I've picked up a nasty somewhere, and no matter how many anti virus/spyware programs i've ran i can't get rid of it.

My browser keeps getting redirected to ad sites. I've checked out my host files and they are clean. I've attatched my hijackthis log in the hopes someone can help me.

I see the blatently obvious system32\.exe (file missing) entry, but hijackthis doesn't seem to be able to fix it?! as every time i do a reboot and rescan its still there.

hope someone can help!

thanks

Attached Files

hijackthis.log (6.7 KB, 2 views)

Hello and welcome to Techspot.

Your system has been hijacked.

You shouldn`t try and fix any entries in HJT yourself. Run HJT and click the config button, followed by the backups button. Place a tick in the little box next to all entries and click the restore button and click yes. Reboot your system.

[color=red]Very Important:[/color] Before deciding whether you should clean or reformat your system, go and read this thread [color=blue]HERE[/color] and decide what it is you want to do.

If after reading the above, you wish to clean your system, do the following.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

Then, go and read the Viruses/Spyware/Malware, preliminary removal instructions. Follow all the instructions exactly.

Post fresh HJT, [color=red]AVG Antispyware[/color] and Combofix logs as attachments into this thread, only after doing the above. Also, attach the C:\fixwareout\report.txt.

Also, let me know the results of the AVG Antirootkit scan.

Regards Howard

[color=red]This thread is for the use of[/color] kingfu [color=red]only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.[/color]

thanks for your great info howard_hopkinso

I've attatched the updated logs as requested. I also ran smitfraudfix which found i had been the victim of a dns hijack.

hopefully im clean now!

Attached Files

	report.txt (2.4 KB, 2 views)
	hijackthis.log (6.0 KB, 1 views)

Please post all the requested log files.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

C:\windows\ALCMTR.EXE

reboot your system and post a fresh HJT log as well as the AVG and Combofix logs. Let me know the results of the AVG Antirootkit scan.

Regards Howard

[color=red]This thread is for the use of[/color] kingfu [color=red]only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.[/color]