Avast WEBforum
Other => General Topics => Topic started by: Omar on October 31, 2004, 10:54:56 AM
-
how do you access Windows system directory on XP?
-
What do you mean by that ? Just go into Windows / System32 directory... it's easy as that...
Cheers !
-
Hi Omar,
I'm assuming you're logged in with admin status -- these choices may not be available otherwise.
There may be more than one way to get at this, but the most obvious one is in the Control Panel, Folder Options.
Under the View tab, make sure the option to "Show hidden files and folders" is ticked. That should cover 99 percent of what you need, but if you want to get daring and have access to all files and folders, also un-tick the option to "Hide protected OS files".
Best,
Mike
-
..... also un-tick the option to "Hide protected OS files"
Only the brave go in there! ;D Unless you really know what you are doing, stay away from the OS files! I speak from experience remembering back when I was just a little baby "techie" ;D
Good luck and tread cautiously.
Why do you want to access the Windows directory? There may be a better and safer way to do what you want.
-
..... also un-tick the option to "Hide protected OS files"
Only the brave go in there! ;D Unless you really know what you are doing, stay away from the OS files! I speak from experience remembering back when I was just a little baby "techie" ;D
Good luck and tread cautiously.
Why do you want to access the Windows directory? There may be a better and safer way to do what you want.
if you have a look at my other topic in this forum, that will answer your question.
Basically adaware keeps finding "altnet" reg key. I have deleted it so many times, but it keeps showing up-next time i scan with adaware.
The manual instructions for removal-see below-suggest accessing the windows directory. If you know of any other way to fix the problem, i would love to hear it.
http://www.doxdesk.com/parasite/BDE.html
-
If they advise you to clean your registry and access Windows System directory, and 99% you should do that after booting into SAFE mode, then you should do that. There is no other way to fix some things, than to access system directory.
You can find in our previous replies to you on how to do that.
Cheers !
P.S. Try to run Bazooka Scanner. That little tool is freeware, but it will not clean anything for you. It just gives you very good explanation what directories you have to access to clean certain spyware or adware... very good program, and it can trace some things that Ad-Aware and Spybot misses...
-
If they advise you to clean your registry and access Windows System directory, and 99% you should do that after booting into SAFE mode, then you should do that. There is no other way to fix some things, than to access system directory.
You can find in our previous replies to you on how to do that.
Cheers !
P.S. Try to run Bazooka Scanner. That little tool is freeware, but it will not clean anything for you. It just gives you very good explanation what directories you have to access to clean certain spyware or adware... very good program, and it can trace some things that Ad-Aware and Spybot misses...
I have tried to delete the "altnet" reg key
HKEY_LOCAL_MACHINE\SOFTWARE\Altnet
using regedit, in safe mode. When i tried deleting it, it said "error when deleting key"
-
Were you logged in as Administrator ?
And also, this is from Microsoft web page:
Error Message:
An error occurred deleting registry key 'value':
Explanation:
The indicated registry key could not be removed for registry replication. The error code specified in the error-message text indicates the cause of the failure.
User Action:
To translate the error code in the message, type net helpmsg [error code] on the command line. The action to take depends on the cause.
Try that to see what happens...
-
Also, btw, did you see this ?
http://www.2002forum.com/virus-Altnet-remove.php (http://www.2002forum.com/virus-Altnet-remove.php)
and this :
http://www.scanspyware.net/info/Altnet.htm (http://www.scanspyware.net/info/Altnet.htm)
-
I have tried to delete the "altnet" reg key
HKEY_LOCAL_MACHINE\SOFTWARE\Altnet
using regedit, in safe mode. When i tried deleting it, it said "error when deleting key"
Well there's always the brute-force method:
- boot to safeMode and log in as the REAL "Administrator"
- Open the alternative Registry-Editor (on Win2000 it's called "Regedt32.exe"; might be similar on XP or google)
- navigate to the relevant key & highlight it; if you still can't delete it there, then in the menue go Security -> Permissions: give yourself, Administrator, system or anythign else that is listed there FULL rights -> save changes, then delete the RegKey
As said above: Only fools rush in there..! ;D
-> First: Make a backup of your registry or at least of the keys to be deleted
P.S.: A very good prog to decently backup&restore the registry & other vital system files is "EruNT" -> google
;)
-
As said above: Only fools rush in there..!
