Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Altnet [RESOLVED]


  • This topic is locked This topic is locked

#16
AndrewB

AndrewB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Good morning to you! I'm off to work now and will have another go with this set of instructions this evening. Thanks for your persistance.
Andrew
  • 0

Advertisements


#17
AndrewB

AndrewB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello again, back from a long day out and about.

Here we go again.

Only found:
acrsec.fon
acrsecI.fon
acrsecB.fon and deleted.

In Registry:
Entered and changed permissions in:
[HKEY_LOCAL_MACHINE\\Software\\Altnet]
[HKEY_LOCAL_MACHINE\\SOFTWARE\\Altnet\\Dashboard]

But nothing else other than in:

[HKEY_USERS\S-1-5-21-1872151285-55732034-263556365-1006\Software\Microsoft\\SearchAssistant\ACMru\5603]
I found an entry:
006 REG_SZ Altnet not \"000\"=\"altnet\"

Before I do anything else should I delete this?

Also when in Registry changing permissions I'm not sure that permissions changed as they should've

In the Alnet Folder I have FULL CONTROL <Not inherited> This key and Subkeys
In Dashboard I have: FULL CONTROL MACHINE\SOFTWARE\Altnet This Key and subkeys

What do you think??
  • 0

#18
AndrewB

AndrewB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Just noticed that in:

[HKEY_USERS\S-1-5-21-1872151285-55732034-263556365-1006\Software\Microsoft\\SearchAssistant\ACMru\5603] not only is there
006 REG_SZ Altnet
but:
Default REG_SZ (Value not set)
000 REG_SZ sysdat32a.sys
001 REG_SZ symdat32m.sys
002 REG_SZ acrsecB.fon
003 REG_SZ acrsecI.fon
004 REG_SZ acrsec.fon
005 REG_SZ fonts
007 REG_SZ restore
008 REG_SZ req.dll

Is there anything that needs to be done to these as well the 006?? Or should they be left alone??

Andrew
  • 0

#19
AndrewB

AndrewB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hello yet again. I searched the Registy for Altnet and it showed up 3 entries as shown on the attached document. Hope that it is useful.

Andrew

Attached Files


  • 0

#20
Guest_usetobe_*

Guest_usetobe_*
  • Guest
They all need to be deleted in registery. now permissions are changed they should go.
  • 0

#21
AndrewB

AndrewB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
:tazz: Success at last!! Wow!!!!

Altnet folder has successfully been deleted and Spybot and Ad-Aware scans both confirm this.

All there now are now are the remaining entries in the Registry as shown in the attached document DOC1.

Do I now have to delete these individually? And is it just the entry which includes the Altnet name such as the 006 or do the rest of the entries 000 to 007 have to be deleted as well.

What about the P2P folders with the Altnet Top Search Folder - does all that go that have to go or just from the Altnet Folder?

And REGEDIT Last Key entry does that go too?

Many thanks for your patience.

Are all Altnet problems so difficult to resolve?
  • 0

#22
Guest_usetobe_*

Guest_usetobe_*
  • Guest
As you can see the problem is that there are so many different entries that this is a swine to remove.

The topsearch folder needs to go now. Enter Safe Mode in order to delete it with regedit. If you cannot delete it in regedit then let me know and we will have to manually delete each part of it. Also delete all the entries in Doc1 individually.

Let me know how you get on
  • 0

#23
AndrewB

AndrewB

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi, went into safe mode and then into the registry to find that all but one entry has gone and that includes all the P2P directory structure - A vertiable miracle!

The only remaining one is shown on the attached DOC1 now much shortened.

So finally, should all the entries shown in Folder 5063 be deleted ?
Default REG_SZ (Value not set)
000 REG_SZ sysdat32a.sys
001 REG_SZ symdat32m.sys
002 REG_SZ acrsecB.fon
003 REG_SZ acrsecI.fon
004 REG_SZ acrsec.fon
005 REG_SZ fonts
006 REG_SZ Altnet
007 REG_SZ restore
008 REG_SZ req.dll
and does that include the folder itself and what about 5064 and ACMru?

This is my first venture into the registry and very complicated it looks too! In fact where do you start and now where to stop?

Once again your help has been tremendous and my daughters are now banned from downloading Kazzaa!

:tazz:

Attached Files


  • 0

#24
Guest_usetobe_*

Guest_usetobe_*
  • Guest
OK , we can stop worrying now, those relate to searches you have carried out on your pc and do not relate to altnet or topsearch, there are just a recording of what you have searched for.

From your log, I see nothing in the ways of trojans, nor any evil entities attempting to possess your computer, except for Windows but it's too late for that one. :tazz:

Congratulations your log now appears to be clean. ;)

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
So how did I get infected in the first place? and AntiSpyware Net's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.
  • 0

#25
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP