Remove Alemod / Explorer.EXE - Application Error/ Infected Wininet.dll
No desktop icons or start menu. You are getting an "Explorer.EXE Application Error" message. If McAfee is installed will alert you that wininet.dll is infected.
Infection with the W32.Alemod Trojan. This trojan comes bundled with spyware and advertising for rogue antispyware programs.
First you need to shutdown the computer and restart in safe mode with networking.
1. Turn the computer off.
2. One second after you press the power button to start the computer back up, start hitting F8. Hit F8 continuously every second.
3. That should get you to an Advanced Option Menu
4. Choose Safe Mode With Networking and hit Enter
5. On the next screen choose your operating system
6. On the login screen choose your user name. If you donít see the main user press Ctrl+Alt+Del twice to bring up the classic logon screen
7. After you login a warning will come up saying that Windows is running in safe mode. Ignore the warning and don't click yes or no.
Do not click Yes or No to this message! Just dragg it at the bottom of your screen.
The next step is to cleanup Internet Explorer. Here's how we're going to achieve that:
1. Press the Ctrl+Alt+Del keys at the same time and let them go. That should bring up the task manager. If it doesn't work then try Ctrl+Shift+ESC
2. On the top of the task manager click View and then click on Always on top so the task manager will not cover the other windows
3. To launch an application we will need to click File/New Task. In order to cleanup Internet Explorer we need to launch the Internet Options component of the Control Panel. For that we have to click File, New Task and execute: inetcpl.cpl.
5. That will launch the Internet Options Applet.
6. In here click Delete Cookies and Delete Files to delete all the data stored in the Temporary Internet Folder
7. Click on the top on Programs and then click Reset Web Settings to reset your home page to default.
8. Click on the top on Advanced and then make sure that the Enable 3rd party browser extensions option is unchecked. This is the most important part of the Internet Explorer cleanup process as it disables all the toolbars and add-ons that hijack Internet Explorer and control the web activity.
Click File->New Task and type in : www.tinyurl.com/yslp
Open the file. A explorer window will open. Inside this window there will be a Hijackthis icon.
Double click on the file and choose: "Do a system scan and save a log file".
A notepad window will open. Click File/Save. This action will save the log on your Desktop.
You will find an automated HijackThis analyzer here http://www.myfixes.com/slides/spyware-27. You can submit your log there. We strongly advise you to request the assistance of a computer expert if you are unsure of what you are doing. You can request assistance on the My Fixes forum directly along with your HJT log.
Remove all the infected entries.
In the Task Manager window click File->New Task
Execute www.siteFwd.com/rogueb .
Choose run twice, and install the program.
On the last screen insure that Launch Roguescanfix is checked and click Finish.
You will see the following window:
This window its a backup of some removed registry keys. The Brute Force Uninstaller has been executed behind all these windows.
Close all the windows that are open and click ok to all the messages.
Press Ctrl+Alt+Delete to launch the task manager.
In the Task Manager window click File->New Task
Execute www.siteFwd.com/smit .
Click run twice to launch the installer.
You will see the following window.
Click Start. The files will be automatically extracted on the desktop.
In the Task Manager window click File->New Task->Browse
Click Desktop on the left hand side.
Double click on the smitrem folder.
Double click on RunThis.bat .
Press enter to all the messages that you get. You will have to press enter about 10 times. If an uninstaller program launches choose uninstall.
In the end if the tool was successful you will be presented with this message.
If you saw this message you will not need to replace wininet.dll . If instead you received a message saying that smitrem was unable to find a good version of wininet.dll do the following:
In the task manager window click File->New Task(Run)
Execute cmd .
In the black box that comes up type the following commands followed by Enter:
ren wininet.dll virus
If you receive a message that the file was not found do the following:
Insert the Windows XP CD in the top CD drive.
Enter: expand d:\i386\wininet.dl_ wininet.dll
You can now restart the computer.
These steps will disable the Alemod trojan. Once you return in normal mode it is recomended to run a full antispyware scan and a full antivirus scan.
If you don't have an antispyware program here are instructions on how to use a trial version of Spy Sweeper: http://www.myfixes.com/slides/spyware-25
If you don't have an antivirus download Grisoft's AVG completely free from here: www.sitefwd.com/avg7
Submitted by Paul Ionescu
Last modified 2007-07-15