Not just fools... sometimes newbies does that and they shouldn't touch system files if they don't know exactly what they are doing... ;)
-
Try to run Bazooka Scanner. That little tool is freeware, but it will not clean anything for you. It just gives you very good explanation what directories you have to access to clean certain spyware or adware... very good program, and it can trace some things that Ad-Aware and Spybot misses...
Sasha, I never found Bazooka very useful. Or it does not detect nothing (I use Ad-aware, SpyBot, SpywareBlaster and PestPatrol), the updates are rare... Do you really think it does not useless? ::)
-
Well, bazooka helped me few times when I went to customer's. It recognized few spyware things as well as browser hijackers that Ad-aware and Spybot couldn't even report...
I'm happy with Bazooka. Again, Bazooka won't claan anything for you, it will just give you an explanation how to do cleaning manually.
-
I have tried to delete the "altnet" reg key
HKEY_LOCAL_MACHINE\SOFTWARE\Altnet
using regedit, in safe mode. When i tried deleting it, it said "error when deleting key"
Well there's always the brute-force method:
- boot to safeMode and log in as the REAL "Administrator"
- Open the alternative Registry-Editor (on Win2000 it's called "Regedt32.exe"; might be similar on XP or google)
- navigate to the relevant key & highlight it; if you still can't delete it there, then in the menue go Security -> Permissions: give yourself, Administrator, system or anythign else that is listed there FULL rights -> save changes, then delete the RegKey
As said above: Only fools rush in there..! ;D
-> First: Make a backup of your registry or at least of the keys to be deleted
P.S.: A very good prog to decently backup&restore the registry & other vital system files is "EruNT" -> google
;)
that sound very useful, a quick question:
you said the following:
"then in the menue go Security -> Permissions: give yourself, Administrator, system or anythign else that is listed there FULL rights -> save changes, then delete the RegKey"
could you please explain, which menu do you mean? How do you access the menu.
Thank you as well for the other suggestion. I will try them!
-
Oh well,
regedt32 is something else in Win XP
maybe you'll find the security functions in XP's normal "regedit.exe"
Menu: near the top of the window in regedt32/REGEDIT you should find a line of words/commands: this I call a menue)
something like "Registry" "Edit" "Security/Permissions" ...
some will only be active when you've marked a RegKey
As I don't have neither XP nor an english version of WIN, I can't advise you further ...
- wait for someone else to step in or better:
- read up on Registry & RegEditors in XP here with Microsoft:
http://support.microsoft.com/kb/141377/EN-US/
;)
-
Have a look at the picture. The highlited item is (I think) what whocares ment.
If my brains just would allow me to remember the English word for it ;D
-
Oh well,
regedt32 is something else in Win XP
maybe you'll find the security functions in XP's normal "regedit.exe"
Menu: near the top of the window in regedt32/REGEDIT you should find a line of words/commands: this I call a menue)
something like "Registry" "Edit" "Security/Permissions" ...
some will only be active when you've marked a RegKey
As I don't have neither XP nor an english version of WIN, I can't advise you further ...
- wait for someone else to step in or better:
- read up on Registry & RegEditors in XP here with Microsoft:
http://support.microsoft.com/kb/141377/EN-US/
;)
how confident are you, that i will be able to delete the "altnet" reg key, by following your instructions?
-
well if you get the correct regeditor, AND find the right buttons, AND "Gates-allowed", you should be able to delete it..
Can't really say, though, if the above is applicable ..;)
AND I can't promise that it won't come back via hidden malware or your surfing behaviour.. (My Crystal ball is broken & I don't sit in front of your PC)
;D ;D ;)
--> Make a Registry-backup and just try it ;)
-
I followed your instructions, went into safe mode, as administrator, allowed all the permissions/full control.
I tried to delete the altnet reg key and said "cannot delete Altnet: Error while deleting key"
This altnet, won`t die easly!
Any other suggestions?
