Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

i need help please. xp home sp3


  • Please log in to reply
6 replies to this topic

#1 daeman13

daeman13

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:03 PM

Posted 11 January 2009 - 04:10 AM

hello i am having probelms with removing some spyware. ive tried a number of different porgrams to attempt to get rid of it nothing has worked. i have reformatted this computer 3 times with no sucess.

in my mydocuments temp folder random 514.exe 890.exe other random numbers keep getting created and in the task manager alcomrg.exe stops my firefox from working. it restarts everytime i reboot. i have used autoruns to attempt to remove alcomrg from the registry with no sucsess i have downloaded a few malware/virus scanning programs with no sucsess including malwarebytes anti-malware spyware blaster Ashampoo anti spyware. and a trial of Mcafee is there anything i can do? it also does not allow me to use task manager and editing the registry but have found workarounds on the net to close the processes (some commands in run) but they keep coming back.

BC AdBot (Login to Remove)

 


#2 teladriel

teladriel

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 11 January 2009 - 12:03 PM

Somthing similar started today...(my english is not native so its not so good sorry, and i am really newbie in PC)
Firstly my computer started to restart itself, a message appears That your computer will be restart in 1 minute...there is some more written in the error mesege, i tried to make a screen but for some strange reason i wasnt able to past it into paint to save...i will try to rerwite message and wirte it here later...At the running processes i saw some strange thing named KHALMNPR.EXE , i googled it, and it was some driver programm for my Logitech mouse..strange thing is that it was no such thing before, and when i searched it in the registry i saw this:
Posted Image
Antivirus didnt find anything(but i will try anouther one, just didnt have enough time yet)
After that, i saw this restart thing again, in the save mode...after that a new thing appeared:
Posted Image
this msg is spammed if i press cancel it apears again, i found this Alcomrg.exe,cant delete this(also there is smth, that apears again when i delete it, after restart, on the left)
Posted Image
Then after few restarts, i also cant use Task Manager and Regedit, error says that my administrator turnd off those things for me...
I really have no idea what to do

>.<

Edited by teladriel, 11 January 2009 - 12:09 PM.


#3 nickxxx007

nickxxx007

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 11 January 2009 - 02:11 PM

hi i just created this account so i can help you
to teladriel
thx for the screenshots
ok now delete acmru carpet delete all the temporal files delete the devil face the alcomrg also
if you cant enter to theTask Manager and Regedit download tuneup utilities that have a tool that works as if were the regedit
hope that help ;D

PD:i seens this virus is new because i also get it recently someone can confirm this?

Edited by nickxxx007, 11 January 2009 - 02:12 PM.


#4 teladriel

teladriel

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:03 AM

Posted 11 January 2009 - 03:52 PM

alcomrg.exe seems to be the source of all problems, with Gpedit.msc i disabled regedit and task manager blocks, removed alcomrg.exe process, and no more errors, but not sure if it not going to appear again after restart...so i think need more antivir scans >.<

#5 been_there

been_there

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 11 January 2009 - 10:38 PM

I got hit also by alcomrg.exe

The only place so far with results: Panda ActiveScan at

http://www.pandasecurity.com/activescan

#6 been_there

been_there

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:03 PM

Posted 11 January 2009 - 10:55 PM

OH By the way you will need Internet Explorer in order to run the scan......

FINAL TALLY ~4000 files infected by 3 viruses....

W32/Virutas.AH W32/Sdbot.JCE W32/Gaobot.PCK

#7 gog

gog

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:03 PM

Posted 12 January 2009 - 06:29 PM

to fix the prohibition on task manager (the alcomrg.exe curse):
1:fixing task manager:
Click on Start, Run and type the following command exactly and press Enter

REG add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableTaskMgr /t REG_DWORD /d 0 /f

2: deleting alcomrg (partial solution):
press Ctrl+Shift+Esc to open task manager
right click on alcomrg.exe and end the process
if it is ended then you can delete it from its location in system32/drivers (notice it is a hidden file, so access it by going to tools/folder options/view and untag "hide protected operating..." and tag "show hidden....")
once it is deleted and you finish step 3 and restart the computer it will send you message indicating that a search had been ongoing for alcomrg.exe but it couldn't be found (or some similar message). everytime you start your computer it'll say the same thing, but at least your task manager is accessable.

3:fixing registry edit
Click Start, Run
Type GPEDIT.MSC and Press Enter
Go to the following location
User Configuration
Administrative Templates
System
In the Settings Window, find the option for "Prevent Access to Registry Editing Tools" and double-click on it to change.
Select Disabled or Not Configured and choose OK
Close the Group Policy Editor and restart your computer
Try opening REGEDIT again

note: i got instructions 1&3 from a friend and i don't know his source (hope i didn't violate any forum rules)
anyway, i hope it helps. been there brothers and sisters. been there.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users