Trojan.Alemod

Trojan.Alemod
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Trojan.Alemod offwego 04-22-2006
---> Re: Trojan.Alemod David H. Lipman04-22-2006
Posted by =?Utf-8?B?b2Zmd2Vnbw==?= on April 22, 2006, 5:14 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
The virus "Trojan.Alemod" (as identified by Symantec) has infected by PC.
Symantec can detect it but not get rid of it. There is a routine to follow
after clicking a link on the Symantec scan result which involves deleting
values from certain registry subkeys. Unfortunately, non of the values that
Symantec say to delete are there in the registry!

I have run Spybot as well and it won't detect it. I have the latest
versions of both Symantec and Spybot. Any suggestions for getting rid of
Trojan.Alemod please? Plus any security tips! I have all regular MS updates
plus a firewall.

I keep getting an annoying pop-up telling me my computer is infected, which
just takes me to a web site flogging software.

Posted by Imhotep on April 22, 2006, 5:37 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
offwego wrote:

> The virus "Trojan.Alemod" (as identified by Symantec) has infected by PC.
> Symantec can detect it but not get rid of it. There is a routine to
> follow after clicking a link on the Symantec scan result which involves
> deleting
> values from certain registry subkeys. Unfortunately, non of the values
> that Symantec say to delete are there in the registry!
>
> I have run Spybot as well and it won't detect it. I have the latest
> versions of both Symantec and Spybot. Any suggestions for getting rid of
> Trojan.Alemod please? Plus any security tips! I have all regular MS
> updates plus a firewall.
>
> I keep getting an annoying pop-up telling me my computer is infected,
> which just takes me to a web site flogging software.

Guaranteed short term fix: Rebuild your PC

Guaranteed long term fix: Buy a Mac

Imhotep

Posted by Alun Jones on May 11, 2006, 10:19 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Imhotep wrote:
> Guaranteed short term fix: Rebuild your PC
>
> Guaranteed long term fix: Buy a Mac

I think you've got that the wrong way around.

Rebuild your PC, keep it patched, run anti-malware software, that's a
guaranteed long-term fix.

Do everything above, except you clean, instead of rebuilding, that's a less
guaranteed long-term fix, because there's a chance that the cleaning process
didn't catch everything.

Buy a Mac, and believe that you're safe; you will find that you're only safe
until the malware writers decide that they want to play around with Mac
users. Several recent viruses have demonstrated that Mac developers are no
better (and in some cases, worse) at protecting your system from remote
exploits.

So, yeah, rebuild your PC and stay cautious - long term fix; buy a Mac and
believe you're safe - short term fix.

Whatever operating system you're on, you are vulnerable to the first
programmer who feels a desire to target your OS.

Alun.
~~~~
[Please don't email posters, if a Usenet response is appropriate.]
--
Texas Imperial Software | Find us at http://www.wftpd.com or email
23921 57th Ave SE | alun@wftpd.com.
Washington WA 98072-8661 | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(425)807-1787 | Try our NEW client software, WFTPD Explorer.



Posted by David H. Lipman on April 22, 2006, 6:16 pm
If you were  Registered and logged in, you could reply and use other advanced thread options

| The virus "Trojan.Alemod" (as identified by Symantec) has infected by PC.
| Symantec can detect it but not get rid of it. There is a routine to follow
| after clicking a link on the Symantec scan result which involves deleting
| values from certain registry subkeys. Unfortunately, non of the values that
| Symantec say to delete are there in the registry!
|
| I have run Spybot as well and it won't detect it. I have the latest
| versions of both Symantec and Spybot. Any suggestions for getting rid of
| Trojan.Alemod please? Plus any security tips! I have all regular MS updates
| plus a firewall.
|
| I keep getting an annoying pop-up telling me my computer is infected, which
| just takes me to a web site flogging software.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by =?Utf-8?B?b2Zmd2Vnbw==?= on April 23, 2006, 11:08 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Dave,

Many thanks for your advice. A couple of hours running the scans you gave
me links for have resulted in success! I worked through procedure 1 and
found that the Trend Sysclean Package was the most effective. It found and
deleted the virus. I now have a virus free PC.

I didn't need to work through procedure 2 but will keep this one in my
archive as well.

Your expertise and time were appreciated.

offwego.

"David H. Lipman" wrote:

>
> | The virus "Trojan.Alemod" (as identified by Symantec) has infected by PC.
> | Symantec can detect it but not get rid of it. There is a routine to follow
> | after clicking a link on the Symantec scan result which involves deleting
> | values from certain registry subkeys. Unfortunately, non of the values that
> | Symantec say to delete are there in the registry!
> |
> | I have run Spybot as well and it won't detect it. I have the latest
> | versions of both Symantec and Spybot. Any suggestions for getting rid of
> | Trojan.Alemod please? Plus any security tips! I have all regular MS updates
> | plus a firewall.
> |
> | I keep getting an annoying pop-up telling me my computer is infected, which
> | just takes me to a web site flogging software.
>
>
> Download MULTI_AV.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/Multi_AV.exe
>
> To use this utility, perform the following...
> Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
> Choose; Unzip
> Choose; Close
>
> Execute; C:\AV-CLS\StartMenu.BAT
> { or Double-click on 'Start Menu' in C:\AV-CLS }
>
> NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
> FireWall to allow it to download the needed AV vendor related files.
>
> C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
> This will bring up the initial menu of choices and should be executed in
Normal Mode.
> This way all the components can be downloaded from each AV vendor's web site.
> The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot
the PC.
>
> You can choose to go to each menu item and just download the needed files or
you can
> download the files and perform a scan in Normal Mode. Once you have downloaded
the files
> needed for each scanner you want to use, you should reboot the PC into Safe
Mode [F8 key
> during boot] and re-run the menu again and choose which scanner you want to
run in Safe
> Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.
>
> When the menu is displayed hitting 'H' or 'h' will bring up a more
comprehensive PDF help
> file. http://www.ik-cs.com/multi-av.htm
>
> Additional Instructions:
> http://pcdid.com/Multi_AV.htm
>
>
> * * * Please report back your results * * *
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>

Similar ThreadsPosted
How do I get rid of a Trojan? October 26, 2005, 5:05 pm
W32 trojan-gen January 5, 2007, 4:26 am
How did this Trojan appear? March 17, 2008, 5:55 pm
Help Trojan.KillReg August 7, 2005, 4:23 pm
Trojan problem August 7, 2005, 4:39 pm
Trojan 'Vundo' December 30, 2005, 7:23 pm
TROJAN HORSE May 29, 2005, 10:45 pm
How to get rid of a Trojan Horse? September 19, 2006, 11:14 am
Is WinPcap really a trojan? August 20, 2007, 7:49 am
trojan horse September 25, 2007, 1:40 am

The site map in XML format XML site map

Contact Us | Privacy Policy