I found out my wininet.dll is infected by the win32.alemod virus. Can anyone tell me how to manually delete this virus or any (working) free spyware removal tool that will repair my system? I have downloaded numerous free spyware removal software but you have to purchase the software before it works or the free ones does not work at all. I have spent two days trying to remove this virus but nothing is working. My McAfee virus software keeps displaying that the wininet.dll is infected by win32.alemod and the file cannot be deleted or quarantined. Please help!!!!! I am at the end of my rope because I do not want to wipe out the hard drive and reinstall Windows XP. I have a lot of important files that I need to keep and I am unable to work on my computer without any problems.

Thank,

bdthomas02

Will the computer boot and get on line?

If your computer work, try to execute:
http://secured2k.home.comcast.net/tools/AntiPuper.exe
A friend fix it with this.

http://www.precisesecurity.com/computer-virus/antivirus-00011.htm
Has the removal procedure

Hopefully my advice will help you...Please post back with your results....thanks

I tried several suggestions on the internet on how to get rid of this virus along with many software tools and none of it worked. However, I did find a simple code that removed the infected file from my system. After I entered the code I scanned my system and was unable to locate any viruses. If any computer happens to get this terrible virus here is the code to remove it.

Here are the steps:
*Disable your AntiVirus during this procedure.
*Click Start
*Click Run
Type in CMD.EXE
Click OK

A command prompt will appear.
Type the following into the command prompt:
*CD %SYSTEMROOT%\SYSTEM32
*DIR /A DLLCACHE\WININET.DLL

If the results show 1 file found, keep going, otherwise you will have to try another method.

*ATTRIB -S -R -H WININET.DLL
*REN WININET.DLL *.VIR
*COPY /Y DLLCACHE\WININET.DLL
*EXIT

Now restart the computer.

Here is an explanation of the instructions:

You have to disable your AntiVirus before doing these steps because if the AV is running, it will prevent access to the infected file. You DO want to manually rename this file but the AV would stop us if it's running.

The Start -> Run -> CMD.EXE .. is how we get to a command prompt to do Command line instructions.

Now we want to be in the Windows System folder. To get to this, we use a variable
%SYSTEMROOT% which will always point to the Windows folder. This is for some who have Windows 2000 (\WINNT) or a custom Windows install directory. CD = Change Directory. (CD %SYSTEMROOT%\SYSTEM32)

The DIR /A DLLCACHE\WININET.DLL command shows if there is a copy of WININET.DLL in the DLLCACHE folder. This DLLCACHE folder is also known as the Windows File Protection folder. It contains files that have been digitally signed and that will be used to automatically replace bad files should they be deleted or replaced by new versions in Windows' folders.

If the file is listed, we can continue. First we make sure the attributes for WININET.DLL are NOT Hidden, ReadOnly, and/or System. (ATTRIB -S -R -H WININET.DLL)

Next we rename WININET.DLL file to WININET.VIR (REN WININET.DLL *.VIR)

Ideally, within 2 seconds, Windows File Protection should automatically copy the DLLCACHE\WININET.DLL back to the SYSTEM32 folder (An event log is generated). Let's be sure by manually copying the file. (COPY /Y DLLCACHE\WININET.DLL)

The WININET.VIR file is actually still in memory and will be used until the system is restarted. However all new programs started will begin using the new WININET.DLL immediately. Restart your computer and the locks on WININET.VIR will be released, allowing the Virus Scanner to repair/clean/delete the file.

Thanks for the great information, some real good stuff.