|
Posted by =?Utf-8?B?bWlrZQ==?= on October 1, 2005, 12:17 am
If you were Registered and logged in, you could reply and use other advanced thread options
this file is infected with the alemode.e.dll virus
Mcafee always tells me to fix it
how can i fix it
thank you
|
|
Posted by David H. Lipman on October 1, 2005, 9:16 am
If you were Registered and logged in, you could reply and use other advanced thread options
| this file is infected with the alemode.e.dll virus
| Mcafee always tells me to fix it
| how can i fix it
| thank you
Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart
scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE.
It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line
Scanners to
remove viruses, Trojans and various other malware.
C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.
You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.
To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close
Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }
NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.
* * * Please report back your results * * *
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by =?Utf-8?B?QW5keU1hbmNoZXN0YQ== on October 5, 2005, 3:37 am
If you were Registered and logged in, you could reply and use other advanced thread options
This is part of the smitfraud infection (Fake Spyware warnings and
SpySheriff/PSGuard Installs) Smitrem would be a good option to repair this as
it will attempt to replace Wininet.dll with a clean version from another area
of your system such as the dllcache or service pack files folder.
Windows 95, 98 and Windows Millennium do not have copies, so it’s necessary
to try to clean it or replace it otherwise, if you have one of those
operating systems with an infected wininet.dll, I suggest you download the
appropriate patch for your system from Microsoft, which contains a copy of
the file,
http://www.microsoft.com/technet/security/Bulletin/MS05-025.mspx
Download smitRem.exe, saving the file to your desktop.
http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
Double click it to extract the contents to a folder of it’s own. Restart
your computer in safe mode, open the smitRem folder and double click the
RunThis.bat file to start the tool. Follow the prompts on screen and allow
disk cleanup to complete.
Upon reboot, you can reset your desktop background. Note: XP users using the
XP theme may ex-perience a change to the Classic Windows theme. This can be
changed on the themes tab of desktop properties.
Andy
|
|
Posted by David H. Lipman on October 5, 2005, 8:01 am
If you were Registered and logged in, you could reply and use other advanced thread options
|
| This is part of the smitfraud infection (Fake Spyware warnings and
| SpySheriff/PSGuard Installs) Smitrem would be a good option to repair this as
| it will attempt to replace Wininet.dll with a clean version from another area
| of your system such as the dllcache or service pack files folder.
|
| Windows 95, 98 and Windows Millennium do not have copies, so it’s necessary
| to try to clean it or replace it otherwise, if you have one of those
| operating systems with an infected wininet.dll, I suggest you download the
| appropriate patch for your system from Microsoft, which contains a copy of
| the file,
|
| http://www.microsoft.com/technet/security/Bulletin/MS05-025.mspx
|
| Download smitRem.exe, saving the file to your desktop.
|
| http://noahdfear.geekstogo.com/click%20counter/click.php?id=1
|
| Double click it to extract the contents to a folder of it’s own. Restart
| your computer in safe mode, open the smitRem folder and double click the
| RunThis.bat file to start the tool. Follow the prompts on screen and allow
| disk cleanup to complete.
|
| Upon reboot, you can reset your desktop background. Note: XP users using the
| XP theme may ex-perience a change to the Classic Windows theme. This can be
| changed on the themes tab of desktop properties.
|
| Andy
|
That's an assumption.
Mike has not indicated he has the typical behviour of the SmitFraud which is the
so called
error message background BMP.
It could very well be the following...
W32/Alemod -- http://vil.nai.com/vil/content/v_134451.htm
It just happens I have written a SmitFraud removal tool. It will remove the
SmitFraud
Trojan and then run the McAfee Command Line Scanner.
Download SmitFraud.exe
http://www.ik-cs.com/programs/virtools/SmitFraud.exe
On the infected PC...
Execute; SmitFraud.exe { Note: You must accept the default of C:\McAfee }
Choose; Unzip
Choose; Close
NOTE: You may have to disable your software FireWall or allow FTP.EXE to go
through your
FireWall to enable FTP.EXE to download the needed McAfee related files.
Execute; c:\mcafee\clean.bat
{ or Double-click on 'Clean Link' in c:\mcafee }
A final report in HTML format called C:\mcafee\ScanReport.HTML will be
generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or
Internet Explorer).
It is suggested that you move the report out of c:\mcafee before performing
another scan.
It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy
of the HTML
report for each session.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm
|
|
Posted by =?Utf-8?B?QW5keU1hbmNoZXN0YQ== on October 6, 2005, 12:36 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Hi David
The link you gave from Mcafee is the same infection Im suggesting he use
Smitrem to remove, Trojan Intel32 & Trojan Alemod are related to this
infection, I appreciate Mike has made no reference to other aspects of this
infection but maybe they were removed by his AV before they could cause any
damage, Ive infected a machine many times with this and it does usually come
with the fake spyware desktop warning and installations of PSGuard and
SpySheriff and wininet.dll getting replaced with oleadm32.dll, Panda
Activescan was cleaning this file but recently started to remove it so
Smitrem is usefull as it will replace the wininet.dll with a clean
replacement from elsewhere on the system.
Smitrem Targets these files and folders:
Program Files
---------------
AntiVirusGold
PSGuard
Search Maid
Security IGuard
SpySheriff
Virtual Maid
%systemroot%\system32 / system
-------------------------------
gunist.exe
helper.exe
hhk.dll
hhk.dll.tcf
hookdump.exe
hp***.tmp
intel32.exe
intell32.exe
intmon.exe
intmonp.exe
msmsgs.exe
msole32.exe
ole32vbs.exe
oleadm.dll
oleadm32.dll
oleext.dll
param32.dll
perfcii.ini
pop_up.dll
searchdll.dll
shnlog.exe
svcnt.exe
winnook.exe
wldr.dll
wp.bmp
wppp.html
_delete_on_reboot__intmon.exe
_delete_on_reboot__intel32.exe
_delete_on_reboot__OLEADM.dll
%systemdrive%(Local Disk C: or system partition)
--------------------------------------------------
wp.exe
bsw.exe
wp.bmp
bsw.bmp
winstall.exe
%systemroot% (Windows folder)
----------------------------
desktop.html
popuper.exe
screen.html
sites.ini
uninstIU.exe
zloader3.exe
Then all the Favorites entries, Desktop Icons, Desktop Shortcuts, StartMenu-
Quick Launch , System32-System icons
Locations looked in for a wininet.dll replacement
--------------------------------------------------
Listed in order of priority
%systemroot%\system32\dllcache
%systemroot%$hf_mig$\KB890923\SP2QFE
%systemroot%$hf_mig$\KB867282\SP2QFE
%systemroot%$hf_mig$\KB883939\SP2QFE
%systemroot%\ServicePackFiles\i386
Plus resets the resgistry area's effected by these trojans.
Regards
Andy
|
| Similar Threads | Posted | | Help I have been Infected | October 1, 2006, 9:26 pm |
| HotPOP.com infected | July 1, 2005, 4:33 pm |
| spyware infected | July 24, 2005, 9:23 pm |
| Web Server infected? | September 16, 2005, 2:58 pm |
| Can't handle infected PC. Please Help! | April 15, 2006, 6:17 am |
| RE: Can't handle infected PC. Please Help! | April 15, 2006, 1:10 pm |
| "Your computer is infected" | July 1, 2006, 10:59 am |
| !!Infected with cool.exe Help!! | August 9, 2006, 10:01 pm |
| !!Infected with cool.exe Help!! | August 9, 2006, 10:03 pm |
| Help to identify what my PC is infected with | August 30, 2006, 8:08 pm |
|
XML site map