Gnutella Forums

Gnutella Forums (https://www.gnutellaforums.com/)
-   General Windows Support (https://www.gnutellaforums.com/general-windows-support/)
-   -   Limewire opening on Startup (https://www.gnutellaforums.com/general-windows-support/39468-limewire-opening-startup.html)

Nigel June 20th, 2005 12:25 AM

daughter just told me the Antivirus caught a virus yesterday and put it in quaratine. I am now able to open Task Manager after deleting Winupdate do you think i am clear of the Virus now as the computer seems to be running OK

BobbyNaini June 20th, 2005 08:00 AM

Hi Nigel.

If you are able to open the Task Manager, you are safe from the virus only for so long as you don't reboot. The problem is that the moment you reboot your computer, the virus might be reactivated by a "call" that is placed in the registry. So in my opinion, it's absolutely essential that you get into the Windows registry to remove any references to the virus.

What version of Windows are you running?

Just to be 100% certain, are you following these additional steps to find those files:

Open My Computer. Select Tools from the menu, followed by Folder Options. Click on the View tab. Make sure that there is a check mark next to the following items:

Display the Contents of System Folders
Show Hidden Files and Folder

Now, make sure there are no checkmarks beside the following:
Hide protected Operating System Files.

Also, if you are using the Search function in Windows to locate these files, make sure that you do it in the following way:

1) Click on the Start button in Windows, and then select Search.

2) Select All Files and Folder

3) Enter the file name in the first box.

4) Click on More Advanced Options.

5) Make sure that the following all have checkmarks next to them:
Search System Folders
Search Hidden Files and Folders
Search Subfolders

Then once these are checked, click on Search.

Post back if none of these apply. Once I know your version of Windows, I might be able to help you better.

Bobby Naini

kmag June 21st, 2005 09:14 AM

Please send a copy to ant-virus labs to help stop this virus
 
I sent an email to Kaspersky Labs antivirus yesterday about this virus and got an email back from one of their virus analysts. However, I haven't been infected and so I wasn't able to provide them with a sample of the virus.

If you'd be so kind as to help prevent others form getting this virus, please make a password-protected zip (or rar) file containing any viral files you are about to delete. The password should be "infected" and it should be mailed to NewVirus@kaspersky.com, with a subject of KLAB-571146.

It's my understanding that the major anti-virus labs have informal agreements about sharing new viruses with eachother.

If you're extra motivated to help stop this virus, there's also a web submission form at http://subwiz.trendmicro.com/SubWiz/...sp?opgWizard=7 . Presumably TrendMicro wants the winupdates file instead of the password protected zip file.

Unfortunately, it looks like Symantec/Norton Anti-Virus requires you to use Norton Anti-Virus to send in samples instead of using plain old email. If you have Norton Anti-virus, please by all means use Norton Anti-virus to send Symantec/Norton a copy of winupdates.

McAfee Anti-virus's website gives me the impression that there's no way for the average person to send them samples of suspected viruses.

Nigel June 21st, 2005 12:26 PM

Delving this deep into computers is a bit new to me . My Antivirus is AVASTwhich did quarantine the Virus called (Win32:adware).while all thiswas going on would this have been the same one

kmag June 21st, 2005 02:58 PM

Worm.Win32.VB.an or Zodiak
 
[Newly added]
It looks like this is called the "AN Worm" or the "Zodiak Worm".

I finally got my hands on a copy of this malware. I tested it against free trial versons of Norton AV and Kaspersky AV (and updated the virus definitions for both). Kasperky detects it as Worm.Win32.VB.an. Norton misses it.

There are two free trial versions of Kaspersky Antivirus on download.com

http://www.download.com/3120-20_4-0.html?qt=kaspersky

It's late. Let everyone know

[End of new stuff]


If your antivirus software had detected this virus, it probably would have moved the virus files (winupdate) to your quarantine folder and they wouldn't have been there when you tried the manual removal steps above. However, I'm not familiar with the specifics of AVAST.

AVAST's own website has a list of viruses, but it doesn't list anything named "Adware", so my guess is that it is detecting some kind of adware program (popup generator) and quarantining that. If I had to make a guess, I would guess that AVAST added virus definitions to make it's antivirus program think that various adware programs are viruses, and remove the adware just like it removes viruses. However, I really don't know enough about AVAST to know what it has found based on your description. Unfortunately, different anti-virus vendors often use different names for the same virus.

In any case, if your quarantine folder doesn't contain any winupdates files, my best guess is that AVAST caught some other nasty thing on your computer.

Nigel June 22nd, 2005 12:35 AM

I did everything BobbyNaini Instructed then i REBOOTED then went back and checked and everything regarding WINUPDATES had been removed.I then did a Deep Virus scan using AVAST then Microsoft AntiSpyware then AD-AWARE.6 then SPYBOT then CWSHREDDER and all was clear.Now all i want to do is put back
SYSTEM32 and REGEDIT in the right place

jotacorredor June 24th, 2005 05:49 PM

Thanks
 
I was having the same trouble, I wrote limewire for help and they told to uninstall limewire and java and installed them back again but it did not work, I had notice though that I was not able to enter the task manager either.

Follow everything so far and I found the windupdates.exe file in the task manager consuming 98% of my cpu, in the registry and in the prefetch folder.

I'm hoping I did it right because now I'm going to install limerwire again.

Thanks for the help.

kmag June 24th, 2005 09:01 PM

Worm.Win32.VB.an
 
I got my hands on a copy of this malware, and in fact it is not detected by the 6/22/2005 virus definitions from Norton Anti-virus.

However, the free trial version of Kaspersky Anti-virus catches this worm.

Download.com has two versions:
http://www.download.com/3120-20_4-0.html?qt=kaspersky

I tested the less expensive of the two. (Well, they're both free for about a month, but you know what I mean.)

I downloaded both Norton AV and Kaspersky AV free trial versions from Download.com tonight, updated them both fully, and ran them against the malware sample I received.

If anyone knows of any other anti-virus programs that will catch this worm, let everyone know.

sly Bro August 26th, 2005 02:06 AM

Hey Bobby,

Just a quick note to virtually shake your hand and give you a pat on the shoulder coz you really helped me out with that virus.

Your instructions were crystal clear for someone like who's not computer literate at all. Plus in the process, I got to get more familiar with my machine.

Thx man, keep up the good work

Peace :)

banmicrosofttoo August 27th, 2005 03:22 AM

i got a slower computer. i noticed when limewire started up, i'd see something about digital audio access protocol.. then my computer would lag up, often causing me to kill limewire through task manager.

go to Tools -> Options
Click on the iTunes tab
Go to Sharing
uncheck the Share my Music box.
press apply
restart Limewire


All times are GMT -7. The time now is 03:01 PM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.