TechSpot

Help viruses :(

By neel4life
Jul 22, 2006
  1. can someone pls tell me wat to delete unable to acces certain sites such as www.hi5.com HIJ log attached...
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Go HERE and follow the instructions exactly.

    Post a fresh HJT log, only after doing the above.

    Regards Howard :wave: :wave:
     
  3. fastco

    fastco TS Booster Posts: 1,122

    You HJT log looks pretty clear. There is one entry ALCMTR.EXE which is an information gathering program used by Realtek but it's not evil. If it bothers you you can go here http://www.bleepingcomputer.com/tutorials/tutorial101.html and follow the How to Remove instructions. There is one entry in HJT you can remove:
    O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)
    Everything else looks OK to me.
     
  4. neel4life

    neel4life TS Rookie Topic Starter

    i deleted O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll (file missing)

    Also ran the checks howard forwarded..have had Spybot S&D and Adware Personal since i've had this PC..ran VX2 adware shows system clean..CWShredder shows no hijacks present..ewido is still scanning taking a while now :| so far think its only found couple cookies...errm recieved winantivirus pro pop ups a couple weeks back thought i fixed that but ran spybot S&D keep gettin 2 entries of disabled anti virus and firewall...keep fixing but keeps coming bak..idont think the hijack log shows entries of this not sure repostin fresh hijack log after making changes...they look the same not sure...

    But still cant think of a reason why this would stop me going to certain websites...usually gud with stf like this...confused :S
     
  5. altheman

    altheman TS Rookie Posts: 425

    Check your hosts file (C:\windows\system32\drivers\etc\) for entries with the loopback address (127.0.0.1)
     
  6. neel4life

    neel4life TS Rookie Topic Starter

    checked no loopback address although ewido has just found a trojan called small?!? still scanning....
     
  7. neel4life

    neel4life TS Rookie Topic Starter

    scan completed only the 1 trojan "small" still cant access www.hi5.com and other sites it isnt a internet settings problem can only think of it being a type of virus...not sure..any ideas??
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ALCMTR.EXE

    Close task manager.

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank

    O4 - HKLM\..\Run: [farstone] NULL

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    Click on the fix checked button.

    Locate and delete the the following bold file.

    ALCMTR.EXE You will need to search your system for this file and delete all instances of it.

    Reboot your system.

    Other than the above, your HJT log is clean.

    Regards Howard :)
     
  9. neel4life

    neel4life TS Rookie Topic Starter

    did all the above..thanks for ur help posted log after made changes...still cant get on websites can u think of any reason 4 this?
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I can`t find anything in your HJT log that would account for your problems.

    I advise you to contact your ISP and ask them if there are having any problems.

    Regards Howard :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...