| blurb23 | October 18th, 2005 05:37 PM |
Winupdates Virus
I followed these instructions here, and I'm still stuck with the problem: Quote:
Originally posted by BobbyNaini
I had this exact same problem, and after literally 24 hours of analyzing every inch of my computer, I solved the problem. I suspect that based on your descriptions of the problem (which I had as well), you are infected with a virus. It's unbelievable that none of my AntiVirus packages picked up this infection.
For me, everytime I restarted my computer, Limewire would automatically load up. Even if I closed it, it would just open back up again. On top of this, I could not even access the Task Manager in Windows XP to allow me to force a shutdown of Limewire. I hit CTRL-ALT-DEL and nothing would happen.
Anyways, here are the steps that need to be taken.
1) Uninstall Limewire. You can reinstall it at the end of these steps.
2) Disable System Restore in Windows. This can be done by right clicking on My Computer, selecting Properties, and then clicking on the System Restore tab. Then check the box Turn Off System Restore. Hit Apply, and then OK. If you are prompted to restart Windows, do so.
3) Now we need to fool the virus into allowing us to open the Task Manager. This can be done by copying the Task Manager executable file from the Windows directory. To do this, go to c:\windows\system32, select the file taskmgr.exe, right click on it, and select Copy. Go to the desktop, and click on an empty part of the desktop. Then right click on the desktop, and select Paste.
4) Double click on the taskmgr.exe file on your desktop. This should open the Task Manager. Click on the Performance tab. If you are in fact infected with a virus, you will likely (although not necessarily) see close to 100% CPU usage!! Now click on the Processes tab, followed by clicking twice on the CPU column header. What this does is order the files running on your computer based on the amount of CPU resources they are consuming in real time. If there is a process, other than System Idle Process, that is consuming close to 100% of the CPU, then it is this process (or file) that is infecting your computer. For me, and likely for a lot of you, that file will be winupdates.exe. Don't be tricked. This is not a Microsoft program. It's a virus masking itself as a legitimate file. Please remember the exact name of this process, because you will need it in a later step.
5) Click on this process to highlight it, then click the button End Process. A warning prompt should pop up. Click on Yes.
6) Now that this process is killed, we need to remove any references to it from the Registry. Once again, because this virus is blocking us from opening the Registry Editor, we need to trick the virus by copying the file to the desktop. Follow the same steps as in number 3, except this time, copy the following two files from their respective directories, and paste them on the desktop.
c:\windows\regedit.exe
c:\windows\system32\cmd.exe
7) Open regedit from the desktop. In the left window, click on My Computer so that it is highlighted. Now select Edit from the menu, followed by Find. In the Find box, type the name of the process that you ended from the Task Manager. If you recall, mine was winupdates. Do not include the .exe, just winupdates. Then click Find.
8) For the item that it found in the right window, click it to highlight it if it isn't highlighted already, and then right click on it, and select Delete. If a prompt pops up, select Yes or OK to confirm the delete.
9) Now, hit the F3 button once. This will find the next reference to that bad file. Follow step 8 again to delete the reference. Repeat steps 9 and 8 until the editor indicates that there are no more references to this file. Then exit the editor.
10) Finally, click on cmd.exe which you copied to the desktop. It will open the Command Prompt (which looks like DOS). Type the following commands in order, and hit Enter after each line:
cd c:\
cd program files
rd /s /q winupdates
11) Now restart your computer. Reinstall Limewire.
This should hopefully fix your problem.
Bobby Naini
| I followed the instructions to the letter, but I'm still stuck with the virus. When I do the Task Manager, my CPU usage is only at about 2% (maybe it's because I have a dual core proccessor?), and there's nothing called winupdates, or anything close to it, in my Proccesses tab.
I know the problem's still there, because I've uninstalled LimeWire (as instructed), but I still see something trying it open it (the little LimeWire symbol comes up on my taskbar), and then I get some Java error.
My system specs (I'm not too computer savvy, so tell me if these are too general):
Pentium 4 820 D Proccessor @ 2.8 Ghz
1 GB of RAM
256 mb ATI Radeon 9250
250 GB Harddrive
160 GB HP Personal Media Drive (external Hard Drive) Edit: I managed to get a screenshot of the Java error. http://img436.imageshack.us/img436/5...ates0td.th.jpg |
