Really need help with ALI.EXE

Discussion in 'Malware Help (A Specialist Will Reply)' started by munda3009, Aug 7, 2007.

  1. munda3009

    munda3009 Private E-2

    Hi,
    I am having a really hard time to get rid of this Trojan "ali.exe". I did some research on this trojan on google and got this, "ali.exe is considered to be a security risk, not only because antivirus programs flag Aladinz.b Trojan as a trojan, but also because other sites consider it a Trojan as well."
    I tried to find the thread on Major Geeks.com but couldn't see the starting point. I am new to this site and if someone can help me with this, I will really appriciate.
    I have run the "spyware doctor" to solve the problem but couldn't take care of it. I am running Window XP home addition on my laptop.
    Thanks
     
    munda3009, Aug 7, 2007
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Welcome to Major Geeks!

    The thread you are referring to is this thread: Bandok_ J Trojan


    I'm not sure what you mean you could not find the starting point. The thread is only 10 messages long and they are all numbered.

    If you cannot get your problem fixed by referring to that thread, you will need to follow our standard cleaning procedures given below.


    Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, renaming, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.
    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • CounterSpy - only for Windows XP, 2K, & NT users
      • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy. - only for Windows XP, 2K, & NT users
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
    chaslang, Aug 7, 2007
    #2
  3. munda3009

    munda3009 Private E-2

    I really appriciate your prompt response. I will do the steps you have told me and get back to you.
    Thanks for everything.
     
    munda3009, Aug 7, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You're welcome. If you windup needing are help, be sure to attach the 6 requested logs from the READ & RUN ME procedure.
     
    chaslang, Aug 7, 2007
    #4
  5. munda3009

    munda3009 Private E-2

    Hi,
    Good News!!!!!!!!!!!!!!!!!!
    I don't know how exactly i did it but it worked.
    First I ran SPYWARE DOCTOR and then REGCURE to cleanup the registry. After that i was having trouble with the SPYWARE DOCTOR which kept on infoming about that the EXPLORER.EXE has tried running ali.exe and it has blocked it untill the system restart. For sure it was taking a lot of memory to run SPYWARE DOCTOR at all times so i was wondering what will happen if i close that application. I gave it a shot and shut down spyware doctor. Then ran the regedit by the run command.
    Then i deleted all the files by FIND in the edit menu of the regedit with the following values:
    retadpu72.exe

    ali.exe

    Bandook

    Aladinz

    bupl.dll

    including the folders "RunOnce" and "RunOnceEx" in "HKEY_LOCAL_MACHINE"
    and then ran the REGCURE again 2 times to make sure everything is clean.
    After that i re-started the system and no popup came at the start of the screen. Please note my SPYWARE DOCTOR was shutdown so it didn't start untill i will manually start it. To be sure i checked the "C:\WINDOWS\system32\ali.exe" and it was not there and neither in the regedit anything showed up.
    I am gussing that i have taken care of the problem as everything is working fine.
    Thanks for all the help from the Major Geeks.com team.
     
    munda3009, Aug 8, 2007
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Based on some of the items you reported, I doubt that your PC is totally clean. I highly recommend that you complete the procedure given in message # 2.

    Is Spyware Doctor a paid copy??
     
    chaslang, Aug 8, 2007
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds