Virus Threats and Removal Tools

You are here: HOME > COMPUTER > ANTIVIRUS

Trojan.Alemod Update: February 6, 2006

Description: Trojan.Alemod is a Trojan horse that infects wininet.dll and monitors all Web traffic. It also modifies the desktop setting and downloads files from the Internet. It will infect the following file: wininet.dll
Technical Name:	Win32.Alemod TROJ_ALEMOD.I Win32/Alemod.I!DLL! Trojan.Desktophijack.B Trojan.Win32.Small.ev W32/Alemod.F.dll
Threat Level:	Medium
Type:	Trojan Horse
Systems Affected:	Windows All
Detection Date:	June 19, 2005

MAIN MENU

Home

Computer

PDA

Mobile Phone

NOVEMBER TOP THREATS

> Bloodhound.Exploit.52

> Trojan.Bookmarker.J

View Virus Archive

QUICKLINKS

• Antivirus

• Firewall

• Anti-Spy

• Laptop Review

• Desktop Review

• Ringtone Downloads

Secure Internet in Schools
Posted: 3-Nov-05

Internet Fraud and Online Scams
Posted: 22-Sept-05

Hacking Yahoo, Hotmail, Lycos...
Posted: 13-Sept-05

VIEW ARTICLE ARCHIVE

Win32.Alemod removal procedures requires technical know-how on computer troubleshooting. It is better to consult your LAN Administrator or Technical Persons to avoid additional damage on your computer.

MANUAL REMOVAL:

1. Disable System Restore (Windows Me/XP). [how to]
2. Update the virus definitions.

3. Restart the computer in SafeMode.
4. Run a full system scan.
5. Delete any values added to the registry.

Navigate to the subkey and delete values:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager
Values:
"AllowProtectedRenames" = "1"
"PendingFileRenameOperations" = "\??\%System%\oleadm32.dll !\??\%System%\wininet.dll"

Navigate to the subkey and delete value:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value: "WindowsFZ" = "[path to executable file]"

Navigate to the subkey and delete values:
HKEY_CURRENT_USER\Control Panel\Desktop
Values:
"WallpaperStyle" = "0"
"Wallpaper" = "%System%\wp.bmp"

Navigate to the subkey and delete values:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System
Values:
"NoDispAppearancePage" = "1"
"NoDispBackgroundPage" = "1"

Navigate to the subkey and delete value:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value: "NoActiveDesktopChanges" = "1"

Navigate to and delete the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet update
HKEY_CLASSES_ROOT\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3}

5. Exit the Registry Editor and restart the computer.

***If it makes changes to Windows registry that may prevent you from running executable files. A tool to reset registry values to the default value is available for download. Click Here.

6. Download a clean copy of wininet.dll here. Unzip and save to your desired location.

7. Go to C:\Windows\System32\ , look for the infected wininet.dll file and replace it with the clean copy you have just downloaded.

Note: You must be in SafeMode to successfully replace the file.

8. Restart the computer.

9. In order to make sure that worm win32 alemod is completely eliminated from your computer, carry out a full scan of your computer using AntiVirus and Antispyware Software. Another way to delete the virus using various Antivirus Program without the need to install can be done with Online Virus Scanner.

DOWNLOAD REMOVAL TOOLS:

Download and run any of these Anti-Spyware:

DOWNLOAD REGISTRY TOOLS

Click here to download

FREE ON-LINE VIRUS SCANNER

Click here to proceed

Virus Threats and Removal Tools

Trojan.Alemod