cvq59%25241%2540ID-42773.news.dfncis.de%26rnum%3D1
Please read the full thread.
regards,
rico |
Request for Answer Clarification by
bee4u-ga
on
08 Oct 2002 07:02 PDT
Hi rico
I have done as you suggested and downloaded "Ad-aware" and run the
scan which identified and removed 12 unwelcome "guests" This however
did not solve the problem as up it came again.
I very carefully followed the written instructions from microsoft
(Q314481 HOW TO MANUALLY REMOVE PROGRAMS FROM THE Add or Remove
Programs tool)using the Registry Editor. Well, guess what? It's still
there. Any suggestions.
Thanks very much for your efforts thus far.
Regards
Bee4u
|
Clarification of Answer by
rico-ga
on
08 Oct 2002 12:22 PDT
As I said, this appears to be a particularly nasty piece of scumware.
Let me consult with my fellow researchers and see what ideas we can
come up with.
In the interim, could you please describe exactly what's happening in
as much detail as you can. That is, something like "new browser
window opens and connects to unwanted site." The more detail, the
better, as it's tough to do long-range diagnosis.
Hang in there, bee4u. We'll see if we can figure this out.
rico
|
Clarification of Answer by
rico-ga
on
08 Oct 2002 12:59 PDT
Some further ideas and questions...
1) Run a virus check
2) Use the System Configuration Utility (MSCONFIG) to identify startup
programs. You invoke it by clicking Start then Run. In the Open box,
type msconfig.exe followed by enter. Once displayed, click on the
"Startup" tab. You will see a list of items and the 2 columns that
we're interested in are "Startup Item" and "Command": Post that list
up here, unless you see something obvious like, "UKVideo2." If you do,
disable it by unchecking the appropriate box.
3) Finally, do you have a system restore point prior to the time when
the malware first appeared? If you don't know what I'm talking about
:-), ask, and I'll walk you through the process.
Some of my researcher colleagues are also studying the problem. More
info as I synthesize it.
|
Clarification of Answer by
rico-ga
on
09 Oct 2002 07:24 PDT
Hi bee4u,
I was checking in to see if you had any further information and, while
re-reading your request for clarification, wondered if I had
misunderstood your actual problem from the beginning.
Are you asking how to remove an item (in this case something called
"UKVideo2") from the "currently installed programs" list in the Add or
Remove Programs tool under Control Panels? Or, does the actual program
still exist on your computer (that is, it's still launching even
though you've apparently removed it) and you're trying to get rid of
it? Note that because an item shows up as an installed program doesn't
necessarily mean that the program still is there. As noted in the
Microsoft FAQ, a de-installed item may still display on that list.
regards,
rico
|
Request for Answer Clarification by
bee4u-ga
on
10 Oct 2002 02:52 PDT
Hi rico
Thanks very much for your input so far.
I spent an hour last night writing a click by click account of work
done thus far. Unfortunately as I sent it my ISP server went down and
I can't retrieve it.
However here is the short story.
Ref; your query the Change/remove programe was not removing the
UKVideo2 although it was removed from the change /remove screen until
next log in.
I followed your suggestions and I managed to delete the 3 files found
on the search program THIS WAS A FIRST.
I then searched Hidden files and deleted 11 Explorer files.
Now when I log on I get the System Configuration Utility Message box
telling me to use the Normal Start up mode on the General Tab, this I
am Ignoring at the moment as it looks as though it will restart the
two programs on the S.C.U. (UKVideo2 c:|program files\dialer...
SOFTWARE\MICROSOFT\CURRENTVERSION\RUN) and (XXX_ADULT
C:\WINDOWS\XXX_A...
same location as UKVideo2.
Do you think its safe to Choose normal Start up?
A million thanks so far from a 50 year old who has just bought his
first computer.
Best Wishes
Bee4u
|
Clarification of Answer by
rico-ga
on
10 Oct 2002 07:58 PDT
Well from one 50-year-old (although I'm close to being on my 50th
computer :-))to another, I'm glad I'm being of some help.
>Do you think its safe to Choose normal Start up?
No, I don't, not until those two files are gone. If you can, delete
them. You should be able to locate them by following the path shown
under "Location." If for one reason or another, you can't locate or
delete them, leave them unchecked for the time being. Before you try
doing a normal start-up, create a system restore point, so at least
you can return to the state you're in now if there's still something
left from this nasty piece of business that will try to re-install.
It sounds like you're making progress, and perhaps deleting these two
files will finally address the problem. If not, my recommendation,
again, if at all possible, is to find a system restore point before
this piece of malware was installed. You should see a "Launch System
Restore" button under the "General" tab of the SCU. If you've got an
idea of when the problem started, pick a system restore point before
that date. Walk through the wizard. You'll see calendar dates in bold
for system restore points. If you're lucky, you may find the specific
date where this thing was installed and find a point before it.
regards,
rico
|
Request for Answer Clarification by
bee4u-ga
on
11 Oct 2002 06:47 PDT
Hello again rico
I think you have it sorted now. I have done as you suggested and that
seems to have done the trick (perhaps if I had known what I was doing
I might have started from "System Restore" in the first place).
Much heartfelt thanks to you.
Best wishes
Bee4u
|
Clarification of Answer by
rico-ga
on
11 Oct 2002 08:53 PDT
Hi bee4u,
I appreciate your kind words and rating. Glad it worked out, and best regards,
rico
|
