Gnutella Forums
Page 1 of 12 1 2345611 Last »
Show 50 post(s) from this thread on one page

Gnutella Forums (https://www.gnutellaforums.com/)
-   General Windows Support (https://www.gnutellaforums.com/general-windows-support/)
-   -   How to get limewire to quit popping up every few seconds (https://www.gnutellaforums.com/general-windows-support/39598-how-get-limewire-quit-popping-up-every-few-seconds.html)

kc0rkx_finch June 19th, 2005 09:18 PM
How to get limewire to quit popping up every few seconds
 
1) Create a system restore point
Start>Allprograms>accessories>system tools>System restore
Follow on screen instructions.

2) Go to the following directory and delete any file with winupdates in the name. Do not be fooled this is not the actual windows update stuff its a virus. i know that might be hard for some of you to believe but i had it and ive got more than one virus scan which none picked this up.

c:\windows\prefetch

3)Open My Computer. Select Tools from the menu, followed by Folder Options. Click on the View tab. Make sure that there is a check mark next to the following items:

Display the Contents of System Folders
Show Hidden Files and Folder

4)Now, make sure there are no checkmarks beside the following:
Hide protected Operating System Files.

5) Uninstall Limewire. You can reinstall it at the end of these steps.

6) Disable System Restore in Windows. This can be done by right clicking on My Computer, selecting Properties, and then clicking on the System Restore tab. Then check the box Turn Off System Restore. Hit Apply, and then OK. If you are prompted to restart Windows, do so.

7) Now we need to fool the virus into allowing us to open the Task Manager. This can be done by copying the Task Manager executable file from the Windows directory. To do this, go to c:\windows\system32, select the file taskmgr.exe, right click on it, and select Copy. Go to the desktop, and click on an empty part of the desktop. Then right click on the desktop, and select Paste.

8) Double click on the taskmgr.exe file on your desktop. This should open the Task Manager. Click on the Performance tab. If you are in fact infected with a virus, you will likely (although not necessarily) see close to 100% CPU usage!! Now click on the Processes tab, followed by clicking twice on the CPU column header. What this does is order the files running on your computer based on the amount of CPU resources they are consuming in real time. If there is a process, other than System Idle Process, that is consuming close to 100% of the CPU, then it is this process (or file) that is infecting your computer. For me, and likely for a lot of you, that file will be winupdates.exe. Don't be tricked. This is not a Microsoft program. It's a virus masking itself as a legitimate file. Please remember the exact name of this process, because you will need it in a later step.

9) Click on this process to highlight it, then click the button End Process. A warning prompt should pop up. Click on Yes.

10) Now that this process is killed, we need to remove any references to it from the Registry. Once again, because this virus is blocking us from opening the Registry Editor, we need to trick the virus by copying the file to the desktop. Follow the same steps as in number 3, except this time, copy the following two files from their respective directories, and paste them on the desktop.

c:\windows\regedit.exe
c:\windows\system32\cmd.exe

11) Open regedit from the desktop. In the left window, click on My Computer so that it is highlighted. Now select Edit from the menu, followed by Find. In the Find box, type the name of the process that you ended from the Task Manager. If you recall, mine was winupdates. Do not include the .exe, just winupdates. Then click Find.

12) For the item that it found in the right window, click it to highlight it if it isn't highlighted already, and then right click on it, and select Delete. If a prompt pops up, select Yes or OK to confirm the delete.

13) Now, hit the F3 button once. This will find the next reference to that bad file. Follow step 8 again to delete the reference. Repeat steps 9 and 8 until the editor indicates that there are no more references to this file. Then exit the editor.

14) click on cmd.exe which you copied to the desktop. It will open the Command Prompt (which looks like DOS). Type the following commands in order, and hit Enter after each line:

cd c:\
cd program files
rd /s /q winupdates

16) make sure to go back into the System Properties by right clicking on My Computer, and unchecking the Turn Off System Restore box under the System Restore tab.

17) Now restart your computer. Reinstall Limewire

18) create a restore point after you have removed the virus. Then delete all but the latest resore points. Heres how.

To delete all but the last restore point you made
1) Right click on C:/ in My Computer
2) Click Properties
3) Click Disk Cleanup
4) Click Tab <More Options>
5) Under System Restore Click <Clean up...>

by the way, deleting restore points is OPTIONAL
and did because they will actually contain the virus file and if you restore to one of the infected points, Congradulations you're reinfected.

I think that pretty well covers it. if you find any mistakes please post here and i will correct my error. i have read through this like 10 times already though so i know none of the errors will be computer fatal errors. heck i did it on my own following these instructions which are actually from a guy in another post here. i copy pasted. Thanks Bobby Naini. youre a genius and i give all credit to him. I take none for my own. Bye and good luck.

kmag June 21st, 2005 09:20 AM
Please send a copy to ant-virus labs to help stop this virus
 
[New Info]
This is malware has been identified as
Worm.Win32.VB.an, the "AN Worm", sometimes called the "Zodiak Worm".

