TecTrax Network Technologies

VX2 Removal

by Michael W. Wass - April 8, 2005

One of the most infamous highjackers known to date. Comes in a variety of versions, all using different techniques. Handle with extreme care!

CoolWebSearch is a name given to a wide range of different browser hijackers. Though the code is very different between variants, they are all used to redirect users to coolwebsearch.com and other sites affiliated with its operators.

Full Name:	VX2 Websearch
Also known as:	Transponder Blackstone TPS108 AADCOM NetPal DigitalRooster MSView VX2.Transponder
Danger Level:	7
Official Description:	The software goes along with the user of the software as they are surfing around the web and builds reports on the activity. The software monitors the click stream activity of the consumer and communicates with servers. The software monitors some activity of the PC and communicates with servers.
Properties:	· Stealth Tactics · Connects to the internet · Shows ads · Changes browser · Stays Resident
Manual Removal	1. Click "Start" in the task bar, then select "Control Panel" "Control Panel" Window is opened 2. In "Control Panel" window select "ADD/REMOVE Programs" Look For "BlackStone" "BlackStone" should be found in the "ADD/REMOVE Programs" 3. If "BlackStone" is found Select it and click the "Remove" button to remove it "BlackStone" should be removed. 4. If "BlackStone" is not present in the "ADD/REMOVE Programs" close any open Web browsers. All the browsers should be closed. 5. Click "Start", select the Search button and search for "IEHelper.dll" in the "C: drive". "IEHelper.dll" file should be found. 6. Delete "IEHelper.dll" "IEHelper.dll" file should be deleted. 7. Click "Start", select the Search button and search for "domlst.cch" in the "C: drive". "domlst.cch" file should be found. 8. Delete "domlst.cch" "domlst.cch" should be deleted. 9. IF the system does not permit the file to be deleted... Select "START" then select "Run", type "regedit" and press "ok". A new "Registry Editor" window is opened. 10. In the left side of the Registry Editor, select the key and its subkeys as follows. HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer BrowserHelperObjects You should find the "{00000000-5eb9-11d5-9d45-009027c14662}" key. 11. Delete the key: HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer Browser Helper Objects\{00000000-5eb9-11d5-9d45-009027c14662} The key is deleted. 12. Reboot the computer. Click "Start", then click "Search". Search for "IEHelper.dll" You should able to find the "IEHelper.dll" file now. 13. Now delete IEHelper.dll The "IEHelper.dll" should be able delete now. 14. Reboot the computer now, and search again for "IEHelper.dll" You should not be able to find the "IEhelper.dll" file any where in your system. 15. Click Start button on the task bar and click the "Run...". a Run window is opened at the down left corner of the desktop. 16. Type "regedit" in the Run window and press "ok" A new "Registry Editor" window is opened. 17. Search for HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer Browser Helper Objects {00000000-5eb9-11d5-9d45-009027c14662} If the key if still found, proceed to the next step. You should not find the HKEY_LOCAL_MACHINE SOFTWARE Microsoft Windows CurrentVersion Explorer Browser Helper Objects {00000000-5eb9-11d5-9d45-009027c14662} key. 18. Follow from step 5 to step 10.

Send mail to WebMaster@tectrax.com with questions or comments about this web site. Last modified: 06/15/10