I am using XP home edition SP2 and adaware se 1.05, keeps finding Altnetbde reg key, i keep removing it but it keeps showing up!

I went into the registry: HKEY_LOCAL_MACHINE: software\altnet

i tried to delete the yellow altnet folder but it said “error while deleting key”

please help me! someone:

Logfile of HijackThis v1.98.2

Scan saved at 23:33:39, on 25/10/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashserv.exe

C:\WINDOWS\system32\slserv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\ZONELABS\vsmon.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe

C:\Program Files\Alwil Software\Avast4\ashDisp.exe

C:\Program Files\Common Files\Real\Update_OB\realsched.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe

C:\WINDOWS\system32\rundll32.exe

C:\DOCUME~1\james\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ush.net/board

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.ush.net

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.timecomputers.com/

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll

O4 - HKLM..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\Status.exe

O4 - HKLM..\Run: [CnxDslTaskBar] C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe

O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe

O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot

O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE

O4 - HKLM..\Run: [msnappau] “C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe”

O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime

O4 - HKLM..\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”

O4 - HKCU..\Run: [msnmsgr] “C:\Program Files\MSN Messenger\msnmsgr.exe” /background

O4 - Global Startup: hp psc 1000 series.lnk = ?

O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html

O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html

O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html

O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html

O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com

O17 - HKLM\System\CCS\Services\Tcpip..{A860EBB1-22CD-42F1-A309-6 7ACB7E8A92D}: NameServer = 213.40.66.126 213.40.130.126

hi! try with ERASOR,you’ll find it by google. tell us result please

Manual removal instructions can be found here

http://www.pestpatrol.com/PestInfo/t/topsearch.asp

Might be useful as a double check after using Erasor

This is the result of my log file analyzer.

THESE ITEMS ARE HARMFULL AND SHOULD BE FIXED/REMOVED :

\windows\system32\slserv.exe
\program files\msn apps\updater\01.02.3000.1001\en-gb\msnappau.exe
o4 - hklm..\run: [supastatus] c:\program files\internet explorer\connection wizard\status.exe
o4 - hklm..\run: [msnappau] “c:\program files\msn apps\updater\01.02.3000.1001\en-gb\msnappau.exe”

THE FOLLOWING ITEMS ARE NOT NEEDED FOR THE SYSTEM TO WORK
PROPERLY. WE RECOMMEND THEM TO BE REMOVED FROM STARTUP :

o4 - hkcu..\run: [msnmsgr] “c:\program files\msn messenger\msnmsgr.exe” /background

WE HAVE NO INFO ON THE FOLLOWING ITEMS. THEY CAN BE BAD OR GOOD.
YOU HAVE TO VERIFY THEM MANUALLY. PLEASE TELL US IF YOU HAVE INFO ON THEM :

o4 - hklm..\run: [supastatus] c:\program files\internet explorer\connection wizard\status.exe

is it enough to fix these entries with hijackthis? or is it necessary to remove any files as well?

also is \windows\system32\slserv.exe bad? The reason why i ask is becuase hijackthis log analyzer says the following:

“If you have SiS Drivers installed, this entry is normal. It could also mean that you have been infected by the W32/Gaobot.CR virus. Use an Antivirus to check this”.

if it is bad how do i remove it?

is it enough to fix these entries with hijackthis?

if it is bad how do i remove it?

Logfile of HijackThis v1.98.2
Scan saved at 23:47:32, on 31/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashserv.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\New Folder\HijackThis19802.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ush.net/board
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = www.ush.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.timecomputers.com/
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM..\Run: [SUPASTATUS] C:\Program Files\Internet Explorer\Connection Wizard\Status.exe
O4 - HKLM..\Run: [CnxDslTaskBar] C:\Program Files\SAMSUNG\SAMSUNG AHT-E310\CnxDslTb.exe
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe
O4 - HKLM..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe” -osboot
O4 - HKLM..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..\Run: [QuickTime Task] “C:\Program Files\QuickTime\qttask.exe” -atboottime
O4 - HKLM..\Run: [Zone Labs Client] “C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe”
O4 - HKLM..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O14 - IERESET.INF: START_PAGE_URL=http://www.timecomputers.com
O17 - HKLM\System\CCS\Services\Tcpip..{A860EBB1-22CD-42F1-A309-67ACB7E8A92D}: NameServer = 213.40.66.126 213.40.130.126

C:\WINDOWS\system32\slserv.exe

This was checked against a virus checker and came out clean.

However, my big problem remains, adaware keeps finding “altnet”

I went into the registry: HKEY_LOCAL_MACHINE: software\altnet

i tried to delete the yellow altnet folder but it said “error while deleting key”.

I have tried alternative spy ware programmes, like spy bot (didnt pick up altnet). I also have used a free trial of "spy sweeper" (found altnet but couldnt remove it)and “giant anti spyware” (didn`t fix the problem).

I am desperate for help.

Click on the link in my signature and use my HJT log analyzer and the online one. Fix the things they report as bad/nasty and reboot.

Let us know if you still have problems after doing so.

i used the HJT log analyzer. The only entry that came up as nasty was:

C:\WINDOWS\system32\slserv.exe

I have checked this at http://virusscan.jotti.dhs.org/

no virus was found

i ran the online HJT but it gave a error message!

Omar, did you try another anti spy applications such SpyBot Search & Destroy?
Spyware Blaster avoids infection of a lot of pests… 8)
Some spy cleaning tools are available in Internet and you can find on-line scanning too.

i tried spy bot, that didn`t find altnet.

I tried “spy sweeper” it found altnet but didn`t delete it.

Omar
Take a look HERE and see if that helps you.

i have seen that already, i`m not confident, to delete all those!

Omar
Remember, Altnet isn’t one program. It’s an invasion.

i would prefer if there was a programme i could use that did the cleaning or pehaps something that would allow me to delete altnet on reboot, otherwise i may end up having to delete all those things

As from october 26, Spybot S&D can handle AltNet.
Source

How to remove it manually can be found HERE

i remember running spybot on the 28th October, and it said “no threats had been found”.

I have tried alternative spyware removers such as “spy sweeper”. It gave a 6 day free trial, it found altnet, I scanned twice and removed it twice but it simply showed up, yet again

Spy Sweeper stated that it deals with altnet:

http://www.webroot.com/spywareinformation/spywaretopthreats.

I also tried:

http://www.giantcompany.com/(0adcud55wu3b3paw1j43vpmz)/home.aspx?prodID=70&PID=PPCGOAS

Are you sure you used the latest version of Spybot s&d? Did you check for updates to the database before running it?

If for some reason the build in update doesn’t work, you can download the latest definations from HERE

If you start Spybot s&d, click on “help” than on “info”. There you can see what latest update you have installed.

i am using v1.3, i always check for updates on adaware, spy bot and spyware blaster every day. So it is up to date.

By the way, thank you for all your help so far!

Omar , have you considered trying a scan at panda or trend micro. these can be useful as an alternative.
HTH