-
I followed your instructions, went into safe mode, as administrator, allowed all the permissions/full control.
I tried to delete the altnet reg key and said "cannot delete Altnet: Error while deleting key"
This altnet, won`t die easly!
Any other suggestions?
Delete on next Boot using MoveOnBoot 1.95 (http://www.webattack.com/dlnow/dlnow.dll?Inc=No&ID=104873) ;)
-
I followed your instructions, went into safe mode, as administrator, allowed all the permissions/full control.
you gave system & machine & administrator full acces specifically for the ALTNET-key (after highlighting it..) ?
did you disable SysteRESTORE + reboot before.. ?
*
And in your last HJT-Log, I still see:
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
Nasty: kick it out (from HJT and also the file itself after killing itS process
-
This altnet, won`t die easly!
It will die if you follow the instructions on the page as explained in my signature. No malware can stand up to that ;)
-
I followed your instructions, went into safe mode, as administrator, allowed all the permissions/full control.
I tried to delete the altnet reg key and said "cannot delete Altnet: Error while deleting key"
This altnet, won`t die easly!
Any other suggestions?
Delete on next Boot using MoveOnBoot 1.95 (http://www.webattack.com/dlnow/dlnow.dll?Inc=No&ID=104873) ;)
I downloaded the programme and copied and pasted:
HKEY_LOCAL_MACHINE: software\altnet
into the box but it said "invalid file name"
-
This altnet, won`t die easly!
It will die if you follow the instructions on the page as explained in my signature. No malware can stand up to that ;)
I have scanned with, adaware, spybot, CWS Shredder, spy sweeper, no luck
-
But did you do as told on that page? And did you corectly interpreted the results of applications like HijackThis?
-
But did you do as told on that page? And did you corectly interpreted the results of applications like HijackThis?
i did as i was told: but it keeps giving a error when i try deleting it.
Logfile of HijackThis v1.98.2
Scan saved at 23:08:25, on 01/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\New Folder\HijackThis19802.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ush.net/board
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.ush.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.timecomputers.com/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\Status.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A860EBB1-22CD-42F1-A309-67ACB7E8A92D}: NameServer = 213.40.66.126 213.40.130.126
-
that log should be clean now!
-
It is clean :D
-
It is clean :D
thanks-what i wanted to hear ;D
do you know how to use MoveOnBoot 1.95 ?
see earlier in the thread!
-
I can't help you with that one. I never used it.
-
I'd think MoveonBoot is for FILES, not for registry-keys, but I might be wrong..
;)
-
I'd think MoveonBoot is for FILES, not for registry-keys, but I might be wrong..
;)
it looks like files only ???
-
Just a quick look at the website of that util would have told you:
Copies, moves or deletes files and folders on the next system boot. The utility is very useful when the user needs to replace or delete files which are locked by other applications, loaded into the memory or just cannot be changed until next system boot.
-
Just a quick look at the website of that util would have told you:
Copies, moves or deletes files and folders on the next system boot. The utility is very useful when the user needs to replace or delete files which are locked by other applications, loaded into the memory or just cannot be changed until next system boot.
I downloaded the programme last night. You are asked to submit a file. I put in
HKEY_LOCAL_MACHINE: software\altnet
but it said "invalid file name"
I accept that this is not a file but a reg key, if you can delete reg keys I would like to know.
-
That is indeed a registry key. You can edit the registry with regedit.
start > run > regedit
But be carfull not to delete the wrong thing!
Create a backup from the registry first, before changing anything there.
start > run > regedit > click on "my computer" there > file > export
It can take several minutes before the backup is created.
-
Well I'm still not sure have you carefully followed all those instructions Omar, I gave you link for...
Here is another shot:
http://www.scanspyware.net/info/Altnet.htm (http://www.scanspyware.net/info/Altnet.htm)
You must follow instructions precisely.
