|
limewire keeps starting up after i shut down limewire and exit from the icon on the system tray, it keeps re-starting. I dont have it starting when I boot my computer and i have it shuting dowm automaticlly instead of to the system tray. i've tried turning on and turning off all the little tick boxes in preferences but nothing helps. it just started doing this 3 days ago. any help would be appreciated. |
I had this exact same problem, and after literally 24 hours of analyzing every inch of my computer, I solved the problem. I suspect that based on your descriptions of the problem (which I had as well), you are infected with a virus. It's unbelievable that none of my AntiVirus packages picked up this infection. For me, everytime I restarted my computer, Limewire would automatically load up. Even if I closed it, it would just open back up again. On top of this, I could not even access the Task Manager in Windows XP to allow me to force a shutdown of Limewire. I hit CTRL-ALT-DEL and nothing would happen. Anyways, here are the steps that need to be taken. 1) Uninstall Limewire. You can reinstall it at the end of these steps. 2) Disable System Restore in Windows. This can be done by right clicking on My Computer, selecting Properties, and then clicking on the System Restore tab. Then check the box Turn Off System Restore. Hit Apply, and then OK. If you are prompted to restart Windows, do so. 3) Now we need to fool the virus into allowing us to open the Task Manager. This can be done by copying the Task Manager executable file from the Windows directory. To do this, go to c:\windows\system32, select the file taskmgr.exe, right click on it, and select Copy. Go to the desktop, and click on an empty part of the desktop. Then right click on the desktop, and select Paste. 4) Double click on the taskmgr.exe file on your desktop. This should open the Task Manager. Click on the Performance tab. If you are in fact infected with a virus, you will likely (although not necessarily) see close to 100% CPU usage!! Now click on the Processes tab, followed by clicking twice on the CPU column header. What this does is order the files running on your computer based on the amount of CPU resources they are consuming in real time. If there is a process, other than System Idle Process, that is consuming close to 100% of the CPU, then it is this process (or file) that is infecting your computer. For me, and likely for a lot of you, that file will be winupdates.exe. Don't be tricked. This is not a Microsoft program. It's a virus masking itself as a legitimate file. Please remember the exact name of this process, because you will need it in a later step. 5) Click on this process to highlight it, then click the button End Process. A warning prompt should pop up. Click on Yes. 6) Now that this process is killed, we need to remove any references to it from the Registry. Once again, because this virus is blocking us from opening the Registry Editor, we need to trick the virus by copying the file to the desktop. Follow the same steps as in number 3, except this time, copy the following two files from their respective directories, and paste them on the desktop. c:\windows\regedit.exe c:\windows\system32\cmd.exe 7) Open regedit from the desktop. In the left window, click on My Computer so that it is highlighted. Now select Edit from the menu, followed by Find. In the Find box, type the name of the process that you ended from the Task Manager. If you recall, mine was winupdates. Do not include the .exe, just winupdates. Then click Find. 8) For the item that it found in the right window, click it to highlight it if it isn't highlighted already, and then right click on it, and select Delete. If a prompt pops up, select Yes or OK to confirm the delete. 9) Now, hit the F3 button once. This will find the next reference to that bad file. Follow step 8 again to delete the reference. Repeat steps 9 and 8 until the editor indicates that there are no more references to this file. Then exit the editor. 10) Finally, click on cmd.exe which you copied to the desktop. It will open the Command Prompt (which looks like DOS). Type the following commands in order, and hit Enter after each line: cd c:\ cd program files rd /s /q winupdates 11) Now restart your computer. Reinstall Limewire. This should hopefully fix your problem. Bobby Naini |
thanx. i'll try that and let you know. |
thanx bobby. it worked great. |
I'm glad to hear that! :-) By the way, I forgot to mention, make sure you reactivate the Windows Restore function as well. I appologize for having fogotten to mention that. Bobby Naini |
Hi. Just to add to the steps that I posted earlier, also do the following: 1) Go to the following directory and delete any file with winupdates in the name. c:\windows\prefetch 2) When you're done with all of my steps, plase make sure to go back into the System Properties by right clicking on My Computer, and unchecking the Turn Off System Restore box under the System Restore tab. For those of you who can't seem to find taskmgr.exe, cmd.exe, or regedit.exe, I would suggest you do the following if you have not already done so: Open My Computer. Select Tools from the menu, followed by Folder Options. Click on the View tab. Make sure that there is a check mark next to the following items: Display the Contents of System Folders Show Hidden Files and Folder Now, make sure there are no checkmarks beside the following: Hide protected Operating System Files. Also, if you are using the Search function in Windows to locate these files, make sure that you do it in the following way: 1) Click on the Start button in Windows, and then select Search. 2) Select All Files and Folder 3) Enter the file name in the first box. 4) Click on More Advanced Options. 5) Make sure that the following all have checkmarks next to them: Search System Folders Search Hidden Files and Folders Search Subfolders Then once these are checked, click on Search. I hope this helps! :-) Bobby Naini |
