TheFuteballer
asked on
Removal of ali.exe, wierd startup freeze, Windows error sound just before shutdown
Hey everyone,
I have 3 problems I was hoping you could help me with.
1) There is a file ali.exe that is supposed to be some kind of installation file for a trojan on my computer and I cannot get rid of it and it is causing me all sorts of problems. When I start up the computer I get a little windows box on the top left corner saying "Windows is initializing the following: "C:Windows\System32\ali.ex
Any help in the removal of this would be appreciated. If you want HiJackThis log files I can post as well.
2) Next problem is (literally) every other time I startup my computer, I freeze on the Welcome screen of Windows XP and no process on my computer continues to work.
3) And finally, I think this might be connected to the ali.exe problem but after finally closing all the processes, but just before going into the Windows Logging off/saving user settings screen, I hear the standard Windows Error Message ding and this is really starting ot get annoying.
So Anyways, all in all, I don't want to have to restore or re-install Windows XP as this is a new computer (Laptop actually) so any solutions you can provide will be greatly appreciated! Thanks in advance!
I have 3 problems I was hoping you could help me with.
1) There is a file ali.exe that is supposed to be some kind of installation file for a trojan on my computer and I cannot get rid of it and it is causing me all sorts of problems. When I start up the computer I get a little windows box on the top left corner saying "Windows is initializing the following: "C:Windows\System32\ali.ex
Any help in the removal of this would be appreciated. If you want HiJackThis log files I can post as well.
2) Next problem is (literally) every other time I startup my computer, I freeze on the Welcome screen of Windows XP and no process on my computer continues to work.
3) And finally, I think this might be connected to the ali.exe problem but after finally closing all the processes, but just before going into the Windows Logging off/saving user settings screen, I hear the standard Windows Error Message ding and this is really starting ot get annoying.
So Anyways, all in all, I don't want to have to restore or re-install Windows XP as this is a new computer (Laptop actually) so any solutions you can provide will be greatly appreciated! Thanks in advance!
Hi,
Obvious questions to begin with.
What Antivirus software do you have installed?
Have you made sure the virus definitions are up to date and run a FULL scan? (all files hidden & system as well)
Download this program - SpyBot - http://www.safer-networking.org/en/download/index.html and let it do a full scan. It will make certain reccomendations that its usually correct about however you should always make sure you have a backup before doing something like this.
and I would recommend you Download and install the Microsoft Anti Spyware program as well http://www.microsoft.com/athome/security/spyware/software/default.mspx
Let me know how you get on,
Steve
Obvious questions to begin with.
What Antivirus software do you have installed?
Have you made sure the virus definitions are up to date and run a FULL scan? (all files hidden & system as well)
Download this program - SpyBot - http://www.safer-networking.org/en/download/index.html and let it do a full scan. It will make certain reccomendations that its usually correct about however you should always make sure you have a backup before doing something like this.
and I would recommend you Download and install the Microsoft Anti Spyware program as well http://www.microsoft.com/athome/security/spyware/software/default.mspx
Let me know how you get on,
Steve
ASKER
Here is the HiJackThis log
http://www.hijackthis.de/logfiles/fce37b000773e8a4b0ec7aae5763f17e.html
r-k I do not have a security tab when I go into the properties of ali.exe
http://www.hijackthis.de/logfiles/fce37b000773e8a4b0ec7aae5763f17e.html
r-k I do not have a security tab when I go into the properties of ali.exe
ASKER
I have McAfee Virus scan and yes it is fully updated.
I will download both of them and let you know how it goes
I will download both of them and let you know how it goes
" I do not have a security tab when I go into the properties of ali.exe"
(1) If you have XP Pro then start Windows Explorer:
Tools -> Folder Options -> View
and "un-check" the box that says "Use Simple File and Printer Sharing..."
(2) If you have XP Home, then just boot in safe mode and the Security tab will appear.
