lo[1] trojan and very slow internet

[clunge]

Hello all,

I recently waded into the murky waters of dodgy sites with keygens and got my wrists well and truly slapped with this thing.

Fairly sure it was from a file i foolishly double clicked, but now AVG keeps popping up teling me there is a threat detected which is always in the temporary internet folder and usually called lo or lo[1].

Sometimes I can heal or quarantine it, sometimes not ("do not have access to file")

Since this the internet has been worryingly slow, making me think this thing is using it up

Thanks for your help

I followed all the instructions and logfiles are attached. Also, I'm on Windows XP with all updates in place

Ta

clunge

 

[howard_hopkinso]

Hello and welcome to Techspot.

Delete all files in AVG Antispyware quarantine.

Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

Click on the processes tab and end process for(if there).

ALCMTR.EXE<Not particularly nasty, but is classed as spyware cause it phones home frequently.

Close task manager.

Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\tez\Start Menu\Programs\IMVU\Run IMVU.lnk

O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)

Click on the fix checked button.

Close HJT.

Locate and delete the following bold files and/or directories(if there).

ALCMTR.EXE<Search your system for this file and delete all instances found.

Reboot your computer.

Turn off system restore.(XP/ME only) See how HERE.

Turn system restore back on. This will have deleted all your old restore points and anything nasty that`s in them. It will also create a new clean restore point.

Other than the above, your HJT log is clean.

If you have any further virus/spyware problems, please post in this thread.

Regards Howard :wave: :wave:

This thread is for the use of clunge only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.