First erase all those mentioned DIRECTORIES
ADMCache
Altnet
Altnet
Altnet
Temp Internet Shares
LocalPages
Skin
Points Manager
download manager
Bullguard Protection
My Altnet Shares
DBBackup
altnet
Temp Internet Shares
LocalPages
Skin
Points Manager
download manager
Bullguard Protection
My Altnet Shares
DBBackup
altnet
Then delete following files:
adm25.dll
admdata.dll
admdloader.dll
admfdi.dll
msvcirt.dll
Setup.exe
admdloader.dll
admdata.dll
admfdi.dll
adm25.dll
adm.exe
adm4.dll
admprog.dll
selectdir.txt
selectdir.txt1st
dmsetup.bmp
dmsetupbig.bmp
selectdir1st.txt
dminfo2.cab
asmend.exe
jslegals.txt
altnetuninstall.exe
DMinfo3.cab
JSinstall.cab
asm.exe
asmps.dll
dminstall3.cab
back-over.bmp
back.bmp
bottom.bmp
bottomleft.bmp
bottomright.bmp
close-over.bmp
close.bmp
forward-over.bmp
forward.bmp
help-bottom.bmp
help-over.bmp
help-sel.bmp
help-top.bmp
help-topleft.bmp
help-topright.bmp
help.bmp
Help.xml
left.bmp
maximise-over.bmp
maximise.bmp
mb_bottom.bmp
mb_bottomleft.bmp
mb_bottomright.bmp
mb_left.bmp
mb_right.bmp
mb_top.bmp
mb_topleft.bmp
mb_topright.bmp
message.xml
minimise-over.bmp
minimise.bmp
points-disabled.bmp
points-over.bmp
points-sel.bmp
points.bmp
redeem-disabled.bmp
redeem-over.bmp
redeem-sel.bmp
redeem.bmp
refresh-over.bmp
refresh.bmp
right.bmp
Sav3BD.tmp
settings-disabled.bmp
settings-over.bmp
settings-sel.bmp
settings.bmp
Skin.xml
start-disabled.bmp
start-over.bmp
start-sel.bmp
start.bmp
top.bmp
topleft-pro.bmp
topleft-reg.bmp
topleft.bmp
topright.bmp
wallet-disabled.bmp
wallet-over.bmp
wallet-sel.bmp
wallet.bmp
altnet.css
gradient.gif
local_firstuse.html
local_points.html
local_redeem.html
local_start.html
local_wallet.html
notconnected.gif
offline.gif
pixel.gif
Points Manager.exe.Manifest
settings.cab
sysdetect.dll
Points Manager.exe
Sigfiles.db
admdloader.dll
admdata.dll
admfdi.dll
adm25.dll
adm.exe
adm4.dll
admprog.dll
selectdir.txt
selectdir.txt1st
dmsetup.bmp
dmsetupbig.bmp
selectdir1st.txt
dminfo2.cab
asmend.exe
jslegals.txt
altnetuninstall.exe
DMinfo3.cab
JSinstall.cab
asm.exe
asmps.dll
dminstall3.cab
back-over.bmp
back.bmp
bottom.bmp
bottomleft.bmp
bottomright.bmp
close-over.bmp
close.bmp
forward-over.bmp
forward.bmp
help-bottom.bmp
help-over.bmp
help-sel.bmp
help-top.bmp
help-topleft.bmp
help-topright.bmp
help.bmp
Help.xml
left.bmp
maximise-over.bmp
maximise.bmp
mb_bottom.bmp
mb_bottomleft.bmp
mb_bottomright.bmp
mb_left.bmp
mb_right.bmp
mb_top.bmp
mb_topleft.bmp
mb_topright.bmp
message.xml
minimise-over.bmp
minimise.bmp
points-disabled.bmp
points-over.bmp
points-sel.bmp
points.bmp
redeem-disabled.bmp
redeem-over.bmp
redeem-sel.bmp
redeem.bmp
refresh-over.bmp
refresh.bmp
right.bmp
Sav3BD.tmp
settings-disabled.bmp
settings-over.bmp
settings-sel.bmp
settings.bmp
Skin.xml
start-disabled.bmp
start-over.bmp
start-sel.bmp
start.bmp
top.bmp
topleft-pro.bmp
topleft-reg.bmp
topleft.bmp
topright.bmp
wallet-disabled.bmp
wallet-over.bmp
wallet-sel.bmp
wallet.bmp
altnet.css
gradient.gif
local_firstuse.html
local_points.html
local_redeem.html
local_start.html
local_wallet.html
notconnected.gif
offline.gif
pixel.gif
Points Manager.exe.Manifest
settings.cab
sysdetect.dll
Points Manager.exe
Sigfiles.db
Setup.exe
msvcirt.dll
admfdi.dll
admdloader.dll
