VX2.Narrator is a spyware program disguised as a toolbar add-on for your browser.  It was first discovered on April 12 of 2005.  It is related to the notorious Transponder spyware program and is powered by the website, www.VX2.cc.

VX2.Narrator is installed on your computer manually or by drive-by downloads.  It may also be bundled with other ad supported freewares, which may also be spyware or adware.  It can also download other adwares and spywares.  It can also allow a hacker to have remote access to your computer and all of its files.

It uploads user data and browsing information to its server.  It does this supposedly in order to deliver contextual advertising.

The activity of VX2.Narrator can seriously slow down your computer’s performance.  It can also potentially cause your Internet browser to freeze or crash.  Any supposed benefits it offers are not worth compromising the functionality of your computer, or your privacy.

If you are infected with this program, you should remove it immediately with SpyZooka.  While there are other means to remove VX2.Narrator, SpyZooka has proven to consistently and completely remove this threat from your computer.

Also Known As:
[Kaspersky] Backdoor.Bionet.405
Backdoor.IRC.Zapchast, Backdoor.IRC.Zcrew,
DoS.Win32.Nenet, Flooder.Win32.WarPing, TrojanDownloader.Win32.Femad.b
[Eset] Win32/Femad.B trojan
[McAfee] RemoteProcessLaunch
[Panda] Adware/MSView, Application/HideWindow.A
Application/Psexec.A, Application/ToolWget.A
Backdoor Program, Bck/IRC.Mirc.Based, Bck/Multi.I
Bck/Zcrew.B, Bck/Zcrew.G, Flooder/Nenet. A, Spyware/BetterInet
Trj/Femad.A, Trj/Flood.BI, Trj/Passer.C, Trojan Horse
[Computer Associates] Backdoor/Bionet.405!Server
Backdoor/IRC.Zcrew, Backdoor/ZCrew.B, Backdoor/ZCrew.B.IRC
Backdoor/Zcrew.G, BAT.IRCFlood, BAT.Noshare.B
Bat/Flood.C!Trojan, IRC.Flood, mIRC/Flood.I!Trojan
mIRC/Flood.RmtCfg!Trojan, Win32.BettInet.C
Win32.Bionet.405, Win32.Femad.A
Win32.IRCFlood, Win32.Startpage.KF!downloader
Win32/Rslocal.B!Downloader, Win32/SillyDL.70656!Trojan
Win32/Spybot.FR!Worm, Win32/Startpage.KF!Downloader
[Other] Trojan

