PDA

View Full Version : Altnet Browser Plugin?



RedDog
01-21-2005, 10:15 AM
Everyday the new MS Anti-spyware run tells me I have spyware installed - Altnet Browser Plugin. I ask the MS Anti-spyware to remove it and it reports sucess, but even if I immediately re-scan it, is there again. It reports it is in the registry at HKEY_LOCAL_MACHINE_SOFTWARE\Altnet. The structure of the line in the registry is: Altnet-Dashboard-Settings. There are no values under Altnet or Dashboard. It will not allow me to open the Settings folder. I cannot manually delete any of these folders.

What gives?
http://www.donzi.net/photopost/data/500/408altnet.jpg

Greg K
01-21-2005, 11:38 AM
Try this link... http://www.altnet.com/support/rightparent.asp?fn=1&c=11&c2=5&expand=

I think Adaware SE version 1.05 will remove it. Tried that?

And some other directions to it's removal..

Kill these running processes with Task Manager:
programfilesdir+\altnet\download manager\adm.exe
programfilesdir+\altnet\download manager\altnetuninstall.exe
programfilesdir+\altnet\download manager\asm.exe
programfilesdir+\altnet\download manager\asmend.exe
programfilesdir+\altnet\points manager\points manager.exe
programfilesdir+\topicks\bin\hthost.exe
programfilesdir+\topicks\bin\idhost.exe
programfilesdir+\topicks\bin\idmun.exe
programfilesdir+\topicks\icons.exe

Go to the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run.
If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run
\altnetpointsmanager, delete it and reboot the machine immediately.
If you find the value HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run\topicks starter, delete it and reboot the machine immediately.

Unregister these DLLs with Regsvr32, then reboot:
programfilesdir+\altnet\download manager\adm25.dll
programfilesdir+\altnet\download manager\adm4.dll
programfilesdir+\altnet\download manager\admdata.dll
programfilesdir+\altnet\download manager\admdloader.dll
programfilesdir+\altnet\download manager\admfdi.dll
programfilesdir+\altnet\download manager\admprog.dll
programfilesdir+\altnet\download manager\asmps.dll
programfilesdir+\topicks\bin\datamgr.dll
programfilesdir+\topicks\bin\htcheck2.dll
programfilesdir+\topicks\bin\htps.dll
programfilesdir+\topicks\bin\idmcom.dll
programfilesdir+\topicks\bin\idmup.dll
programfilesdir+\topicks\bin\tpbar.dll
programfilesdir+\topicks\bin\tpreg.dll
systemroot+\system\htcheck2.dll
systemroot+\system\tpbar.dll
systemroot+\system32\htcheck2.dll
systemroot+\system32\tpbar.dll

Remove these registry items (if present) with RegEdit:
HKEY_CLASSES_ROOT\datamgr32.actionmgr
HKEY_CLASSES_ROOT\datamgr32.actionmgr.1
HKEY_CLASSES_ROOT\datamgr32.datamgr1
HKEY_CLASSES_ROOT\datamgr32.datamgr1.1
HKEY_CLASSES_ROOT\fetchcomm.commfetch
HKEY_CLASSES_ROOT\fetchcomm.commfetch.1
HKEY_CLASSES_ROOT\htcheck2.checkpage
HKEY_CLASSES_ROOT\htcheck2.checkpage.1
HKEY_CLASSES_ROOT\htcheck2.chelpobj
HKEY_CLASSES_ROOT\htcheck2.chelpobj.1
HKEY_CLASSES_ROOT\htchecksvr.scanpage
HKEY_CLASSES_ROOT\htchecksvr.scanpage.1
HKEY_CLASSES_ROOT\idiumupdater.idiumsysupdater
HKEY_CURRENT_USER\software\topicks
HKEY_LOCAL_MACHINE\clsid\{0352960f-47be-11d5-ab93-00d0b760b4eb}
HKEY_LOCAL_MACHINE\clsid\{80e81a0e-9741-4fbc-8ee3-3b78c04ada1d}
HKEY_LOCAL_MACHINE\hardware\resourcemap\pnp manager\pnpmanager\device\resource008759.raw
HKEY_LOCAL_MACHINE\hardware\resourcemap\pnp manager\pnpmanager\device\resource008759.translate d
HKEY_LOCAL_MACHINE\software\altnet
HKEY_LOCAL_MACHINE\software\classes\appid\adm.exe\ appid
HKEY_LOCAL_MACHINE\software\classes\appid\altnet signing module.exe\appid
HKEY_LOCAL_MACHINE\software\classes\appid\htchecks vr2.exe\appid
HKEY_LOCAL_MACHINE\software\classes\topicks.topick sbar
HKEY_LOCAL_MACHINE\software\classes\topicks.topick sbar.1
HKEY_LOCAL_MACHINE\software\classes\topicks.topick sbar\clsid
HKEY_LOCAL_MACHINE\software\classes\topicks.topick sbar\curver
HKEY_LOCAL_MACHINE\software\classes\topicksreg.top ickreg1
HKEY_LOCAL_MACHINE\software\classes\topicksreg.top ickreg1.1
HKEY_LOCAL_MACHINE\software\classes\topicksreg.top ickreg1\clsid
HKEY_LOCAL_MACHINE\software\classes\topicksreg.top ickreg1\curver
HKEY_LOCAL_MACHINE\software\classes\typelib\{9a7cf eda-5911-4ef1-b49a-35c34230ffc1}
HKEY_LOCAL_MACHINE\software\classes\typelib\{be761 3d4-7d09-4cf8-b747-6dff0564891e}
HKEY_LOCAL_MACHINE\software\grokster\bandwidth\in\ b0
HKEY_LOCAL_MACHINE\software\grokster\bandwidth\in\ b0seconds
HKEY_LOCAL_MACHINE\software\grokster\bandwidth\in\ b1
HKEY_LOCAL_MACHINE\software\grokster\bandwidth\out \b0
HKEY_LOCAL_MACHINE\software\grokster\bandwidth\out \b0seconds
HKEY_LOCAL_MACHINE\software\grokster\bandwidth\out \b1
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1d6711c8-7154-40bb-8380-3dea45b69cbf}\installer
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{1d6711c8-7154-40bb-8380-3dea45b69cbf}\systemcomponent
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\toolbar\{80e81a0e-9741-4fbc-8ee3-3b78c04ada1d}
HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\app management\arpcache\topicks

Remove these files (if present) with Windows Explorer:
commonprograms+\altnet\peer points manager.lnk
cpns.dat
ctgind.dat
ctgs.xml
default.swf
demo.swf
dminstall3.bde
idhost.exe-02c54351.pf
info.swf
install.log
jsinstall.bde
jslegals.txt
link.swf
logo.swf
settings.dat
spnsrs.xml
star.swf
systemroot+\system\htcheck2.dll
systemroot+\system\tpbar.dll
systemroot+\system32\htcheck2.dll
systemroot+\system32\tpbar.dll
topicks.swf

Remove these directories (if present) with Windows Explorer:
profilepath+\local settings\temp\idseupdate
programfilesdir+\altnet\download manager
programfilesdir+\altnet\points manager
programfilesdir+\topicks

Good Luck :beer:

Marlin275
01-21-2005, 12:18 PM
How d'ya like them apples?
Who needs a mini when ...


Review: Microsoft Anti - Spyware Ineffective
By THE ASSOCIATED PRESS

Published: January 21, 2005

Filed at 10:32 a.m. ET

Microsoft Corp. created the world's most popular operating system -- one that's also heartily embraced by hackers and virus writers. And it begat the world's top Web browser, which makes it all too easy to mistakenly download and install spyware, adware and other garbage.

You'd think the world's largest software company, which presumably knows its own Windows and Internet Explorer code, would have long ago come up with something to repair PCs possessed by malicious programs.

Think again.

Though Microsoft regularly releases bug fixes, security patches and even the occasional virus-removal tool, it has only recently made programs available to help people wrangle back control of their computers after they've clicked the wrong pop-up ad, opened a rogue attachment or installed adware-packed freebies.

