Solved

Rogue Program Hijacking IE

Posted on 2006-07-10
10
423 Views
Last Modified: 2010-05-18
Hi I Have got a real headache with this problem.
After surfing some P2P sights I have now got several problems in the form of adverts and hijackers. The Main prob seems to be a small prog called Spyware Quake 2.3. This program keeps directing me to a sight where I am invited to buy the full program. There are also more popups for varying types of software from the same sight. including anti virus.
I have done a full scan with AVG no virus detected.
I have done a full scan with AdAware cleaned everything out
I have emptied IE of cookies and internet files
I have used search to try and find anything I Can deleat, could only find a couple of IE files to deleat.
I found Spyware Quake hidden in the Windows program files, but not in Control Panel, and it would not let me deleate it from there.
Also after downloading Warez P2P I cannot get rid of that iether as the Uninstall shortcut is broken and will not repair.
Can anyone help please!!
0
Comment
Question by:Haroldine
  • 6
  • 4
10 Comments
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17072375
Hi,
Smitfraudfix will take care of it.

Please download SmitfraudFix:
http://siri.geekstogo.com/SmitfraudFix.php
Extract the content (a folder named SmitfraudFix) to your Desktop.
Next, please reboot your computer in Safe Mode by rebooting the computer,
and repeatedly tapping the F8 key as the pc starts. Choose "Safe Mode" from
the options listed.
 
Once in Safe Mode, open the SmitfraudFix folder again and double-click
smitfraudfix.cmd
 
Select option #2 - Clean by typing 2 and press "Enter" to delete infected
files.
 
You will be prompted : "Registry cleaning - Do you want to clean the
registry?" answer "Yes" by typing Y and press "Enter" in order to remove
the Desktop background and clean registry keys associated with the
infection.
 
The tool will now check if wininet.dll is infected. You may be prompted to
replace the infected file (if found); answer "Yes" by typing Y and press
"Enter".
 
The tool may need to restart your computer to finish the cleaning process;
if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17072400
Haroldine,
After you finished running option #2 in SmitfraudFix, please run option #3 to delete the entries in your trusted zones.

When you've done those, let us see your hijackthis log to make sure that no bad entries are left behind.

Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.


OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 

Author Comment

by:Haroldine
ID: 17072872
Hi again I have tried your instructions things seemed to go well till I got to
http:/www.ee-stuff.com I can't see the results on this page from the upload.
Haroldine
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17072914
Or just paste the Hijackthis log to either of these sites:

1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 

Author Comment

by:Haroldine
ID: 17072917
I Keep getting invalid file type
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 47

Accepted Solution

by:
rpggamergirl earned 500 total points
ID: 17073024
You can't upload your hijackthis log anywhere?
Okay, just post the log here then, it's not recommended but if you can't upload it, then no other option but to post it here.
0
 

Author Comment

by:Haroldine
ID: 17073025
Hi again
I have Sent the log file to Hijackthis.de, and daved the results
Everthing came back as safe except for one thing
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE    
Nasty   Realtek AC97 Audio - Event Monitor. "Sypware" file used surreptitiously monitor ones actions. It is not a sinister one, like remote control programs, but it is being used by Realtek to gather data about customers
Hit rate: 91,67 % (result)
   Must be fixed!
I take it this is not a dangerous prog. But it should be removed?

0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17073053
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE    
The aboved entry is realtek's spy. No it is not dangerous, it just reports back to realtek.
You should fix it because it is unneccesary startup entry. Fixing that entry in Hijackthis only deletes the registry entry but it does not delete the file.
If you want to delete the file it is located in your Windows directory.

C:\Windows\ALCMTR.EXE    or C:\WinNT\ALCMTR.EXE    
0
 

Author Comment

by:Haroldine
ID: 17073100
Great stuff there rpggamergirl this has been a great help to me thakyou very much. I have to do sum stuff now will repost for my other problem when i get back .
Thanks again
Haroldine
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17073210
You're welcome Haroldine.
Glad I could help.

Thanks for the points and the "A" grade! :)
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Suggested Solutions

Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now