TechSpot

Im not very good at computers. Having a lot of virus problems. Please help. Thanks.

By DaMaluJordan
Sep 25, 2006
Topic Status:
Not open for further replies.
  1. Im only a beginner at the computer and the internet and things like that. One day i just got a virus. im not sure how. now whats happening is that even when i am not using mozilla firefox or internet explorer, internet explorer keeps popping up with ads and advertisments. I am not sure of what to do. I asked my friend for help and he tried to help me. I have Zone Alarm, AVG, Ad-Aware SE Personal, Ewido, and Microsoft Defender. These were all his suggestions on what was a good thing to download to help get rid of the virus. AVG, Ewido, microsoft defender, zone alarm, and ad-aware se personal got rid of some things. Ewido got rid of the most things. The problem is that these things keep popping up on internet explorer even when im not using it. it occassionally happens on mozilla firefox as well. I am trying to play a game called maplestory but because of all these popups, i cannot play the game because the popups keep minimizing my game and i keep getting killed because of how much time that takes up. its also interfering with my homework when i am trying to type it on microsoft word. please someone help me. thank you in advanced.
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Hello and welcome to Techspot.

    Let`s see if we can get your system cleaned up.

    Go HERE and follow the instructions exactly.

    Post fresh HJT and Ewido logs as attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of DaMaluJordan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  3. DaMaluJordan

    DaMaluJordan TS Rookie Topic Starter Posts: 74

    Thank You.

    hello and thank you for your help. i was pretty sure that my virus problem is gone for i did not see any more of these annoying popups. The problem is, after a few minutes, 4 popups came up from internet explorer and i was not even using it. i was using mozilla firefox to type this when it happened. i will now attach the HJT and Ewido logs into this thread.

    P.S.
    I deleted every infected file and or virus i found on my antivirus/spyware programs.
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Please rename HijackThis.exe to HijackThis1991.exe and post a fresh HJT log.

    This is because some malware can hide from HijackThis.exe.

    Regards Howard :)

    This thread is for the use of DaMaluJordan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  5. DaMaluJordan

    DaMaluJordan TS Rookie Topic Starter Posts: 74

    I have renamed HijackThis to HijackThis1991 as you said.

    I have renamed HijackThis to HijackThis1991 as you said.
    I have attached a fresh logfile of my scan.
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Go to add remove programmes in your control panel and uninstall anything to do with(if there).

    winupdate

    Close control panel.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    winupdate.exe
    ALCXMNTR.EXE
    ms0641480-21369.exe
    sys012136941480-.exe
    Duce6.exe
    win3208480-2136941.exe

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    F2 - REG:system.ini: UserInit=userinit.exe

    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

    O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto

    O4 - HKLM\..\Run: [ms0641480-21369] C:\WINDOWS\ms0641480-21369.exe

    O4 - HKLM\..\Run: [win3208480-2136941] C:\WINDOWS\win3208480-2136941.exe

    O4 - HKLM\..\Run: [sys012136941480-] C:\WINDOWS\sys012136941480-.exe

    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe

    O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - (no file)

    O20 - Winlogon Notify: IPConfTSP - C:\WINDOWS\system32\mqr.dll (file missing)

    O20 - Winlogon Notify: MS-DOS Emulation - C:\WINDOWS\system32\fp2s03f7e.dll (file missing)

    O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\ktdno1.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\Duce6.exe
    C:\WINDOWS\sys012136941480-.exe
    C:\WINDOWS\win3208480-2136941.exe
    C:\Program Files\winupdate Delete the entire folder.
    C:\WINDOWS\ms0641480-21369.exe


    ALCXMNTR.EXE search your system for this file and delete all instances of it.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of DaMaluJordan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
  7. DaMaluJordan

    DaMaluJordan TS Rookie Topic Starter Posts: 74

    Before i do that i have one question.

    i understand what i have to do except towards the end.
    i dont know how to search my computer for that one thing
    ALCXMNTR.EXE
    I dont know what that is or where to find it.
    could you please tell me.
    Thank you.
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Click start/search/all file and folders and type ALCXMNTR.EXE and press the enter key.

    Regards Howard :)
  9. DaMaluJordan

    DaMaluJordan TS Rookie Topic Starter Posts: 74

    Well i did everything you told me to do.
    There was nothing in add or remove programs that said winupdate
    when i clicked the process tab in the task manager, none of what you listed was there.
    In HJT I got did the fix thing for all of the things that you listed and that was there although i never found Sys012136941480- or TheMonitor in the scan from HJT. I found everything else though.
    Then i searched for the ALCXMNTR.EXE thing in the computer.
    I found 2 things on my computer that said that.
    I deleted them both.
    When i rebooted my computer back into the normal mode, i saw that there was a new folder on my desktop that i never created. it was called backups. i am not sure whether to keep it or to delete it. Do you know what i should do?
    So far i havent seen any more popups from internet explorer or mozilla firefox. Thank you very much for your time and help. I just want to know what to do with that folder that says backups and i think that will be all for now. Thank you very much.

    Sorry i forgot to attcah the scan of hijackthis. I will attach it now.
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 25,948   +19

    Your HJT log is now clean.

    The backups folder belongs to HJT. This is why it says quite clearly in the link I gave you, you`re supposed to put HJT in it`s own folder such as C:\program files\HJT\hijackThis1991.exe not on the dektop or in a temp location.

    You should Move HJT and it`s backups folder to such a location now.

    Double click mycomputer/C drive/program files. Click the file button and select new folder. Name the folder HJT. Drag HJT and it`s backups folder from your desktop to the new folder you`ve just created.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of DaMaluJordan only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.