Trojan.Alemod please help

I have this virus on my computer and can not get rid of it. I have tried all the spyware tools that were suggested but the virus is still on my computer. Also my computer continues to download other spyware programs by itself. I have attached a hijackthis log. Any suggestions on how to fix this would be appreciated. Please let me know if I need to give some more information.

 

Your Operating System is seriously out of date and needs to be updated. After we have finished install Service Pack 2 and run Windows Update to bring your system Up2Date.

In HJT Choose Open the Misc Tools Section choose Process Manager, Highlight:

Choose Kill Process

Now scan and have HJT Fix the following:

Download
- Pocket Killbox

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Follow the direction for Running Spy Sweeper

Post the Spy Sweeper log and a fresh HijackThis log.

 

I have done everything on the list, but the virus is still on my computer. Here are the two logs that you asked me to post. I haven't downloaded service pack 2 yet, but I am doing that after I post this.

 

Scan and have HJT Fix the following:

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Please run Panda Online Scan. After the scan attach the log to your next post. Also please follow the below:

1 - Please EXTRACT all files from Qoologic Tool to its own folder - C:\Program Files\QoologicFinder . Then, DoubleClick Find-Qoologic.bat to run the tool. It should produce a log - Please attach that with your next post!

2 - Please EXTRACT all the files form RKFiles Tool to its own folder named C:\Program Files\RKTOOL. Then, Please boot to SAFE MODE and DoubleClick rkfiles.bat to run the tool. Let it run and then, when it finishes, look for a log at C:\Log.txt and please attach that log.

Now come back here and post all three logs as attachments

 

When I tried to download service pack 2 yesterday it got about half way and then stopped because it said it could not replace some wininet.dll file. This file also happens to be where the virus is located at. I did the 3 scans on my computer but the qoologic program did not work. It too had some problems with the .dll files. Here are the other 2 scans that I did.

 

You should not be installing or updating anything on your system until after we have made sure it is Malware free.

Follow the directions for SpyAxe Removal.

Download
- Pocket Killbox

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

Here are the two new posts.

 

Post the smitfiles.txt log.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

 

Sorry about that. I mixed up the files. Here is the correct file.

 

Your wininet.dll is infected and will have to be replaced with a known clean version.

Locate your Windows Installation CD. Insert it into your CD drive, make sure your system is set to boot from CDRom in the BIOS. Reboot your computer and enter the Recovery Console.

Type map at the command prompt and make a note of the drive letter for your CD Drive.

Now at the Recovery Console command prompt enter the following commands:

cd \windows\system32

rename wininet.dll wininet.old

expand d:\i386\wininet.dll_ c:\windows\system32
Note: where d: is the drive letter of your CD Drive.

exit
​

The recovery console will close, and the computer will reboot. Remove the CD from the drive.

You will have to run Windows update after we have finished.

How is your computer running?

 

3. Type the number corresponding to the Windows XP Professional installation that you want to use, and then press ENTER. You must type a number when prompted, even if only a single Windows XP Professional installation exists. If you press ENTER without typing a number, Windows XP Professionalrestarts the computer.

How do I know which number I want to type in? There were not any options from me to choose from.


4. At the prompt, enter the password for the local Administrator account so that you can access the contents of the local hard disk. Recovery Console accepts only the password for the local Administrator account. If you do not enter the correct password within three attempts, Windows XP Professional denies access and restarts the computer.

I don't know what the local adminstrator password is. Is there anyway I can find out?

 

ok...nevermind...I figured it out....I get into recovery console and it looks something like this...

1: C:\WINDOWS
Which windows installation would you like to log onto
<to cancel, press

ENTER

 

sorry about that...I hit post by accident. Here is what the recovery console looks like when I get in and what I type in.

1: C:\WINDOWS
Which windows installation would you like to log onto <to cancel, press
ENTER> (so I typed 1)

Type password: (there is no password)

C:WINDOWS> (so I typed MAP)

C:NTFS 38162MB \Device\Harddisk0\Partion1
A: \Device\Floppy0
D: \Device\CdRom0
E: \Device\CdRom1

C:WINDOWS> (so I typed cd\windows\system32 and it came up with an
error saying THE COMMAND IS NOT RECOGNIZED. TYPE HELP FOR A LIST
OF SUPPORTED COMMANDS)

want am I doing wrong?

 

My computer is fixed. Thanks a lot for all the help.

 

Thank You Chas for catching the typo, I missed it even after proof reading the post 3 times.