Help needed, hklm/software/altnet? Spyware virus?

By andyglad ยท 9 replies
Sep 11, 2008
  1. Hi,
    I have a virus of some kind, my internet explorer will not let me open up links, access my email or some other sites, takes me to adverts. Computer going really slow and freezes occasionally.
    Im on windows XP have run AVG scan which finds hklm/software/altnet but wont let me delete it. I have attatched my hijack this log, any help would be great

    Attached Files:

  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    Please follow the directions for:

    Rerun HijackThis AFTER MalwareBytes and SuperAntispyware. Attach all logs
  3. andyglad

    andyglad TS Rookie Topic Starter Posts: 17


    Hi completed everything,
    programmes seemed to fix the problems such as can now open up links in internet explorer and no more ads. logs attatched, thanks
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    There is a lot of cleanup you need to do:
    Your SuperAntispyware log shows entries in names of both Amy and andrew- why is this? All of those Tracking cookies need to be deleted. You need better control over the Cookies you get on your system:
    mbam shows files that were not deleted, so you need to do it:
    Reboot the computer into Safe Mode:
    Right click on Start> Explore>Windows folder> System 32> delete the following files:
    Reboot the computer into Normal Mode. You will get a nag message-ignore it and close after you check 'don't show this message again'. Stay in Selective Startup.

    I notice you have a redirect to MSN:
    This does not appears to be your ISP. If this is NOT the ISP, you need to have HijackThis fix the entry.
  5. andyglad

    andyglad TS Rookie Topic Starter Posts: 17

    safe mode

    hi, i went into safe mode and then the system 32 folder but none of the files you listed to delete was there?
    The andrew and amy is the two different profile users on my computer. How do i delete the tracking cookies?
    I have deleted the temp net files etc
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    There should be an option to delete the Tracking cookies. You'll have to scan again with the option checked. you may want to look into SpywareBlaster. It will block many of the Cookies and prevent them from getting on the machine. Unfortunately, the free SAS doesn't have the blocking:


    I'm going to see if I can find out why Malwarebytes didn't delete those files. Work on the rest and I'll get back to you.
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    You overlooked a part of the Malwarebytes instructions. These files need to be removed:

    Run the scan with Malwarebytes again> When the scan is complete, click OK, then Show Results to view the results. Be sure that everything is checked, and click Remove Selected
    When completed, a log will open in Notepad.[/QUOTE]

    Please post that new log.
  8. andyglad

    andyglad TS Rookie Topic Starter Posts: 17


    Ran a scan today and malware did not find anything this time, just running another one now. I have protected internet explorer mozilla with spyware blaster. Just ran an AVG scan which found Trojan Horse Back Door.Hupigon.RCG twice, i have attatched that log. It will not let me delete them. Sorry if that irrelevant
  9. andyglad

    andyglad TS Rookie Topic Starter Posts: 17

    avg attatchment

    avg overview of scan would not work
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,334   +36

    As far as I can find, Trojan Horse Back Door.Hupigon.RCG is a variant of the Graybird Trojan. Did AVG quarantine it? It should have.

    I need to see the clean mbam log and a new HijackThis log. Run each again and attach the logs.

    I think it's best to drop the old system Restore points now. Using them could reinfect:
    Control Panel> System> System Restore tab> CHECK 'turn off system Restore'> Apply> OK> Reboot.
    Go back in and UNCHECK the turn off> Apply> OK
    Now set a new restore point.

    Do the System Restore AFTER AVG quarantines Graybird. You will need another spyware/adware program and a firewall. We'll check the new log to make sure you have what you need.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...