malware - stole the taskmgr.exe Hello Bobby; Many thanks for your time spent on this problem. I have just encountered the same one. However, my malware seemed to have deleted the c/windows/system32 folder, and the taskmgr.exe along with it. Any idea how i can resurrect it again so i can follow the rest of your steps? Many Thanks, -alek- |
"AN Worm" This is malware has been identified as Worm.Win32.VB.an, the "AN Worm", sometimes called the "Zodiak Worm". I was able to obtain a sample of this malware. I got free trial versions of both Norton Anti-virus and Kaspersky Anti-virus from Downoad.com. Norton's 6/22/2005 virus definition library misses this malware. Kaspersky catches it and quarantines it. http://www.download.com/3120-20_4-0.html?qt=kaspersky Let us all know if you find any other anti-virus scanners that catch this worm. It might be a new variant, because Norton's website claims they've been able to catch this worm since October 2003. I've submitted a sample to Norton. TrendMicro's webserver gave me an internal error when I tried submitting it via their web form. |
I have the same problem. Dont have a system32 folder |
I believe you can find the task manager file in c:\windows\servicepackfiles\ and you keep going until you find the taskmgr.exe. My problem is, wheni try to open the task manager (that was copied) it says that the administrator has disabled that function...and i think i'm the administrator. how do i fix this? -Ian |
From what I've read about other posts with this issue, one of the damage the virus does it disable the task manager. Get rid of the virus & hopefully things should return to normal. See the tips given by those who solved this. You can find out more from the Sticky at the top of this section. Look at the links. ;) :) |
I also found another file giving me problems: p2pnetworking.exe in \windows\system32. My anti-virus program found it but couldn't delete it. Following the advice in here I managed to delete it myself. I wanted to pass along that I too couldn't get to \windows\system32. I ended up going in Windows Explorer and going to the Windows subdirectory. From there I simply typed \system32 in the address line and clicked go. I made it there and could do all the rest to get rid of the "winupdates" virus. Best of luck! |
recover libary after reinstallation I reinstalled limewire and now can not find my music where would it be? |
If you didn't change the downld location from the default originally, then you should find it here: C:\Documents and Settings\"your account name"\Shared So you may need to go to Tools>Options>Saving & change it back to where you originally had it located. Make sure you also share this folder if you want it to appear in your LW library window. Go toTools>Options>Sharing & add it. |
I had set-up a restore point before I executed something I'd downloaded from LimeWire.. If I go back to that 'point' will I be ok? Or do I still need to do all this??? Thanks! |
virii don't usually care for restore points. I don't believe it will work. |
He's absolutely right. It's not enough to use a restore point. So long as the executable file is on your system, it can re-insert itself into the registry an infinite number of times. Going through the steps I've outlines will get rid of it for good. It really only takes 20mins. Bobby Naini |
Baffled Limewire refusing to stay out of the system tray was the reason I had asked for help, but I checked out everything mentioned in the solutions in this thread, and found nothing on my (new)computer that was as described there. There is no file consuming high CPU. There is no file called winupdate or anything with "win" in it in the Prefetch folder. I CAN access the Task Manager. I did, however, delete Limewire. I took fright. I have downloaded some rare and thrilling music from Limewire and hate to lost it. Moreover, I had eliminated the problem of having it appear at startup using "Advanced System Optimizer" utilites. I know that was just a bandaid on the problem, but I don't seem to have the other problems other users have mentioned. If I do nothing further, am I just cruising in ignorant bliss? |
Yeah, i figured that much about the restore point.. My Norton scanned the pc and found 5 infected files and deleted 4. Then I did the System Restore thing, I turned it off and scanned the computer again and nothing was found.. I try the control + alt + delete and it works perfectly and my cpu usage is of 4% Did my AntiVirus got rid of it??? How do I know for sure?? Thanks!! |
Oh yeah! I also deleted it from the registry.. This is what my antivirus calls the worm http://securityresponse.symantec.com...2.alcra.b.html Thanks y'all |
ditto I suspect I had the same problem. Limewire would start on boot-up, even though it was not supposed to. My task manager would not start. I ran Kaspersky, it found thousands of problems, including a few P2P entries, and a problem with winupdate. So far, Kaspersky seems to have taken care of everything. I'll keep checking for hiccups! |
