TechSpot

Trojan-spy.win32@mx HELP!!!

By SLB
Jan 27, 2007
  1. where do i start people? i need help and all these fecking pop-ups are driving me crazy
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Regards Howard :wave: :wave:

    This thread is for the use of SLB only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. SLB

    SLB TS Rookie Topic Starter

    when i try to update avg i get this message


    [​IMG]
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You must have missed this bit from within the instructions.

    If you are having problems with the updater, you can get the manual update at http://download.ewido.net/ewido-signatures-full-current.exe
    When you have finished updating, exit AVG Antispyware.

    Regards Howard :)

    This thread is for the use of SLB only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. SLB

    SLB TS Rookie Topic Starter

    I know i'm being a real pain here, but when I downloaded the update and ran it, it couldn't find any ewido software on my computer and i couldn't locate the avg program when i went to browse.

    might actually be quicker if you hop onto a plane lol
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Ok, let`s try this then.

    Make sure any firewall software your running isn`t blocking the AVG updater. If that`s not the problem, do the following.

    Uninstall AVG Antispyware, download is again and reinstall. See if you can then run the updates. I`ve just checked with my AVG Antispyware uodater and it works fine, so I know it`s not a problem with the update server.

    As much as I`d love to hop on a plane and come and sort your system out, I`m afraid I`m a little busy at the moment lol.

    Regards Howard :)

    This thread is for the use of SLB only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  7. SLB

    SLB TS Rookie Topic Starter

    how exactly do i attach my avg and hijack this reports
     
  8. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    See HERE for instructions on how to attach your HJT log. You attach your AVG Antispyware log in exactly the same way.

    Regards Howard :)

    This thread is for the use of SLB only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  9. SLB

    SLB TS Rookie Topic Starter

    That should be it now

    and thats the AVG one
     
  10. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ALCXMNTR.EXE

    Close task manager.

    Run HJT with no other programmes open. Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/search/index.html?src=ssb

    O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEB utton\support.htm

    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEB utton\support.htm

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEB utton\support.htm (HKCU)

    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEB utton\support.htm (HKCU)

    O11 - Options group: [INTERNATIONAL] International*

    O16 - DPF: {38D63471-E630-4492-A986-B8C48B79F2F8} (CVideoEgg_ActiveXCtl Object) - http://update.videoegg.com/wintel/VideoEggPublisher.exe

    O17 - HKLM\System\CCS\Services\Tcpip\..\{D1820085-4A6D-4D4D-A4D4-385956FD0AAB}: NameServer = 205.188.146.145<Only fix this if it doesn`t belong to your ISP.

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    ALCXMNTR.EXE<Search your system for this file and delete all instances found.

    Reboot your system.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :)

    This thread is for the use of SLB only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  11. SLB

    SLB TS Rookie Topic Starter

    new HJT report
     
  12. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Apart from you not having got rid of the ALCXMNTR.EXE file, your HJT log is clean.

    Now would be a good time to clean out your old system restore points and anything nasty that`s in them. We will then create a new clean restore point.

    Turn off system restore.(XP/ME only) See how HERE.

    Now, turn system restore back on.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :)

    This thread is for the use of SLB only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  13. SLB

    SLB TS Rookie Topic Starter

    I never got round to thanking you howard.

    Thank you very much, you are a legend
     
  14. SLB

    SLB TS Rookie Topic Starter

    HJT log

    Hijack This log attached and AVG near finished
     
  15. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    I have merged your new thread into this one.

    Your system is infected with a variety of nasties.

    Very Important: Before deciding whether you should clean or reformat your system, go and read this thread HERE and decide what it is you want to do.

    If after reading the above, you wish to clean your system, do the following.

    Go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

    Post fresh HJT, Combofix and AVG Antispyware logs as attachments into this thread, only after doing the above.

    Regards Howard :)

    This thread is for the use of SLB only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...