Help needed, hklm/software/altnet? Spyware virus?

Status
Not open for further replies.

andyglad

Posts: 17   +0
Hi,
I have a virus of some kind, my internet explorer will not let me open up links, access my email or some other sites, takes me to adverts. Computer going really slow and freezes occasionally.
Im on windows XP have run AVG scan which finds hklm/software/altnet but wont let me delete it. I have attatched my hijack this log, any help would be great
Thanks
Andy
 

Attachments

  • hijackthis.log
    7.7 KB · Views: 5
Please follow the directions for:
Step 4> Malwarebytes' Anti-Malware
Step 5> SuperAntiSpyware Home Edition Free Version
Step 6> Update your Java Runtime Environment
Step 7>Highjackthis Instructions
Step 8> Attach the requested logs
1) Malwarebytes Anti Malware log
2) SuperAntiSpyware log
3) Hijackthis log

Here: https://www.techspot.com/vb/post645589-1.html

Rerun HijackThis AFTER MalwareBytes and SuperAntispyware. Attach all logs
 
logs

Hi completed everything,
programmes seemed to fix the problems such as can now open up links in internet explorer and no more ads. logs attatched, thanks
andy
 
There is a lot of cleanup you need to do:
1. Delete the temporary internet files.
2. Delete Cookies
3. Delete History
4. Delete Temp files
Your SuperAntispyware log shows entries in names of both Amy and andrew- why is this? All of those Tracking cookies need to be deleted. You need better control over the Cookies you get on your system:
Open Internet options> Privacy tab> Advanced button> CHECK 'allow first party Cookies'> CHECK "BLOCK" third party Cookies> Apply> OK
mbam shows files that were not deleted, so you need to do it:
Reboot the computer into Safe Mode:
Right click on Start> Explore>Windows folder> System 32> delete the following files:
C:\WINDOWS\system32\ide21201.vxd
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\>tdssinit.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssservers.dat
C:\WINDOWS\system32\drivers\tdssserv.sys
C:\WINDOWS\system32\nvs2.inf
Start> Run> type in 'msconfig' without the quotes> enter. Selective Startup> startup tab> UNCHECK any BitDefender processes> UNCHECK any 'MyWay' processes> Apply> OK

Control Panel> Add/Remove Programs> highlight and uninstall MyWay.
Reboot the computer into Normal Mode. You will get a nag message-ignore it and close after you check 'don't show this message again'. Stay in Selective Startup.

I notice you have a redirect to MSN:
O14 - IERESET.INF: START_PAGE_URL=http://www.msn.co.uk
This does not appears to be your ISP. If this is NOT the ISP, you need to have HijackThis fix the entry.
 
safe mode

hi, i went into safe mode and then the system 32 folder but none of the files you listed to delete was there?
The andrew and amy is the two different profile users on my computer. How do i delete the tracking cookies?
I have deleted the temp net files etc
Thanks
 
There should be an option to delete the Tracking cookies. You'll have to scan again with the option checked. you may want to look into SpywareBlaster. It will block many of the Cookies and prevent them from getting on the machine. Unfortunately, the free SAS doesn't have the blocking:

Spywareblaster: http://www.javacoolsoftware.com/spywareblaster.html

I'm going to see if I can find out why Malwarebytes didn't delete those files. Work on the rest and I'll get back to you.
 
You overlooked a part of the Malwarebytes instructions. These files need to be removed:

Run the scan with Malwarebytes again> When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected
When completed, a log will open in Notepad.[/QUOTE]

Please post that new log.
 
malware

Ran a scan today and malware did not find anything this time, just running another one now. I have protected internet explorer mozilla with spyware blaster. Just ran an AVG scan which found Trojan Horse Back Door.Hupigon.RCG twice, i have attatched that log. It will not let me delete them. Sorry if that irrelevant
 
As far as I can find, Trojan Horse Back Door.Hupigon.RCG is a variant of the Graybird Trojan. Did AVG quarantine it? It should have.

I need to see the clean mbam log and a new HijackThis log. Run each again and attach the logs.

I think it's best to drop the old system Restore points now. Using them could reinfect:
Control Panel> System> System Restore tab> CHECK 'turn off system Restore'> Apply> OK> Reboot.
Go back in and UNCHECK the turn off> Apply> OK
Now set a new restore point.

Do the System Restore AFTER AVG quarantines Graybird. You will need another spyware/adware program and a firewall. We'll check the new log to make sure you have what you need.
 
Status
Not open for further replies.
Back