| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 59931 | 2005-07-17 07:44:00 | I can't remove 'AltnetBDE' (spyware/adware) | JSF_enthusiast (8536) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 372893 | 2005-07-17 08:52:00 | Possibly, I use Kero myself, but ZA should be fine. Does it have registry protection settings. Do you have Spybot set to Advanced mode, are you running the TeaTimer module (Which prevent registry changes and creates a backup. Check The TeaTimer logs). |
Murray P (44) | ||
| 372894 | 2005-07-17 08:55:00 | It might not have to go thru the net to slow u down . The entries in the registry would be enough to slow u down . Or as I've said, get trojan remover, or go to that site I posted, and see if those files, are on your system . If AltnetBDE, is the same as Altnet . |
Speedy Gonzales (78) | ||
| 372895 | 2005-07-17 08:58:00 | this what you wanted Logfile of HijackThis v1.99.1 Scan saved at 6:45:22 p.m., on 7/17/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ezSP_Px.exe C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\carpserv.exe C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-nz\msnappau.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Alex.OWNER-5Z4BJ30KX\Local Settings\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/ O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-nz\msntb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {e6bb7ac5-0e3c-4ae6-92bd-af1d243fffc1} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: (no name) - {49c015d0-bedb-4275-ae4b-b4cf3788ab51} - (no file) O3 - Toolbar: xtramsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-nz\msntb.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup O4 - HKLM\..\Run: [CARPService] carpserv.exe O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-nz\msnappau.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd.exe /C "C:\DOCUME~1\ALEX~1.OWN\LOCALS~1\Temp\MsgPlusUninst .bat" O4 - HKCU\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe" O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra 'Tools' menuitem: Subscribe in Desktop Sidebar - {09FE188B-6E85-479e-9411-51FB2220DF80} - C:\WINDOWS\System32\shdocvw.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .swf: C:\Program Files\Internet Explorer\PLUGINS\NPSWF32.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{44349A4C-D51C-4F31-AD1D-BBA5CB52974A}: NameServer = 202.27.158.40 202.27.156.72 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE (file missing) O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Unknown owner - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe (file missing) O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
JSF_enthusiast (8536) | ||
| 372896 | 2005-07-17 09:04:00 | Go here and paste your log into it and click on analyse . Theres a few files it picks up as nasty . Some maybe valid . You'll have to decide on whether to tick them . . hijackthis . de/index . php" target="_blank">www . hijackthis . de I would still get trojan remover, which isnt hijackthis . See if it detects / removes anything . That unknown one O4 - HKLM\ . . \RunOnce: [MessengerPlusUninstall] C:\WINDOWS\system32\cmd . exe /C "C:\DOCUME~1\ALEX~1 . OWN\LOCALS~1\Temp\MsgPlusUninst . bat" Looks suss . |
Speedy Gonzales (78) | ||
| 372897 | 2005-07-17 09:23:00 | I have tried the hijackthis method that you have suggested and trojan remover. Neither actually found altnet in the registry, but spybot, ad aware and norton still said they were there. | JSF_enthusiast (8536) | ||
| 372898 | 2005-07-17 10:02:00 | get rid of ... O2 - BHO: (no name) - {45AD732C-2CE2-4666-B366-B2214AD57A49} - (no file) O2 - BHO: (no name) - {e6bb7ac5-0e3c-4ae6-92bd-af1d243fffc1} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: (no name) - {49c015d0-bedb-4275-ae4b-b4cf3788ab51} - (no file) O17 - HKLM\System\CCS\Services\Tcpip\..\{44349A4C-D51C-4F31-AD1D-BBA5CB52974A}: NameServer = 202.27.158.40 202.27.156.72 are you running nortons firewall in the sicurity centre ? |
tweak'e (69) | ||
| 372899 | 2005-07-17 10:19:00 | See if this symantec site helps. See if the folders are on your system. securityresponse.symantec.com I think this has something to do with it. Thats if these folders exist on your PC. |
Speedy Gonzales (78) | ||
| 372900 | 2005-07-17 11:57:00 | I do not have norton firewall on my computer, norton anti virus is my only norton product on this computer. tweak'e i deleted all of those files and entries listed in your last post. I don't see any of the files that i saw in the link you provided Speedy Gonzales. trojan remover didn't see any altnet what so ever. I might just give up because it appears dealing with it is a bit out of league in terms of computing skill. |
JSF_enthusiast (8536) | ||
| 372901 | 2005-07-17 13:12:00 | It might not have to go thru the net to slow u down . The entries in the registry would be enough to slow u down . How does the nasty registry entries manage to slow down the connection without connecting to the Internet? I am dead curious . Cheers :) |
Renmoo (66) | ||
| 372902 | 2005-07-18 00:50:00 | What I meant was, it'll affect u once u connect, but it doesnt mean you'll be able to block access to whatever it is, thats slowing u down . Until u scan for spyware/adware and manage to remove it . And depending on what it is u have, it can make the CPU go to 99/100% And the only way you'll go faster, is to terminate the process thats doing this (if it shows in task manager) . So whatever program u load will work properly without freezing . |
Speedy Gonzales (78) | ||
| 1 2 | |||||