The company now has two free programs to help rid PCs of unwanted pests. Though Microsoft Windows Malicious Software Removal Tool and Microsoft AntiSpyware show some promise, they aren't close to being magic bullets.

I tested the programs on a Windows XP computer I borrowed from my wife's cousin. The 3-year-old PC, a Gateway running Windows XP Home Edition, was basically unusable.

Annoying pop-up windows, a sign of adware, were the least of its problems. The modem dialed phone numbers even though the PC was hooked up to a broadband connection. It took more than a minute to load a single Web page and often crashed minutes later.

Error messages appeared when I tried to open the Task Manager, a Windows utility that shows running programs and processes. It refused to load Windows Update, Microsoft's site for downloading security patches and other fixes.

Needless to say, the machine had not received any security updates from Microsoft in a while. To load Microsoft's Malicious Software Removal Tool, I had to get it using another machine, load it on a USB drive and install it manually. (It's usually available through Windows Update.)

Once installed, the tool scanned the machine and reported no problems, even though there were big problems.

The tool looks for a limited number of pests, such as ``Sasser'' and ``MSBlaster,'' so it didn't find the worm, ``Netsky.P,'' that had infected this PC. The program, though, will be updated each month and will presumably become more effective.

By building its tool into Windows Update, Microsoft shows it's aggressive about snuffing out pests. But it's got to stay up to date with the threats -- and send out updates as close to real time as possible. Who wants to wait until the second Tuesday of each month to fix a sick PC?

Existing computer security firms have nothing to worry about -- at least for now.

Computer Associates' ezAntivirus took three hours to scan the entire system and found 19,000 infected files. After the worm was knocked out, the machine became slightly more stable and I could tackle the spyware problem.

Installation of the prerelease version of Microsoft's antispyware program, which can be downloaded free from Microsoft's Web site, was easy. The final version's price, if any, has yet to be announced.

The interface was clear and simple. I ran a thorough scan, which discovered 77 spyware and adware programs. I followed the software's advice and removed them all.

But bizarre behaviors -- including multiple pop ups, unwanted toolbars and generally sluggish behavior -- continued.

So I rebooted the PC in safe mode, which limits the number of programs that load at startup. The theory is that if it's not running, spyware can be more easily deleted. This time, the program found about two dozen spyware programs. I deleted those, too.

After rebooting again, the PC continued to show signs of infection, though it did seem less bogged down. Having spent two days disinfecting the system, I broke down and reformatted the hard drive. I then reinstalled Windows XP and all its patches.

It took just 90 minutes.

The clean start gave me a chance to try Microsoft AntiSpyware in its other role -- as protector of a clean system. Compared with competing products, it did a good job and was easy to use. (There are modes for novice and advanced users.)

It continuously monitors 59 checkpoints and alerts users whenever a program attempts to make a change, though some of the messages could do a better job of explaining troubles in plain English.

I tried downloading and installing a well-known adware program, PurityScan. The security features in Windows XP Service Pack 2 tried to get me to stop, but I ignored it. When the spyware installer was running, two windows popped up giving me the chance to block some files from installing.

This time, I agreed, but the program still showed up in a subsequent scan. With a few clicks, I successfully deleted it.

In theory, Microsoft AntiSpyware should get better over time. It's programmed to send reports back to Microsoft to improve and update spyware definitions.

The antispyware program also has useful tools for easily accessing Windows and Internet Explorer settings that were previously hidden deep within the operating system and browser. In fact, any hijacked settings can be restored with one click.

Overall, I was more impressed with the antispyware program's protective measures and simple interface than with its ability to cleanse existing infections. Still, Microsoft seems to be on the right path to fixing the mess caused by the careless users, malicious programmers, unethical companies and vulnerable software.

If only it hadn't taken so long.

RedDog
01-21-2005, 01:51 PM
I'm not seeing any problems - only the reported "find" after a scan.

Greg's tips didn't work. The latest Adaware (free version) found no problems. A search of the registry and program files didn't show any of the entries in the long list.

I also tried a register "cleaner" - EasyCleaner

Thanks for the try

txtaz
01-22-2005, 08:32 AM
Red, Get the latest spybot search and destroy. That may help.
Wes