Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

** alq.exe through infected hotelmogul.exe**


  • Please log in to reply
1 reply to this topic

#1 kidblast

kidblast

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:35 PM

Posted 26 October 2009 - 04:31 PM

Hello Everybody, It's my first post on the site. I come with a certain shame I might add, I am usually not so naive but a lapse in better judgement (bored Nephew/half term) has landed me in a quandry.

On Sunday I downloaded Hotelmogul from a warez site. It came packed in a .rar file which I opened and then scanned with Avast Home Free. It came out clean and I moved it onto my desktop.

It was a single executable file. I opened it and it started an installer. I knew that wasn't right and alarm bells were ringing but I ran it all the same.

Hotelmogul runs and I can see it Start>programmes>HotelMogul>Hotelmogul and something called 'set up factory runtime 8'

Also below it was Start>programmes>Your Product>uninstaller

There appears no way to uninstall Hotelmogul.

Through Revoo Uninstaller there was an entry called 'Your Product'. I uninstalled it. Hotelmogul still there.

Going into C>programme files>common files>alq (alq written and an icon white with blue border) not usually there. I dragged and dropped it into Revoo uninstaller 'drag and drop uninstaller' it then tried to uninstall my Santa Cruz sound card drivers. Didn't do it. Sometimes like now the alq icon has vanished.

In msconfig there have been two instances off alq.exe processes running and alq autostarting on boot.

Hijackthis coming up with two lines for Sysinternals.com, one JA and another with string of random letters which aren't usually there.

There system is not showing any performance issues but something has clearly happened in stealth. the programme hotelmogul cannot be uninstalled and I don't know what alq.exe is but it maybe a worm. Either way it's attached itself somewhere.

SuperAntiSpyware came up clean. I have ran Rootrepeal and combofix and MGtools but it says here not to post them and I can't see where here I can attach files. They're here if you want them.

I really would appreciate some advice, greatly appreciated.

Regards, Kid

BC AdBot (Login to Remove)

 


#2 garmanma

garmanma

    Computer Masochist


  • Members
  • 27,809 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Cleveland, Ohio
  • Local time:11:35 AM

Posted 28 October 2009 - 08:37 PM

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 6 there are instructions for downloading and running DDS which will create a Pseudo HJT Report as part of its log.

There will also be instructions to create a Root Repeal Log

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

The HJT team is very busy and it will take awhile to get to your post
Please be patient and good luck
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users