lo[1] trojan and very slow internet

By clunge
Jan 13, 2007
  1. Hello all,

    I recently waded into the murky waters of dodgy sites with keygens and got my wrists well and truly slapped with this thing.

    Fairly sure it was from a file i foolishly double clicked, but now AVG keeps popping up teling me there is a threat detected which is always in the temporary internet folder and usually called lo or lo[1].

    Sometimes I can heal or quarantine it, sometimes not ("do not have access to file")

    Since this the internet has been worryingly slow, making me think this thing is using it up

    Thanks for your help

    I followed all the instructions and logfiles are attached. Also, I'm on Windows XP with all updates in place


  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    Delete all files in AVG Antispyware quarantine.

    Open your task manager, by holding down the ctrl and alt keys and pressing the delete key.

    Click on the processes tab and end process for(if there).

    ALCMTR.EXE<Not particularly nasty, but is classed as spyware cause it phones home frequently.

    Close task manager.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

    O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\tez\Start Menu\Programs\IMVU\Run IMVU.lnk

    O20 - Winlogon Notify: winzzd32 - winzzd32.dll (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    ALCMTR.EXE<Search your system for this file and delete all instances found.

    Reboot your computer.

    Turn off system restore.(XP/ME only) See how HERE.

    Turn system restore back on. This will have deleted all your old restore points and anything nasty that`s in them. It will also create a new clean restore point.

    Other than the above, your HJT log is clean.

    If you have any further virus/spyware problems, please post in this thread.

    Regards Howard :wave: :wave:

    This thread is for the use of clunge only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
Topic Status:
Not open for further replies.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...