To add a couple more things that need to be done. check this site: Info from Trend The information there lists more files you need to look for and delete. I also found another instance of bszip.dll in my windows\system32\ folder. Deleted. After following all of the actions listed in this forum, those on trend's site, and more, I still don't have complete resolution. Regedit will not run from it's original location, but taskmanager will. I'm not sure what else is dinked up. Tom |
|
Sry if someone already posted this, but im too lazy to look. I was following Your directions and everything was going smoothly until step #8. The thing i find in regedit when i search for winupdates doesn't want to be deleted. I try to, and click yes to confirm, then it says "Unable to delete all specified values". Thank you for your help and very specific directions, and sry again if I just made a stupid mistake somewhere in the steps... :eek: |
Limewire still will not run on my system. I did a search for "lime" and found more instances of the original zip file that contained the setup.exe file that probably causes the problem. I uninstalled LW again and deleted those files and all the limewire files except the original setupfile for limewire. Pay attention to the directorys when you do the search. If you know what belongs and what doesn't, it can tell the tale. Tom |
possible new variation I got all the same syptoms and the same solutions worked, (though I still have to get regedit working, only works if i type 'regedit32 at the moment) however, the files it put on my system were c:\program files\outlook\outlook.exe, p.zip and v.tmp. Also, outlook.exe doesn't show high cpu usage in the taskman dialog, but once I deleted it, ctrl-alt-del started running taskmgr again. any thoughts on regedit greatly appreciated. |
Nipper, Look in the \windows\system\ folder and you will probably find a regedit.com file. Delete it. If you check the link I posted just 4 rows up, you find this list of files that need to be deleted: cmd.com netstat.com ping.com regedit.com taskkill.com tasklist.com tracert.com Make sure you get them all. Tom |
OK guys, BobbyNaini did a lot of work on this limewire reopening. I followed all his steps, but it still didn't work for me! I had 'no' usage problem, infact- winupdates wasn't even there. But I still followed all his steps and continued on. While I was in my regestries, I also did a search for limewire & limewire.exe and deleted all the files I found and continued hitting the F3 key and deleting the regestry. after it finished, I did a search for winupdates, only finding one. I deleted it. After reboot limewire reopened again. Getting P'd off, I did a standard search, 'start' 'search' 'find files and folders' and typed 'limewire'. After the search there were quite a few files & folders found. I hit edit, select all and deleted everything found. Good-bye Limewire. It hasn't reopened since. I reinstalled limewire again from the begining. It worked for me. I encounted this problem after picking up the PWsteal trojan virus. I got rid of the virus using norton. As I have read some of the other problems people are having, I too lost my system32 file. regedit wouldn't open, taskmger would'nt open, and so on. All you have to do is a search for them. Go to search, find files and folders, and type cdm.exe regedit.exe abd finally taskmgr.exe After each file is found, right click on it and hit 'open containing folder'. You then can right click on it and copy, then paste it to your desktop like BobbyNaini explained. then they will work. Then try again to follow BobbyNaini's steps. I hope I have been some help.... GOOD-LUCK |
Hello again... I have read some post about losing download files, or not being where they should be. What I do is download a song. like for example 'Beatles'. Then do a search for the song. When I find it, I right click it and hit 'open containing folder'. At the top you will see what folder it is in. Or hold the curser over it without clicking, it shows the full path. Then I X-out, go to the folder and right-click on it and hit 'Create shortcut' then paste it to my desktop. From there you can put it anywhere you want it. I am also posting a link that everyone should read and follow. http://www.eff.org/IP/P2P/howto-notgetsued.php's Again I hope I've been a help |
I notice in the examples in the link you gave they suggest to put zeros into all the upload slots & bandwidth, etc. But they forgot to put a zero in the downld slots. That was a clumsy mistake of theirs. Oh & there's something else they missed in Sharing b/c it didn't exist in their version. So much for p2p (Peer to Peer.) I guess it's peer to I, me & myself only. eg: http://www.oit.duke.edu/helpdesk/fil...mewiremac.html / http://www.oit.duke.edu/helpdesk/fil...mewirewin.html lol :D |
Thanks for the reply Lord, good observation, but I wonder, 0 in uploads stop them from taking yours, but does 0 in downloads, won't that stop your downloading? I'll have to try... |
Yes ... I was being sarcast.. lol :D Sorry! :rolleyes: But the share option at the bottom of that window in options is new. |
