Altnet spyware, maybe more...

phathag

Hi, browsed the site a few times and hoped you could help me get rid of some spyware.

Spybot found "Altnet" but couldn't remove it. Even when I let spybot run at startup first and during safe mode. Have also tried kazaabegone as i read that it might have something to do with that but it didn't find that issue. Also tried logging in as administrator and manually deleting the registry key but it didn't let me. So I thought I would try Hijackthis I have read a lot about. Have been trying to remove Altnet for almost a month now and no luck.

I also think the system might have more issues. If there is anything else I should remove please let me know.

Was thinking about trying MS anti-spyware BETA. What is the opinion on this?
or any other anti-spyware programs might help?

Anyway here goes:


Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\F@H\FAH502-Console.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F@H\FahCore_65.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\AVPersonal\AVSched32.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\mozillafirefox101\firefox.exe
C:\WINDOWS\regedit.exe
C:\Program Files\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~2\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [BigPondCable] "C:\Program Files\Telstra\Cable Login\bpcable.exe" /r
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVSCHED32] C:\Program Files\AVPersonal\AVSched32.EXE /min
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVGCtrl] C:\Program Files\AVPersonal\AVGNT.EXE /min
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone1.0\Skype.exe" /nosplash /minimized
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_04\bin\npjpi142_04.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: FAH@C:+Program Files+F@H+FAH502-Console.exe - Stanford University - C:\Program Files\F@H\FAH502-Console.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe



Thanks for any help in advance.

ps. Love short-medias flash movie that advertises folding@home.

Buckeye_Sam

Do you still have Kazaa installed? If not, delete this folder(if present):

C:\Program Files\Kazaa


Do a search on your computer for Altnet and let me know the locations where it is found.

phathag

no Uninstalled a while back.

when i do a search for "altnet" it comes up with 24 entries.

23 of them are altnetx.zip files (where x is a number from 1 to 23) in
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery

so i think those are cool

the last is in
C:\Documents and Settings\Kevin\Start Menu\Programs\Altnet
and the only file in there seems to be a shortcut called
Peer Points Manager

the shortcut points to c:program files/altnet

but that directory doesn't exist (at least anymore!)

so maybe i don't have a problem... just that the registry entry that spybot finds doesn't let me delete it... or ?

anything else in the hijacklog seem off?

Buckeye_Sam

Your log is clean. You can always go into the registry and manually remove the entries that Spybot finds. I know that Microsoft Antispyware will detect Altnet. I'd give it a try.

You can delete this folder.

C:\Documents and Settings\Kevin\Start Menu\Programs\Altnet

phathag

Well its good that the log is clean. Thanks for that.

And I tried to remove that registry entry to no avail!

I logged in as administrator even and still wouldn't allow me to delete it or any of the sub-folders or keys!



The only folder inside altnet in the registry is called dashboard.

there are 2 folders inside this. one called "messages" and the other "settings."

i cannot do anything with those. as soon as i click on the folder it pops up with "error opeing key"

I'm not really worries now that the log is clean but am still confused as to why spybot cannot remove altnet and i cannot remove those registry entries.

If you have any ideas on how to remove the entries then let me know but if not not to worry.

Thanks for all your input regardless

Buckeye_Sam

Fix this line with Hijackthis:

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present


Now see if you can remove those registry entries.