(1) If you have XP Pro then start Windows Explorer:
Tools -> Folder Options -> View
and "un-check" the box that says "Use Simple File and Printer Sharing..."
(2) If you have XP Home, then just boot in safe mode and the Security tab will appear.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I have unchecked "Use Simple File Sharing" yet I still do not have a security tab.. I've closed all explorer windows and started again.. by the way I have windows XP Pro
Very odd - try booting in safe mode and see if the Security tab appears then.
Remember, you have to right-click on the file (in Windows Explorer or "My Computer") then select "Properties", then look for the Security tab.
Remember, you have to right-click on the file (in Windows Explorer or "My Computer") then select "Properties", then look for the Security tab.
ASKER
Just tried it in safe mode and no security tab either
Very odd. Is the Security Tab missing for all files, or just for ali.exe?
In any case, you can download Killbox from:
http://www.downloads.subratam.org/KillBox.zip
and use that to delete ali.exe and ABLKSR.exe on reboot.
I am assuming you did not find a version tab for ABLKSR.exe.
In any case, you can download Killbox from:
http://www.downloads.subratam.org/KillBox.zip
and use that to delete ali.exe and ABLKSR.exe on reboot.
I am assuming you did not find a version tab for ABLKSR.exe.
ASKER
Security Tab is missing for all files
ABLKSR.exe is a file that is part of my laptop.. from ASUS
I am deleting with killbox right now
ABLKSR.exe is a file that is part of my laptop.. from ASUS
I am deleting with killbox right now
ASKER
Great. this worked perfectly! Thanks alot, this has seemed to fix problems 1 and 3 so far. Number 2 is still up for grabs though
It seems that this only happens when I have my external hard drive connect by USB port
It seems that this only happens when I have my external hard drive connect by USB port
That's great. I was gone for a while and glad things are better.
It might pay to run HJT and make sure the entries:
O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\ali.ex
O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\ali.ex
O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlx
are really gone. If not then have HJT remove them.
Re. the USB port causing a possible hang, you can try the following:
(1) Leave external disk disconnected for a while and see if problem goes away.
(2) If it does, then try a different USB port and/or USB cable.
(3) If no luck with that, then go into Device manager, right-click on each of the USB hub entries, select uninstall, then reboot and let XP reinstall the USB drivers automatically. (Do all this with the USB drive disconnected).
Hope one of these will improve things. Also if you have any AV program try disabling that a while and see if that helps with the USB/hang problem.
It might pay to run HJT and make sure the entries:
O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\ali.ex
O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\ali.ex
O20 - Winlogon Notify: IfxWlxEN - C:\WINDOWS\SYSTEM32\IfxWlx
are really gone. If not then have HJT remove them.
Re. the USB port causing a possible hang, you can try the following:
(1) Leave external disk disconnected for a while and see if problem goes away.
(2) If it does, then try a different USB port and/or USB cable.
(3) If no luck with that, then go into Device manager, right-click on each of the USB hub entries, select uninstall, then reboot and let XP reinstall the USB drivers automatically. (Do all this with the USB drive disconnected).
Hope one of these will improve things. Also if you have any AV program try disabling that a while and see if that helps with the USB/hang problem.
(0) If running XP Home, boot in safe mode, if XP Pro, then start with step (1)
(1) Right click on the file (ali.exe) in Windows Explorer or My Computer, select Properties
(2) Click on the Security tab.
(3) Click on the Advanced button.
(4) Uncheck the box labeled "Inherit from Parent...", then click "Remove"
(5) Close all windows.
(6) Reboot (into normal mode)
After reboot the file will be unable to run (because no one can access it any more). The symptoms should be gone.
At this point you can clean up with a standard anti-spyware program. A good choice is to run the online scan from http://safety.live.com/site/en-us/default.htm
Another good choice is to install the trial version of Ewido and run that (http://www.ewido.net/)
In any case, I would also suggest the following:
Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.