Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan.alemod


  • Please log in to reply
5 replies to this topic

#1 RSW66

RSW66

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:53rd&3rd
  • Local time:12:03 PM

Posted 22 March 2006 - 10:16 PM

i`m working on a friends laptop for her (winxp home sp1) which is currently infected by trojan.alemod -
according to Norton AV 2002 (fully updated)

object name c:\WINDOWS\system32\WININET.dll

action taken: unable to repair access to file denied

also the desktop has been taken over by a large spy ware warning.i`ve ran ad-aware se ,spybot, stinger
and the aforementioned norton av in safe mode and normal, aaw remved 4 items in safemode alfacleaner i believe, and it seemed good when i rebooted back to normal mode for a minute then the desktop went back to big warning. also along with running all the spy ware stuff i deleted cookies,temp.internet files, and turned off system restore. any help would be greatly appreciated.

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Members
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:11:03 AM

Posted 22 March 2006 - 10:30 PM

First, try running your Anti-virus in "safe mode," which may give it access to the file.

Second, check the BC self help guide to removing SpyFalcon, if the pop-up looks like the one displayed there:

http://www.bleepingcomputer.com/forums/t/43659/how-to-remove-spyfalcon-removal-instructions/

If the first step doesn't work, or the popup you are getting is different (and then please supply the wording for it), then please post back and we can proceed from there.
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 RSW66

RSW66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:53rd&3rd
  • Local time:12:03 PM

Posted 23 March 2006 - 12:15 AM

it looks like this

Posted Image

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:03 AM

Posted 23 March 2006 - 07:45 AM

wininet.dll [Internet Extensions for Win32] is a module that contains Internet-related functions used by Windows applications. Some malware variants will infect/overwrite this file and the average user needs assistance to fix it.

There are manual removal instructions here which requires working with the registry. Always back up the registry first. However, if your not comfortable doing this and would like assistance, then I suggest you read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log.

When you have done that, post a log in the HijackThis Logs and Analysis Forum, not here, for assistance by the HJT Team Experts.

It may take a while to get a response because the HJT Team members are very busy. Please be patient as they are volunteers who will help you out as soon as possible. Once you have made your post please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have not been replied as this makes it easier for them to identify those who have not been helped.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 RSW66

RSW66
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Location:53rd&3rd
  • Local time:12:03 PM

Posted 29 March 2006 - 11:22 AM

thanks for the help qman, turned out to be a couple of attackers but thanks to you and this board i got em and removed winfixer from my sons laptop as well. thanks again

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:03 AM

Posted 29 March 2006 - 11:31 AM

Your welcome RSW66. Glad to hear the issue was resolved.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users