Recently, I had the joyous experience of removing the Altnet virus from a clients computer, and what a joy it was! Not only was the virus kind enough to stick around while in safe-mode, but it also disabled my clients anti-virus software. Lucky for me, no anti-virus software that I had my hands on could remove it so I had to go in and do it by hand.
I removed the Altnet key from HKEY_CURRENT_USER/Software/Altnet in the registry as well as a few others related to the virus. I recommend just doing a search for "altnet" on your registry.
I also deleted "C:\Program Files (x86)\Altnet Music Plugin" which appears to be related to the Kaza music player. However, I did grab the file and move it to an external drive for future inspection (currently underway).
I ran the executable in conjunction with InCtrl5 and found a lot more things that were created, but I did just update IE as well, so I am still looking through it all. While searching the internet for more info about: {3DA165B6-CC41-11d2-BDC6-00C04F79EC6B} I found a whole ton of forum posts about people being unable to delete it. I suspect that this is part of the Altnet virus so I would advise seeing if you have any of the symptoms I described above. I also uncovered that HKEY_CURRENT_USER/Software/AMPMDM is also related and should be deleted as well.
I am currently working on writing a rule for Spybot Search and Destroy and I will post a download link when I finish. I am also working on my own anti-virus software, LitmusAV
No comments:
Post a Comment