Spyware Type:
Toolbar
Trojan Backdoor
Trojan Downloader

Associated Files:
[%PROFILE_TEMP%]\tm1180.exe
[%WINDOWS%]\Help\nocontnt.GID
[%WINDOWS%]\TEMP\upd209.exe
[%DESKTOPDIRECTORY%]\clean get-away.lnk
[%DESKTOPDIRECTORY%]\my panicbutton.lnk
[%SYSTEM%]\3lviewer.dll
[%SYSTEM%]\3vviewer.dll
[%SYSTEM%]\3zviewer.dll
[%SYSTEM%]\6eo4svc.dll
[%SYSTEM%]\6fo4svc.dll
[%SYSTEM%]\6uo4svc.dll
[%SYSTEM%]\host.dll
[%SYSTEM%]\lyiclp.dll
[%SYSTEM%]\msview.dll
[%SYSTEM%]\sitehlpr.dll
[%SYSTEM%]\tps108.dll
[%SYSTEM%]\vx2.dll
[%WINDOWS%]\system\ehelper.dll
[%WINDOWS%]\system\host.dll
[%WINDOWS%]\system\kernellos.dll
[%WINDOWS%]\system\msview.dll
[%WINDOWS%]\system\sitehlpr.dll
[%WINDOWS%]\system\tps108.dll
[%WINDOWS%]\system\vx2.dll
[%PROGRAM_FILES%]\clean get-away
[%PROGRAM_FILES%]\my panicbutton
HKEY_CLASSES_ROOT\clsid\{00000580-c637-11d5-831c-00105ad6acf0}
HKEY_CLASSES_ROOT\clsid\{3bfadce2-1141-4b81-8878-49af625f0fdc}
HKEY_CLASSES_ROOT\clsid\{4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}
HKEY_CLASSES_ROOT\folder\shellex\columnhandlers\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
HKEY_CLASSES_ROOT\interface\{50f646b1-1c3e-4b01-b818-437e1276e5be}
HKEY_CLASSES_ROOT\typelib\{690bccb4-6b83-4203-ae77-038c116594ec}
HKEY_CLASSES_ROOT\typelib\{7efe1256-ab56-44b3-a63a-eb1a2208a490}
HKEY_CLASSES_ROOT\vx2.vx2obj
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\adbehavior
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\system monitor for windows 98\nt\xp\2000\2003_is1
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\print\monitors\zepmon
HKEY_CLASSES_ROOT\*\shellex\contextmenuhandlers\ffqnkgtx
HKEY_CLASSES_ROOT\clsid\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_CLASSES_ROOT\clsid\{0000026a-8230-4dd4-be4f-6889d1e74167}
HKEY_CLASSES_ROOT\clsid\{00000273-8230-4dd4-be4f-6889d1e74167}
HKEY_CLASSES_ROOT\clsid\{002eb272-2590-4693-b166-fbd5d9b6fea6}
HKEY_CLASSES_ROOT\clsid\{0ef3e768-48d4-40d2-91a6-7d2b816a6e55}
HKEY_CLASSES_ROOT\clsid\{1000026a-8230-4dd4-be4f-6889d1e74167}
HKEY_CLASSES_ROOT\clsid\{11111111-1111-1111-1111-111111111111}
HKEY_CLASSES_ROOT\clsid\{6ec11407-5b2e-4e25-8bdf-77445b52ab37}
HKEY_CLASSES_ROOT\clsid\{daeacd99-d7c4-4b98-9fd1-8077f69310ea}
HKEY_CLASSES_ROOT\clsid\{eee2ecb9-eac0-4d02-8360-4c0de4d23abc}
HKEY_CLASSES_ROOT\clsid\{ef100607-f409-426a-9e7c-cb211f2a9030}
HKEY_CLASSES_ROOT\clsid\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_CLASSES_ROOT\dlexpertclick
HKEY_CLASSES_ROOT\multimppdll.multimppdllobj
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{0000026a-8230-4dd4-be4f-6889d1e74167}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000273-8230-4dd4-be4f-6889d1e74167}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000580-c637-11d5-831c-00105ad6acf0}
HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_CLASSES_ROOT\typelib\{11cc62b2-65f2-4a82-b332-5de4e8384422}
HKEY_CLASSES_ROOT\\multimppdll.multimppdllobj.1
HKEY_CURRENT_USER\software\multimpp
HKEY_LOCAL_MACHINE\software\classes\clsid\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_LOCAL_MACHINE\software\classes\clsid\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\f1e45b94-76ba-4e62-9fe8-a72a04ec35a9
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{11111111-1111-1111-1111-111111111111}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{20000273-8230-4dd4-be4f-6889d1e74167}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000000-5eb9-11d5-9d45-009027c14662}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{0000026a-8230-4dd4-be4f-6889d1e74167}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000273-8230-4dd4-be4f-6889d1e74167}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{00000580-c637-11d5-831c-00105ad6acf0}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{002eb272-2590-4693-b166-fbd5d9b6fea6}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\browser helper objects\{ffd2825e-0785-40c5-9a41-518f53a8261f}
HKEY_LOCAL_MACHINE\software\respondmiter
HKEY_LOCAL_MACHINE\software\transponder
HKEY_CURRENT_USER\software\bundles, winversion.exe=yes
HKEY_CLASSES_ROOT\activexctrl\clsid, {4208fb4d-4e53-4f5a-bf7a-3e047ddb5281}=
HKEY_CURRENT_USER\software\bundles, winversion.exe=yes=
HKEY_CURRENT_USER\software\microsoft\currentversion\run, sysmonnt=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run, kavsvc=
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run, narrator=
HKEY_LOCAL_MACHINE\software\topconverting, version=1.05=