I was able to obtain a sample of this malware. I got free trial versions of both Norton Anti-virus and Kaspersky Anti-virus from Downoad.com.

Norton's 6/22/2005 virus definition library misses this malware.

Kaspersky catches it and quarantines it.

http://www.download.com/3120-20_4-0.html?qt=kaspersky

Let us all know if you find any other anti-virus scanners that catch this worm. It might be a new variant, because Norton's website claims they've been able to catch this worm since October 2003.

[End of New Info]

I sent an email to Kaspersky Labs antivirus yesterday about this virus and got an email back from one of their virus analysts. However, I haven't been infected and so I wasn't able to provide them with a sample of the virus.

If you'd be so kind as to help prevent others form getting this virus, please make a password-protected zip (or rar) file containing any viral files you are about to delete. The password should be "infected" and it should be mailed to NewVirus@kaspersky.com, with a subject of KLAB-571146.

It's my understanding that the major anti-virus labs have informal agreements about sharing new viruses with eachother.

If you're extra motivated to help stop this virus, TrendMicro anti-virus has a web submission form at http://subwiz.trendmicro.com/SubWiz/...sp?opgWizard=7 . Presumably TrendMicro wants the winupdates file instead of the password protected zip file.

Unfortunately, it looks like Symantec/Norton Anti-Virus requires you to use Norton Anti-Virus to send in samples instead of using plain old email. If you have Norton Anti-virus, please by all means use Norton Anti-virus to send Symantec/Norton a copy of winupdates.

McAfee Anti-virus's website gives me the impression that there's no way for the average person to send them samples of suspected viruses.

kc0rkx_finch June 21st, 2005 02:04 PM
Sorry
 
If there is anyone out there who hasnt gotten rid of this virus yet, please be so kind as to send the files to this guys people. I cant as i already got rid of it. If i do ever get reinfected with it i will send them out but i cant. To do this, instead of deleting all of the files as stated above simply copy them into a new folder on your desktop and THEN delete the originals. I dont know if you can do that with the registry stuff though. :( Im sorry i had already gotten rid of the stuff but it ate up my printer stuff and everything. I wish you had said something sooner. I will be glad to send these instructions though if that helps. Let me know if it will. I dont have Norton as i hate it for crashing my dads system and putting me through h-e double hockey sticks and back. It took me 40 hours of recovery work to get that system back and it was right after i got norton on it. Im sorry i cant help other users that like it though. I have Etrust. I know nothing about sending virus info to them though. If oyu find anything out please feel free to post again, pm, or even email me at my username (kc0rkx_finch) at yahoo.com SORRY i cant be of anymore help!!

Metal123 June 21st, 2005 03:00 PM
OMG YEAH!
 
I got rid of it! it was annoying me to HELL!
no taskmanager was driving me NUTZ, plus all the cpu usage and stupid popups. and the fact that it was so hard to make it f*** off =) THank you so mutch for helping :D

tattoowayne June 21st, 2005 05:49 PM
141414
 
ok so if i have win2000 what do i do about the restore point and the prefetch folder. they dont exist on 2k?

kc0rkx_finch June 21st, 2005 07:08 PM
im glad these instructions helped somebody. I will try to get some 2k info soon and let you know. same for win 98 users I might not be able to do win 95 but ill try

HeyJay June 22nd, 2005 04:54 AM
At step 2 , c:\windows\prefetch , I do not have any files with winupdates in the name.

At step 7 , c:\windows\system32 , I do not have any files with .exe in the name.

Thank you for your continued support.

kc0rkx_finch June 22nd, 2005 08:50 AM
the taskmgr file will not have .exe at the end of it on win xp. it will just be called taskmgr. If you doi not have any of those files in the prefetch folder the the virus may not have progressed as far as it had on mine and bobby naini's systems. You should be okay there


Im still trying to find a win 2k pc and have not had a chance to get on one yet. I will try to find one soon and reply.

kc0rkx_finch June 22nd, 2005 12:30 PM
Tattoowayne, For your sake i hope to god im right on this. Is windows 2k generally the same format as win98?? If it is i have a win98 pc that i could use but the only 2k pc i can find is at my office and its 2kpro. Plus if i start screwin around on it and f*** somethin up then im out on my @$$. If 2k is like win98 ill get some info tommorrow. For those who want to send the viral info to the people mentioned above by anohter party the instructions are coming soon. I am having a little trouble re-configuring the entire instruction sheet but im working on it. Thank god i have these two weeks off from work so i can "work" helping you guys out. Its kinda fun though. Makes me regret not going into a computer type job. I guess i could switch though im still young ( at heart). Also please post your system specs for me. I have an odd idea but it just might work if your system is "up to snuff enough"

kc0rkx_finch June 22nd, 2005 12:41 PM
also please see the poll on this forum and vote. Its very important and could help us convince all of the antivirus folks to get an "antidote" out in their software. Please choose two.

http://www.gnutellaforums.com/showth...threadid=39696


All times are GMT -7. The time now is 10:02 PM.
Page 1 of 12 1 2345611 Last »
Show 50 post(s) from this thread on one page

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.