Thanks Thanks skyviper. I was doing it late at night and I guess I didn't read the whole thing through zzzzz...;) Deleted those files you listed and everything back to normal. One thing worries me though is how it got through. When the original file d/led and I got the alarm from my Symantec a/v, I did all the right things but it still got through. The only thing I can think of is afterwards, I noticed I didn't have the 'scan in compressed files' box checked in the a/v software. Maybe that was it. A couple of observations that might be of use to someone are that: 1) Although I uninstalled limewire using Start>All Programs>limewire>uninstall, which ended with a 'successfully uninstalled' dialog, most if not all of the original files were still there (though lw didn't show up in Control Panel>Add/Remove Progs). Manually deleting the l/w directory produced a regular error dialog in place of re-running lw, meaning lw was finally off the system. 2)When I'd cleaned everything up and all seemed ok, I ran the security check on the Symantec site and all ports came up as stealthed, which suggests the back door is now closed. 3) winupdates was not part of the payload, so I suspect outlook.exe was the equivalent file in this instance. 4) It showed up on my system as Alcra C. Thanks for the advice folks, I'll keep this one tagged in case I can do the same. Good hunting ;) Late addition: Just ran spydoctor and picked up the following reg entry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr ent Version\run outlook=C:\Program Files\outlook\putlook.exe /auto |
i have the tskmgr.exe copied to my desktop but when i double click on it, it asks me what programme i wish to open it with and i havent got a clue! can anyone help? Thanks |
@angelica Are you sure 1) that you copied the file from windows\system32 and 2) that you copied the file to you desktop and didn't just creat a shortcut to the file? |
Read careful folks...save yourself some work. If you delete the list of com files I posted above, then there is no need to copy the executables. Tom |
Okay, I've read though the pages and I don't think anyone has had the same problem as me. I followed through the steps and I don't think I have a virus. The CPU Usage is fine, there's no files being used more than the System Idle Process, and there are no files containing winudates, regedit or any of the others, but I did uninstall LimeWire. So...what do I do next. All the other steps are if you Ended the process of the virus file. You can contact me at Fryman058@aol.com. I don't get on here much I will check to see if myquestion has been answered as much as possible. Thank you. |
I have this problem with Limewire starting all the time and not been able to get in to windows task manager. However i cant find any of the files such as winudates when i copy and pate the task manager to the destop. What could i do to get rid of this now? Can anyone help? Thanks |
i cant do this hi i have to same problem but there is one that i have that the tutorial does not cover..... when i have pasted taskmgr.exe to desktop and run it... i have no tabs at the top so i cant click 'performance' > cant click on the 'CPU column header' > cannot find out which or what is the process that is using 100% of my CPU and pooing up my system... HELP!!!!!!!!! |
Man alrite i tried the first steps posted here didnt work for me reason being is i don have a winupdate anywhere and i dont have any other file that runs close to even 20% so i have no 'suspects' usually wen i click task manager i have system idle running high on its 90's and iTunes or firefox competing for 02%... and nothing else... I got the same symptoms but not the right cure... any help? |
When i try open task manager after copying it to the desktop i get the error message c:/Documents and Settings/Compaq_Owner/Desktop\taskmgr.exe is not a valid Win32 application :( please help |
If LW's popping up uncontrollably & you're having trouble with BobbyNaini's fix...try this one. It's worked for a lot of people;) The easy fix for Limewire popping up every few seconds (try this first) |
i tried that but task manager wont open still |
Try one of these help sites, then. They're more specialised in dealing with malware:) http://www.spywarewarrior.com/index.php http://www.castlecops.com/forums.html http://forums.spywareinfo.com/index.php?showtopic=79038 |
Ok, this does help, but not really I've basically got the same problem as everyone else, a virus in on my computer and is alluding my anti-virus programs. There's just one problem, my issure is worse. Like everyone else, my lime wire wont stay closed, it starts back up when i shut it down and i can't open task mananger with ctrl+alt+delete, but for me there's more, when i download music the files get turned into corrupted program files or get turned into corrupted zip fils. my spyware program (webroot) keeps locating something called maxifiles, it's apparently a high risk spyware file, and i'm gussing it's my infected file, but when i delete it, it comes back in a day or two. webroot locates it again, even though i already deleted it. and I don't have the file winupdates.exe, and the only thing usuing close to 100% of my CPU is the System Idel thing, so pretty much any help would be greatly appreated. |
Hi waverider. AVG anti virus, has a fix for the virus you have Check your system using any of these programs (I reckon using all of them): http://www.lavasoftusa.com/software/adaware/(free) http://www.grisoft.com(good free AVG) http://www.ewido.com(>>now called AVG Anti Spyware<< free 30 day trial -the best in my opinion) http://www.ccleaner.com/download/(free) Spybot - Search & Destroy (FREE) You can also read here point 4 in the post of LOTR....: http://www.gnutellaforums.com/showthread.php?t=41432 |
Unfortunatley this member has 2 different issues the zip files one and AVG is the fix for that, but also you have another worm that causes limewire to continually open and this is the fix for that one... http://www.gnutellaforums.com/showpo...&postcount=141 AVG fix...http://www.gnutellaforums.com/showpo...13&postcount=5 |
my regedt.exe wont open even when i have copy and pasted it from taskmgr.exe anyidea y? |
| All times are GMT -7. The time now is 11:12 PM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2020 Gnutella Forums.
All Rights Reserved.