admdata.dll
adm25.dll
admD9.tmp
Peer Points Manager.lnk
Then delete following registry keys:
adm.EXE
{99A8E2B2-3405-4C0D-9110-131C14CAAF62}
ADMCache
ADM
Messages
Settings
Setup
Temp Internet Shares
Dashboard
DownloadManager
LocalFiles
TopSearch
Altnet
ADM25.ADM25.1
ADM25.ADM25
ADM25.ADM25.1
ADM25.ADM25
{1D3BCE37-7834-4579-8169-E67681420A98}
{1D3BCE37-7834-4579-8169-E67681420A98}
ADM4.ADM4.1
ADM4.ADM4
ADM4.ADM4.1
ADM4.ADM4
{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}
{DEF37997-D9C9-4A4B-BF3C-88F99EACEEC2}
ADM.ADM.1
ADM.ADM
ADM.ADM.1
ADM.ADM
{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}
{C15B7EA2-A360-43E8-A591-5FAEDC7C4E1D}
{E813099D-5529-47F4-9B37-4AFAFCB00A43}
{E813099D-5529-47F4-9B37-4AFAFCB00A43}
{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}
{9BBCF06C-DCD7-495D-80DF-CDD5399D0FF8}
AltnetDM
And at the end, delete following registry values:
AltnetPointsManager
BE VERY CAREFUL WHEN YOU "PLAY" WITH REGISRY KEYS !!! Never-ever-never erase anything that is not listed in some instructions on how to remove some spyware or similar pests... If you are not so comfortable editing it, it's better if you let someone do that for you... someone who is more comfortable...
-
That is indeed a registry key. You can edit the registry with regedit.
start > run > regedit
But be carfull not to delete the wrong thing!
Create a backup from the registry first, before changing anything there.
start > run > regedit > click on "my computer" there > file > export
It can take several minutes before the backup is created.
it won`t let me delete that reg key, it says "error when deleting key".
same happens in safe mode, as administartor!
-
S.Z.C can`t say i`m coonfident to delete all those!
but may have to try :(
-
Check the permissions on that key. (See the first post on top of page 2 in this thread)
-
Check the permissions on that key. (See the first post on top of page 2 in this thread)
the only permissions, it allows me to choose for administrator are:
1)Full control
2) read
I cannot tick "special permissions" it won`t let me, the box is, sort of faded!
-
Choose "full control" for the present user. If you can't do that due to restrictions, login as Administrator and do it from that account.
-
i choose full control last night, and logged in as administartor in safe mode-still got the error message!
-
Try to do it from the recovery console from the command line.
Example can be found at > http://www.tek-tips.com/viewthread.cfm?qid=932152 (http://www.tek-tips.com/viewthread.cfm?qid=932152)
-
Try to do it from the recovery console from the command line.
Example can be found at > http://www.tek-tips.com/viewthread.cfm?qid=932152 (http://www.tek-tips.com/viewthread.cfm?qid=932152)
could you please tell me, what i should be typing in:
As it keeps saying error!
should i be typing in:
HKEY_LOCAL_MACHINE: software\altnet
-
Hi Omar,
a) forget about MoveonBoot
b) if you know how to get to the command-line of the recoveryConsole, and really know what you're doing there, and have recent backups AND your XP-CD AND driver- & program-installation files/CDs AND are not averse to totally setting up your machine from scratch (OR have a recent IMAGE) AND.. AND..
then try typing there at the prompt:
reg delete "HKLM\SOFTWARE\Altnet" /v /f [ENTER]
or
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Altnet" /v /f [ENTER]
(like it says in eddy's link)
b) Otherwise:
- ignore it, if your PC works ok, and AV/Spyware-Scanner don't find any other malicious regKeys/files or
- reread your Threads and follow all advice & use all offered tools.. or
- try to delete the Altnet-regkey by removing altnet software entries via a regCleaner or
- use Avast's BART-CD to edit the registry (see avast homepage; most of the reservations from b) still apply)
;)
-
Hi Omar,
a) forget about MoveonBoot
b) if you know how to get to the command-line of the recoveryConsole, and really know what you're doing there, and have recent backups AND your XP-CD AND driver- & program-installation files/CDs AND are not averse to totally setting up your machine from scratch (OR have a recent IMAGE) AND.. AND..
then try typing there at the prompt:
reg delete "HKLM\SOFTWARE\Altnet" /v /f [ENTER]
or
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Altnet" /v /f [ENTER]
(like it says in eddy's link)
b) Otherwise:
- ignore it, if your PC works ok, and AV/Spyware-Scanner don't find any other malicious regKeys/files or
- reread your Threads and follow all advice & use all offered tools.. or
- try to delete the Altnet-regkey by removing altnet software entries via a regCleaner or
- use Avast's BART-CD to edit the registry (see avast homepage; most of the reservations from b) still apply)
;)
thanks a lot, registry cleaner, looks very hopeful.
Question: if reg cleaner fails to remove "altnet" does command prompt, definately remove reg keys?
-
does command prompt, definately remove reg keys?
a) ask Bill, Merlin or Zarathustra
b) a normal Command-Prompt probably not (if it's locked/protected in WIN), but the Command-Prompt in the RECOVERYConsole should be a bit more powerful (also has more wreckage potential)
I still don't see why want to try a potentially dangerous and/or useless approach to this issue rather than
- following specific removal instructions
- using tools
- or ignore it if no other signs point to infection (P.S.: is it just an empty (?) key ? or what's contained in it.. ?
but:
- no risk no fun! &
- on your own head be it..
;)
-
Omar
You can go HERE (http://www.snapfiles.com/get/moveonboot.html) for both an explanation and a place to download the program.
Hope that helps. :)
-
I ran reg cleaner last night night, the altnet registry key is still there in regedit and adaware still picks it up.
I then tried the command prompt, by typing in:
reg delete "HKLM\SOFTWARE\Altnet" /v /f [ENTER]
or
reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Altnet" /v /f [ENTER]
the 1st command gave "the system was unable to find the specified reg key or value"
the 2nd command gave a error message
-
1)
I ran reg cleaner last night night,
2)
I then tried the command prompt, by typing in:
3)
the 2nd command gave a error message
@1) Well you need to find and remove Altnet via the SOFTWARE-list in RegCleaner
@2) command prompt form where.. ? normal from Win, or after bootign from XP-Setup-CD and going to Console ?
@3) and the error was.. ?
-
1st of all can i check, am i using the correct reg cleaner. I used:
http://www.webmasterfree.com/regcleaner.html
I used deep scan and
it found just over 1000 items, which it identified as problems, i fixed all of them, and made a backup before deleting.
So if altent was in the list, it should have been fixed.
I used command prompt in windows.
I don`t have a XP cd, i only have a computer reload cd.
-
You spent so much of your precious time on (sad to say - futile) fixing of this issue. And still no results...
My advice - of course it's kinda hard to think of it right now, but when nothing helps... Backup your important data (documents, pictures, text files, favorites, everything that you need badly), or even better make a Ghost image of whole partition on a second partition. It will be just one huge backup image file. Of course if you are not familiar with Ghost, then you should stick with manually copying your documents and data to some safe location (other than your primary partition, because you're gonna need it to reinstall everything). Then format your C: partition, reinstall Windows from the scratch, nice and patiently. Copy your documents and files from location where you backed them up. Of course, worst thing of all is to reinstall all those applications and programs you had before, but what can you do when nothing helps ?
Sometimes there is nothing else left then to do that... well, it's not the end of the world... at least you're going to clean your system completely.
Most important thing after everything is done - antivirus, firewall, and of course finally, install some good anti-spyware tools on your system. And, when I say anti-spyware, and don't mean spyware cleaners (you see in your case ? sometimes they can not help much, it's always better to prevent than to cure), but something that will keep your system protected at all times... something that will run in background and keep your PC safe and protected non-stop... something like SpySweeper or something similar.
