Author Topic: Windows system directory  (Read 25527 times)

0 Members and 1 Guest are viewing this topic.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31335
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Windows system directory
« Reply #15 on: November 01, 2004, 02:47:22 PM »
Have a look at the picture. The highlited item is (I think) what whocares ment.

If my brains just would allow me to remember the English word for it ;D

Offline Omar

  • Sr. Member
  • ****
  • Posts: 254
Re:Windows system directory
« Reply #16 on: November 01, 2004, 03:25:31 PM »
Oh well,

regedt32 is something else in Win XP
maybe you'll find the security functions in XP's normal "regedit.exe"

Menu: near the top of the window in regedt32/REGEDIT you should find a line of words/commands: this I call a menue)

something like  "Registry"    "Edit"  "Security/Permissions" ...
some will only be active when you've marked a RegKey

As I don't have neither XP nor an english version of WIN, I can't advise you further ...
- wait for someone else to step in or better:
- read up on Registry & RegEditors in XP here with Microsoft:
http://support.microsoft.com/kb/141377/EN-US/



 ;)



how confident are you, that i will be able to delete the "altnet" reg key, by following your instructions?

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:Windows system directory
« Reply #17 on: November 01, 2004, 03:31:13 PM »
well if you get the correct regeditor, AND find the right buttons, AND "Gates-allowed", you should be able to delete it..
Can't really say, though, if the above is applicable ..;)

AND I can't promise that it won't come back via hidden malware or your surfing behaviour.. (My Crystal ball is broken & I don't sit in front of your PC)
 ;D ;D ;)

--> Make a Registry-backup and just try it  ;)

Offline Omar

  • Sr. Member
  • ****
  • Posts: 254
Re:Windows system directory
« Reply #18 on: November 01, 2004, 10:52:04 PM »
I followed your instructions, went into safe mode, as administrator, allowed all the permissions/full control.

I tried to delete the altnet reg key and said "cannot delete Altnet: Error while deleting key"

This altnet, won`t die easly!

Any other suggestions?

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67259
Re:Windows system directory
« Reply #19 on: November 01, 2004, 11:09:57 PM »
I followed your instructions, went into safe mode, as administrator, allowed all the permissions/full control.

I tried to delete the altnet reg key and said "cannot delete Altnet: Error while deleting key"

This altnet, won`t die easly!

Any other suggestions?

Delete on next Boot using MoveOnBoot 1.95  ;)
The best things in life are free.

Offline whocares

  • Super Poster
  • ***
  • Posts: 1698
  • I'm not a llama! :-)
Re:Windows system directory
« Reply #20 on: November 01, 2004, 11:37:48 PM »
I followed your instructions, went into safe mode, as administrator, allowed all the permissions/full control.

you gave system & machine & administrator full acces specifically for the ALTNET-key (after highlighting it..) ?

did you disable SysteRESTORE + reboot before.. ?

*

And in your last HJT-Log, I still see:
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe

Nasty: kick it out (from HJT and also the file itself after killing itS process




Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31335
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Windows system directory
« Reply #21 on: November 01, 2004, 11:48:05 PM »
Quote
This altnet, won`t die easly!
It will die if you follow the instructions on the page as explained in my signature. No malware can stand up to that ;)

Offline Omar

  • Sr. Member
  • ****
  • Posts: 254
Re:Windows system directory
« Reply #22 on: November 01, 2004, 11:51:08 PM »
I followed your instructions, went into safe mode, as administrator, allowed all the permissions/full control.

I tried to delete the altnet reg key and said "cannot delete Altnet: Error while deleting key"

This altnet, won`t die easly!

Any other suggestions?

Delete on next Boot using MoveOnBoot 1.95  ;)

I downloaded the programme and copied and pasted:

HKEY_LOCAL_MACHINE: software\altnet

into the box but it said "invalid file name"

Offline Omar

  • Sr. Member
  • ****
  • Posts: 254
Re:Windows system directory
« Reply #23 on: November 01, 2004, 11:52:31 PM »
Quote
This altnet, won`t die easly!
It will die if you follow the instructions on the page as explained in my signature. No malware can stand up to that ;)

I have scanned with, adaware, spybot, CWS Shredder, spy sweeper, no luck

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31335
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Windows system directory
« Reply #24 on: November 01, 2004, 11:54:29 PM »
But did you do as told on that page? And did you corectly interpreted the results of applications like HijackThis?
« Last Edit: November 01, 2004, 11:55:24 PM by Eddy »

Offline Omar

  • Sr. Member
  • ****
  • Posts: 254
Re:Windows system directory
« Reply #25 on: November 02, 2004, 12:11:13 AM »
But did you do as told on that page? And did you corectly interpreted the results of applications like HijackThis?

i did as i was told: but it keeps giving a error when i try deleting it.


Logfile of HijackThis v1.98.2
Scan saved at 23:08:25, on 01/11/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\New Folder\HijackThis19802.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ush.net/board
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.ush.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.timecomputers.com/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\Status.exe
O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe
O4 - HKLM\..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{A860EBB1-22CD-42F1-A309-67ACB7E8A92D}: NameServer = 213.40.66.126 213.40.130.126


« Last Edit: November 02, 2004, 01:01:42 AM by Omar »

Offline Omar

  • Sr. Member
  • ****
  • Posts: 254
Re:Windows system directory
« Reply #26 on: November 02, 2004, 11:14:49 AM »
that log should be clean now!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31335
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Windows system directory
« Reply #27 on: November 02, 2004, 11:28:47 AM »
It is clean :D

Offline Omar

  • Sr. Member
  • ****
  • Posts: 254
Re:Windows system directory
« Reply #28 on: November 02, 2004, 11:37:15 AM »
It is clean :D

thanks-what i wanted to hear ;D


do you know how to use MoveOnBoot 1.95 ?

see earlier in the thread!

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31335
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:Windows system directory
« Reply #29 on: November 02, 2004, 11:41:23 AM »
I can't help you with that one. I never used it.