Home | Forum


  Fixes: 43
  Resolutions: 26069


In the same category
Articles:
  Uninstall McAfee
  Remove Spyware
  How Can Network W...
  The McAfee Remova...

Quick Fixes:
  
Firewalls
    Internet stops ...

  
Spyware
    Virus Alert - R...

  
Windows
    Registering all...

Add new article


Remove Alemod / Explorer.EXE - Application Error/ Infected Wininet.dll

Remove Alemod / Explorer.EXE - Application Error/ Infected Wininet.dll

Resolutions:37 | Views:42109
Comments [6]

Symptoms

No desktop icons or start menu. You are getting an "Explorer.EXE Application Error" message. If McAfee is installed will alert you that wininet.dll is infected.

Cause

Infection with the W32.Alemod Trojan. This trojan comes bundled with spyware and advertising for rogue antispyware programs.

Solution
First you need to shutdown the computer and restart in safe mode with networking.

1. Turn the computer off.

2. One second after you press the power button to start the computer back up, start hitting F8. Hit F8 continuously every second.

3. That should get you to an Advanced Option Menu



4. Choose Safe Mode With Networking and hit Enter

5. On the next screen choose your operating system

6. On the login screen choose your user name. If you donít see the main user press Ctrl+Alt+Del twice to bring up the classic logon screen

7. After you login a warning will come up saying that Windows is running in safe mode. Ignore the warning and don't click yes or no.


Do not click Yes or No to this message! Just dragg it at the bottom of your screen.


The next step is to cleanup Internet Explorer. Here's how we're going to achieve that:

1. Press the Ctrl+Alt+Del keys at the same time and let them go. That should bring up the task manager. If it doesn't work then try Ctrl+Shift+ESC

2. On the top of the task manager click View and then click on Always on top so the task manager will not cover the other windows

3. To launch an application we will need to click File/New Task. In order to cleanup Internet Explorer we need to launch the Internet Options component of the Control Panel. For that we have to click File, New Task and execute: inetcpl.cpl.



5. That will launch the Internet Options Applet.

6. In here click Delete Cookies and Delete Files to delete all the data stored in the Temporary Internet Folder

7. Click on the top on Programs and then click Reset Web Settings to reset your home page to default.

8. Click on the top on Advanced and then make sure that the Enable 3rd party browser extensions option is unchecked. This is the most important part of the Internet Explorer cleanup process as it disables all the toolbars and add-ons that hijack Internet Explorer and control the web activity.



Download HijackThis


Click File->New Task and type in : www.tinyurl.com/yslp

Open the file. A explorer window will open. Inside this window there will be a Hijackthis icon.

Double click on the file and choose: "Do a system scan and save a log file".




A notepad window will open. Click File/Save. This action will save the log on your Desktop.


You will find an automated HijackThis analyzer here http://www.myfixes.com/slides/spyware-27. You can submit your log there. We strongly advise you to request the assistance of a computer expert if you are unsure of what you are doing. You can request assistance on the My Fixes forum directly along with your HJT log.

Remove all the infected entries.

Download RogueScanFix


In the Task Manager window click File->New Task

Execute www.siteFwd.com/rogueb .

Choose run twice, and install the program.

On the last screen insure that Launch Roguescanfix is checked and click Finish.


You will see the following window:


Press Enter


Press Enter


This window its a backup of some removed registry keys. The Brute Force Uninstaller has been executed behind all these windows.


Close all the windows that are open and click ok to all the messages.

Download Smitrem


Press Ctrl+Alt+Delete to launch the task manager.

In the Task Manager window click File->New Task

Execute www.siteFwd.com/smit .

Click run twice to launch the installer.


You will see the following window.



Click Start. The files will be automatically extracted on the desktop.

In the Task Manager window click File->New Task->Browse

Click Desktop on the left hand side.

Double click on the smitrem folder.

Double click on RunThis.bat .



Press enter to all the messages that you get. You will have to press enter about 10 times. If an uninstaller program launches choose uninstall.


In the end if the tool was successful you will be presented with this message.


If you saw this message you will not need to replace wininet.dll . If instead you received a message saying that smitrem was unable to find a good version of wininet.dll do the following:

Replace wininet.dll


In the task manager window click File->New Task(Run)

Execute cmd .

In the black box that comes up type the following commands followed by Enter:

cd \

cd windows

cd system32

ren wininet.dll virus

copy c:\i386\wininet.dll



If you receive a message that the file was not found do the following:


Insert the Windows XP CD in the top CD drive.

Enter: expand d:\i386\wininet.dl_ wininet.dll



You can now restart the computer.

These steps will disable the Alemod trojan. Once you return in normal mode it is recomended to run a full antispyware scan and a full antivirus scan.

If you don't have an antispyware program here are instructions on how to use a trial version of Spy Sweeper: http://www.myfixes.com/slides/spyware-25

If you don't have an antivirus download Grisoft's AVG completely free from here: www.sitefwd.com/avg7

   Click here if this resolved your issue.

Submitted by Paul Ionescu
Last modified 2007-07-15
Submit Comments
Article Rating: Low High
Your Name:
Your Comments:
     ©2005-2007 Paul Ionescu, All Rights Reserved | Privacy