Cheers !
-
1)
it found just over 1000 items, which it identified as problems, i fixed all of them, and made a backup before deleting.
2)
So if altent was in the list, it should have been fixed.
3)
I used command prompt in windows.
I don`t have a XP cd, i only have a computer reload cd.
1) You probably just Cleaned out useless empty Regkeys pointing to non-existing files or so; nice but not the point we need ...
-> read program help/docu again, or:
Go to "Software"-listing with this RegCleaner:
http://www.capetechsupport.com/files/RegCleaner.exe
and try and remove ALTNET listings there
(in SAFEMODE !! and
1. as the REAL Administrator" plus
2. as main-Adminuser)
2) No, this won't affect ALTNET at all, if it's files remain -> see extensive file-listings by others
3) probably no-go there in WIN, and probably for a reason.
Ask vendor or read docu on your PC/XP-Manual if & how you can access Revovery-Console with this CD
@S.Z.C.: why an Image if he backups unwanted stuff with this ?
Normal databackup & maybe exporting/saving settings, mails,bookmarks etc would be imho better
and just for this, i don't see the need to format
I'd still like to see an AV/SpywareSCAN-Report about actual files lurking on the disk
_/\/\/\/\__--> *That's-me-retreating-from-this-futile-stuff-now* ;)
-
1)
it found just over 1000 items, which it identified as problems, i fixed all of them, and made a backup before deleting.
2)
So if altent was in the list, it should have been fixed.
3)
I used command prompt in windows.
I don`t have a XP cd, i only have a computer reload cd.
1) You probably just Cleaned out useless empty Regkeys pointing to non-existing files or so; nice but not the point we need ...
-> read program help/docu again, or:
Go to "Software"-listing with this RegCleaner:
http://www.capetechsupport.com/files/RegCleaner.exe
and try and remove ALTNET listings there
(in SAFEMODE !! and
1. as the REAL Administrator" plus
2. as main-Adminuser)
2) No, this won't affect ALTNET at all, if it's files remain -> see extensive file-listings by others
3) probably no-go there in WIN, and probably for a reason.
Ask vendor or read docu on your PC/XP-Manual if & how you can access Revovery-Console with this CD
@S.Z.C.: why an Image if he backups unwanted stuff with this ?
Normal databackup & maybe exporting/saving settings, mails,bookmarks etc would be imho better
and just for this, i don't see the need to format
I'd still like to see an AV/SpywareSCAN-Report about actual files lurking on the disk
_/\/\/\/\__--> *That's-me-retreating-from-this-futile-stuff-now* ;)
1. as the REAL Administrator" plus
2. as main-Adminuser)
when i go to safe mode.
I have the choice to log in as 1)administrator 2)Colin (he is the one who set up the computer XP).
who should i log in as?
-
whocares wrote:
@S.Z.C.: why an Image if he backups unwanted stuff with this ?
Normal databackup & maybe exporting/saving settings, mails,bookmarks etc would be imho better
and just for this, i don't see the need to format
Because... we, at my company always do that. It's much easier and faster than doing manual backup ;)
On the other hand, no one said he should restore that image later on freshly installed Windows. When I install Windows from the scratch and I need some personal stuff from my old image file, I use Ghost Explorer. Of course, some people didn't even bother to find out how GE could be useful (not anyone particular, but in general, many people just use Ghost and nothing else, that's why I'm pointing to that). You open your image file, just like some zip file, and you'll see your whole old partition right in front of you. Best of all, you can extract just data you want and need. No one said he has to restore whole image, but it's always good to have it as backup, just in case something goes terribly wrong with his new installation... in that case he can just restore whole partition and - voila ;) Can't make any worse, he still has those problems, right ?
For example, open your image file in ghost explorer, just go to your IE FAVORITES, mark them all and right click on one of them... choose extract, point to your new FAVORITES directory on your freshly installed partition, and your Explorer is filled with your original Favorites... no need to go through long lasting and sometimes painful job, to make them all over again. Same thing with My Documents, or any other folder on your HD.
Cheers !