Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Help me guys :D [RESOLVED]


  • This topic is locked This topic is locked

#1
Lisa2005

Lisa2005

    Member

  • Member
  • PipPip
  • 34 posts
Hey guys, need help in removing this:

W32/Alemodd.dll

The pop I keep getting from McAfee is : The file C:\WINDOWS\system32\wininet.dll is infected by the W32/Alemod.d.dll virus and cannot be cleaned

I have a windows XP, and I currently have ZoneAlarm and McAfee.

Someone told me after I get this all sorted, that I should download Avast, as its much better to use.

Here is a log I have anyway.

Logfile of HijackThis v1.99.1
Scan saved at 09:31:19, on 11/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fujitsu\Adsl\dslstat.exe
C:\Program Files\Fujitsu\Adsl\dslagent.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netropa\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Netropa\Onscreen Display\OSD.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Netropa\InetKb\Inetkb.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\XoftSpy\XoftSpy.exe
C:\HJT\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.karoo.co.uk/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IW ControlCenter] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\Fujitsu\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\Fujitsu\Adsl\dslagent.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Netropa\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.supanet.com/
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zone...ee/cm/ICSCM.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{48F5A24A-99CF-45FF-87BC-A6D2564DD7C6}: NameServer = 212.50.160.100 213.249.130.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{48F5A24A-99CF-45FF-87BC-A6D2564DD7C6}: NameServer = 212.50.160.100 213.249.130.100
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZONELABS\vsmon.exe


If there is anything else I need to add, just let me know. I have Ad Aware already, and SpyBot- Search and Destroy.

If you can explain this simply, thank you :tazz:

Lisa
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome!

Let's get started..

Please print these instructions out, or write them down, as you can't read them during the fix.

Download smitRem.exe and save the file to your desktop.
Double-click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Download CleanUp!

Run the CleanUp! installer and get the program ready to be used but don't run it yet.

Next, please reboot your computer in Safe Mode by doing the following;

1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear

4) Select the first option, to run Windows in Safe Mode.

===================================================
Run a scan with HiJackThis and check the following object for removal;

O14 - IERESET.INF: START_PAGE_URL=http://www.supanet.com/

Close any other open windows and/or open browsers, making sure that only HiJackThis is running. Make sure that the above mentioned object is checked, then hit "Fix Checked".
===================================================

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Launch Ad-Aware SE and click on the gear to access the Configuration menu. Please make sure that this setting is applied;

Click on Tweak => Cleaning engine => UNcheck "Always try to unload modules before deletion". Click on "Finish". Run a Full System Scan and remove all it finds.

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • Clean anything it finds.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Now run the CleanUp program:

*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp
  • Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • When CleanUp starts go to the Options button (right side of CleanUp screen)
  • Move the arrow down to "Custom CleanUp!"
  • Now place a checkmark next to the following (Make sure nothing else is checked!):
    • Delete Cookies
      This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
    • Empty Recycle Bins
    • Delete Prefetch files
    • Cleanup! All Users
  • Click OK
  • Then click on the CleanUp button. This will take a short while, let it do its thing.
  • When asked to reboot system select No
  • Close CleanUp
Boot up into normal mode and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log.
Click "Start" -> "Run" -> and type in; MRT
Click "Ok". An tool will come up, click "Next". Then let it run and let me know of the results. Post the Panda log along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.

Let me know how's it running now.

- Rawe :tazz:
  • 0

#3
Lisa2005

Lisa2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
at the moment, i cannot use panda scan, because i am having problems with active x settings. what can i do to solve this problem?
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
No problem about that Panda scan ;)
Use this online scan instead;
Trend Micro

Do you have Firefox installed? This works on it.. Otherwise we can't use ANY online scans and that wouldn't be too good..
Or just go and install Firefox here;
http://www.mozilla.org/

Then go the TrendMicro scan and run it instead of Panda.

- Rawe :tazz:
  • 0

#5
Lisa2005

Lisa2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Few questions:

1: How long will this take altogether?

2: Is it a good way of getting rid of the virus?

3: What if Im not allowed to install Firefox, I cant really uninstall IE..

4: Is that other scan really needed? The Panda/Trend Micro one? How can I sort out the Active X thing, ive downloaded something for it already...

5: Will everything return to normal after all this has been done on the computer?
  • 0

#6
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
1. Depends. This one process just depends on how fast will you do it. Some of the scans might take some while - not too long.

2. Yes it is.

3. Why wouldn't you be allowed to install Firefox? And no, you can't uninstall IE - you will still keep it since otherwise you couldn't get the Microsoft updates. Firefox is just an alternative browser many peoples use and every single one of them have noticed that it is safer/faster than IE, not to mention about it's many different themes/extensions.

4. Yes the scan is needed. It will show me things other scans won't catch. It will also clean up some of the viruses/malware you have.
I don't know about the ActiveX thing, you will need to give me more info about that and I'll see if I can come up with something.

5. Maybe not everything, we'll see. It should take care of most of the problems, I will still give some further instructions. We'll kill possible leftovers unless something goes wrong. Once we get your system clean, up & running, I'll give you suggestions and instructions on how to prevent spyware in the future.

Hope this clears up a bit.

- Rawe :tazz:
  • 0

#7
Lisa2005

Lisa2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I have something already that can get rid of spyware, but I really want to know after this how I can get back on the net, because I hear that in safe mode, you cant go on the net.

so after this, youll give me instructions on what to do in the future? what you have basically posted will get rid of that virus?
  • 0

#8
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Umm, maybe you didn't read the entire instructions yet.
I posted this.
First you will download tools which will help with the removal of the problem.
Next, you will update the tools.

Then you will boot up into Safe Mode and perform the fix there. Then you will reboot into normal mode and post me the results. You will get back to internet once you get back to normal mode. This fix wouldn't work on normal mode only.

so after this, youll give me instructions on what to do in the future? what you have basically posted will get rid of that virus?


Basically we remove all your infections first, then leftovers and then I'll give you prevention tips when we're done.

- Rawe :tazz:
  • 0

#9
Lisa2005

Lisa2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
lol, im sorry about asking all these questions, but how do you get back to normal mode?
  • 0

#10
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Just reboot your machine. Don't do anything when it loads. And that's it :tazz:
  • 0

Advertisements


#11
Lisa2005

Lisa2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
thats a relief.. *sighs*

Ill try and get this all done a.s.a.p

Im only 18 and all this is very tricky >.<
  • 0

#12
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts

Im only 18 and all this is very tricky >.<


Ok, sorry. But I just have to say... I got pretty good laughs for that comment.
You would be fairly surprised if you'd know how old I am - age counts nothing in my opinion. And yes, I am younger than you are.

- Rawe :tazz:

Edited by Rawe, 11 August 2005 - 08:47 AM.

  • 0

#13
Lisa2005

Lisa2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Ooh, just got on the CleanUp! website lol, and I dont know which version to download. Can you let me know?

And wow, I never would have guess you were younger then me!
  • 0

#14
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Here's the direct link to the download;
http://www.stevengou...p/CleanUp40.exe :tazz:
  • 0

#15
Lisa2005

Lisa2005

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Just one question. About the temporary thing. What sort of things would I need to make back ups of before I use the CleanUp! program?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP