|
files from limewire converted into zip files i'm just new here and i never had a problem with limewire until today...all my downloaded files especially the audio files was converted into .exe or zip files...i tried to unzip a few files and gave me an icon which is labelled setup,but are not working...with the rest, a pop up message was shown say that the file is corrupted. i have been trying to figure this out the whole day and am really getting frustrated!:bangh: :bangh: :bangh: :bangh: why would the files be changed int an .exe file? and it all shows the same file size. i've already tried scanning my my whole system for virus and adware or spyware but the does not detect anything. is there still a way to fix the files which i collected for more than a year now? there must be a way to solve this problem and salvage all my downloads. please help me! :confused: |
Double-Post :blink: http://www.gnutellaforums.com/showthread.php?t=67146 Have a look at this http://www.gnutellaforums.com/showthread.php?t=67143 |
thank you! i was hoping to get a walk through of exactly what to do . and if i should just dump all the files i downloaded or is there a way to salvage them? thank you for the quick response!:xirokrotima: |
Sorry, but I don't think anyone has come up with a solution, yet :o If you figure it out, let us know...many people are frustrated just like you! Good Luck :idea: Dano |
Hi Everybody. From what ive been reading this is a worm/trojan, Havent got a name for it yet But working on that. Looks like its targeting the defalt L/Wshared so as a tempary fix try making a new share folder on another drive with a diffrent name then point L/W to it. I beileve it is coppying the names of files, then deleting original files, then puting user file names on newly created virus files So trying to open them may be a no no. Has anyone tryed to copy them to desktop in a new folder and scan them.? Has anyone looked in the bin or done a file recovery.? Can you people who have this problem Give us some feedback on whats happning exactly. What did you D/L just befor it started ? I dont have this problem So Im in the dark. Peace. |
Looks like many of limewire's zip file are infected with a (goabot worm) I tried to download about 5 different files today limewire caught 1 out of those 5 file infected with a virus my antivirus picked out 4 that Limewire allowed me to down load and failed to identify as corrupt files. Every file that I tried to download was infected, unless limewire does something about this it will become a ghost town on here What Limewire really needs is if your system happens to be able to identify a virus you should be able to flag the program so that others won't down load it. I am thankful I have an excellent internet security that updates it's definitions sometime 4 to 5 times daily sometimes more because if I would have that Norton junk I would of been dead after the first one. Norton couldn't catch a cold if it's life depended on it, I am willing to bet the people whop have been infected all had Norton, word of warning don't download anything if you use Norton unless that is you want to risk losing everything everything |
So what is a smallrage man ? Hi Grauwl....:D :Smilywais: So what is the exact file size of those L/W missed,? and there are warnings everywhere DONT D/L EXE files, (There just for testing AV programs) Yea man We all keep shouting about it, But they must like Viruses Peace. |
If mp3s are turning into exe files and then turning the rest of your shared folder into the same, you would think that the original infected file would be to small to be an actual song... I think it comes down to not downloading anything that is under 1000kbs no matter what file extension it has...Also always scan each and every file before playing them....:rolleyes_2: |
Oh! no not my shared folder.Prevention is betta than cure. Pranaams, Wondering why. I would go even further n say 2000kbs, What real song is less than two min's unless they are a crap bit-rate, n whats the use of a track that sounds like its being played from a transistor radio under water :rofl: MP3 files cannot be converted to .EXE its not possible, They are being Deleted, Then replaced with (Who knows what) with an .EXE extension It may be a zip/rar file with multiple files inside, e.g. worm,trojan & virus combined. I believe its a new threat, not an existing one & a bad one at that. My addvice move your shared folder n rename it, till a threat signture can be put on it, and backup shared folder to exturnal drive. if thats not an option then back it up to a password zip folder. On last count I had 21,500 files & all are very dear to me. I would Die if I lost my collection.:shoot: Peace. |
Hi all Just found this. Dont know if its relevant. The Kazaa file-swapping network has been hit by another worm, just months after the first such attack, according to antivirus vendors. Antivirus company Sophos said it had received several reports of the KWBot worm in the wild. KWBot appears to be the second worm to hit the Kazaa network, which fell prey to the Benjamin worm in May. KWBot spreads in a similar way to Benjamin in that it alters Windows registry keys and then disguises itself as files that are likely to prove popular with file-swappers. It makes particular use of the names of movies and applications. When first executed, the worm copies itself to the Windows system folder as xplorer32.exe, said Sophos. It will then create two registry entries so that the copy is run each time Windows is started. The worm may also allow attackers to gain control of an infected computer using commands transmitted over Internet Relay Chat, said Sophos. Kazaa is not the only file-swapping network to have been targeted by virus writers. The Gnutella file-swapping network was hit by a proof-of-concept worm in February. There have also been threats from other quarters. In April, a bug was found in the popular Winamp software for playing digital music files. The bug could allow an attacker to embed malicious code into an MP3 file, potentially damaging the user's PC and infecting other MP3s. In addition, the music industry recently began planting "decoys" on free peer-to-peer services in its fight against online piracy, according to sources. This practice, known as "spoofing," entails the hiring of companies to distribute "decoy" files that are empty or do not work in order to frustrate would-be downloaders of movies and music. Overpeer, a New York-based software firm funded by South Korea's SK Group, is understood to be one of the firms helping the industry disguise online files to thwart unauthorized swapping. Examples of filenames used by the KWBot worm are: Star Wars Episode 2 - Attack of the Clones VCD CD1.exe Spiderman The Movie - The Game.exe Grand Theft Auto 3 CD1 ISO.exe ZoneAlarm Firewall Pro.exe Windows XP Professional iso.exe Unreal Tournament cracked (works on all servers).exe University Study Guide (cheat sheet).exe Quicken Pro 2002 iso.exe Perl Ultimate Study Guide.exe Office XP Corporate Ed. iso.exe Norton Utilities 2002.exe Microsoft Visual C++ 7.0 iso.exe MCSE Ultimate Study Guide.exe Max Payne full iso.exe Macromedia Flash 5.exe Kazaa Advertisement Ad remover.exe DSL Anonymizer.exe DoS Attacker.exe DivX Codec 6.0 beta (codec only).exe Credit Card number generator VERIFIER (cc cc#).exe cows gone wild.exe 100 XXX Passwords (verified 3-24-02).exe Sophos has a virus identity file that includes a fix for the KWBot virus here. Peace. |
Good info Mick...:idea: |
AFAIK, just from having a look on Google, that worm dates back to 2002-2003. Unless there's a new variety of it around now? |
Hi Everyone Yes This is an old worm, But looking at its behavour there were similaraties So my thinking was It could have been modified. Hey Birdy, 4 hours of searching & this is the only thing so far that I found that was even remotly similar. After going through the list of file names that had been posted I realised that we have most of them present, Here on the network. Im not a teki so if anyone can sujest other places to look, I will do some donky work sniffin around. why dont L/W just limmit the file extentions you can share in tools/options/sharing,Extensions. If the defult setting (beginers) ticked auto at setup only had audio,vidio,pic,doc. then an advanced tab for, fools & experts, we would not have half the crap in search. Because the newbies could not auto share exe rar zip an other crap. If I gave a small child a motor bike n said ride it, without checking how n if they could you would call me recless, well I beileve P2P also needs stablizers for most of the new guys at the first. P.S.. sorry off topic.....But is'nt that easly possable. Peace. |
Have a look here, at posts #8 & #9 http://www.gnutellaforums.com/showth...754#post255754 When you do a search for xzxzxzxzxzxz.exe.... http://www.bitdefender.com/VIRUS-100...B.Ymeak.A.html http://www.bleepingcomputer.com/forums/topic45260.html http://forums.techguy.org/windows-nt...indows-xp.html (check out post #4 of the above...they're telling people to use BFU, same as is used for the LW always popping up worm) http://forums.spywareinfo.com/lofive...hp/t72978.html (also mentions BFU) When you do a search for q7q7q7q7q7q7q7q7xx.zip http://forums.spywareinfo.com/index.php?showtopic=93859 I know nothing about cleaning up this sort of thing...I don't see how running BFU could hurt but I don't know if it's going to fix the whole thing either. KillBox is mentioned a couple of times also, but I've never heard of that one. We could get people to run BFU & if that doesn't fix the prob, then send them on to one of the help sites? Or one of the gurus might have some more info & suggestions? Atm, people are just refusing to believe they're infected at all...if their AV doesn't pick anything up then they're convinced things are ok. What do you guys think? :virusalert: |
Good info Birdy! :xirokrotima: The people in those spyware forums really seem to know their stuff! At least now everyone that is having this problem has somewhere to go...in the thread that I was most impressed by (the last one), the expert had the person download 5 or 6 programs to eliminate all of the malware! This just goes to show how evasive some of these nasty files can be. No program is guaranteed to get rid of all malware. It can be quite a battle, and that's why we try our best to avoid it in the first place! Of course, a few people must take one for the team, so to speak, whenever something new like this pops up. Good luck to everyone that is suffering through this. Dano |
Hi every one This is expansion of 2nd Link that Birdy Gave, Users can check if they have any of these files n folders present on there computer By copying the names EXACTLY to Notepad, then Boot in safe mode. Note: In file options, you must enable SHOW hidden files. Before Boot in safe mode Then Go, Start/Search n enter exact file names. If found please make short posts in this thread ONLY, No life history:D just list of file names & anything related directly. We appreciate you help, Thank you. Win32.Worm.VB.Ymeak.A Spreading: MEDIUM Damage: MEDIUM Size: 236,136 Discovered: 2006 Mar 02 SYMPTOMS: Presence of the following files: %windir%\b.exe (usually C:\Windows\b.exe), 155,648 bytes C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe, 236,136 bytes The file xzxzxzxzxzxz.exe (236,136 bytes) may appear in a subdirectory called "_" (underscore) in the shared folders of peer-to-peer file sharing applications. TECHNICAL DESCRIPTION: This is a worm that spreads itself via peer-to-peer file sharing networks, dropping a backdoor identified by BitDefender as Backdoor.RBot.CMQ. It has a file size of 236,136 bytes. The first time it is run, it displays the following message to make the user believe it is a setup file downloaded with errors: After displaying the message, it copies itself to the All Users' startup folder (usually C:\Documents and Settings\All Users\Start Menu\Programs\Startup\) as svchost.exe, and launches itself from that new location. The original instance ends its execution at this point. When launched from the afore mentioned (Startup) folder, it checks if the %system% (usually C:\Windows\System32) folder contains any of the following files: winlog.exe, p2pnetworking.exe, scvhost.exe, winlogi.exe or p2pnetwork.exe. These are all file names used by the RBot trojan. If it can't find any of them, it assumes the RBot trojan is not present so it dropps it into the Windows folder as b.exe and runs it. To spread itself, it collects random application names from certain torrent and direct download sites. It then places itself in the shared folder of five common P2P file sharing software (listed below) using the previousely collected names, in a subfolder called "_" (underscore). At regular intervals it looks for the executable files of the file sharing programs Limewire, Shareaza, Bearshare, Morpheus and Morpheus Ultra and launches them. To protect itself from being discovered, it opens the following files (requesting exclusive access): cmd.exe, netstat.exe, tracert.exe, ping.exe, ipconfig.exe, taskkill.exe, regedt32.exe and taskmgr.exe from the %system% folder and regedit.exe from the %windir% folder. It keeps them open while it is active, so they can not be executed. Removal instructions: Please let BitDefender disinfect your files. ANALYZED BY: Vlad Ioan Topan, BitDefender Virus Researcher |
Excellent research Birdy...I'm Bookmarking this page...:idea: |
I asked about this over at the Beta forums the other day and Aaron has replied with this... http://www.limewire.org/forum/showpo...16&postcount=2 |
HELP I have had the same thing happen to me, very scary as i have lost a huge amount of files can anyone help ? all the .mp3 files have been converted into .zip files and if you try opening or playin them they are just setup files, anyway to save these files ? really need to, and 'quotejnr' did u find out how to do this? |
Hi, its a worm called delf.atb . here is a link to free virus software that can find and remove it. http://free.grisoft.com/doc/5390/lng/us/tpl/v5 |
I discovered that I had this same problem...every single file I had downloaded for the past two years had turned to compressed files that wouldn't open at all. I found a way to get past it, but I'm not sure if it's a temporary fix or what... Being as I am completely computer-illiterate, this may not be the right way to fix it, or it may be the long, complicated way. Here's what I did... I uninstalled REALPLAYER from my computer (the program I had been using to play all my mp3's), and then went through and reinstalled it. It really wasn't any big deal, considering I needed an update anyway. Then, what I did was when it asked me if I wanted to use REALPLAYER as my default program for all my mp3's, I clicked "Yes". Then, after I was finished with the re-install, I went back to my windows/shared folder where all my songs were, and they had be changed back to REALPLAYER files. But, they still wouldn't play. So, I went into my limewire progam and redirected my all new incoming downloaded files to a different folder...I just used something random that I never use. Then, I tried to download a song, and when it finished, I went to the new folder and tried to play it, and it worked! So then I though, why don't I try to put all my songs into that new folder? Maybe it's just the folder that isn't working. So, I put ALL my songs (800+) into this new folder, and they ALL work!! So, that's what I did to get my files to work again. Whether or not there's a better way or whether or not this will continue to work, I have no idea. LIke I said, I'm completely computer illierate. Anyway, let me know if anyone has any other clue! Hope this helps you! |
I've had the same thing happen to my files as well. Until I came to this Forum, I thought that I did something myself to the files which was driving me crazy because I couldn't for the life of me figure it out. Neither can I comprehend how mp3 files could be compressed to a zip file. I've tried everything I know as well as everything I've read from others to remedy the situation with absolutely no luck. So I guess I'll just completely delete the entire folder and start the whole download process over again. I suspect it'll take me a few months to re-download the thousands of files I had but what else can I do? My only concern is that the same thing will happen again. So maybe I'll wait a while to see if Limewire or somebody else can come up with a solution. |
Zip files with lime wire Windows XP/ vista Un-install Lime wire and delete the shared folder. Re-boot the machine in DOS command line mode. Using the command line go to the startup folder and delete "dllhost.exe" file. Re-boot the machine and re-install limewire. Things should be ok. All about Ishan Sudeera Abeywardena and Latest Projects |
[quote=gorgeousji;255851]i'm just new here and i never had a problem with limewire until today...all my downloaded files especially the audio files was converted into .exe or zip files...i tried to unzip a few files and gave me an icon which is labelled setup,but are not working...with the rest, a pop up message was shown say that the file is corrupted. i have been trying to figure this out the whole day and am really getting frustrated!:bangh: :bangh: :bangh: :bangh: why would the files be changed int an .exe file? and it all shows the same file size. i've already tried scanning my my whole system for virus and adware or spyware but the does not detect anything. is there still a way to fix the files which i collected for more than a year now? there must be a way to solve this problem and salvage all my downloads. please help me! :confused:Gorgeous... I am new here too, and all the files of movies or videos that I would like all seem to be in zip files, and when I download I get a message from my virus software that the file is 'corrupted' or 'malware' or 'virus' and even if I take the chance and try to open the file I get a message that there are no files to extract from the zip file... I don't seem to be able to find any movie files (or very few) that are in avi, or mpg most are zip and they apparently are useless.. what do I do with the zip files? or how can I get them to work. :mad2: D Pearce |
See if any of the info here helps (click on the link below). Music files changing to zip or exe: some info Download AVG Free from the link within that thread. Update it & scan your computer. AFAIK people have lost their files after being infected with this worm. Make sure to keep your AV updated & scan every file that you download, before you open it. |
Zip and Rar files created by worm or virus... I just encountered the same problem. I uninstalled the Limewire program (after running Norton Antivirus, Spybot and other adware programs to no avail). I reinstalled a new downloaded Limewire (which happens to be a newer version) and renamed and placed the "shared" file on a different drive. Now, the first time I used Limewire, I have a pop-up with the virus infected program looking at me in a "rar" box. It's just waiting for me to execute it again. It also renamed itself.... I am including a screen shot of the program. I have scanned it for viruses, worms and/or adware by itself and it does not show any problems. I am now at a loss in finding the remnants and know that absolutely it will show it's ugly head again!! If anyone has further help, it would be greatly appreciated. I have XP on one drive and Vista on the other... Pentium IN9-32X-Max, Abit m/b w/2 GB OCZ Ram, Nvidia 8600 GT G/C, Creative XF-1 S/C, 7.1 Speaker System and Thermaltake 470W P/S... If you need more info, it will be provided... Thank you very much for any forthcoming help or advise... Sign me... Nailed again in Ky... Clint |
I've found myself in similar circumstances a few times....the first couple of instances I spent the time to fix the problem...sure, it was a learning experience and I felt 'satisfied' that I had defeated the infection....but I also spent a hell of a lot of effort to get there...I then adopted a different approach when it was apparent a good deal of my time would be required...and that approach is to simply back up data and reformat and do a clean install of the OS etc....from the specs you give it appears as if you have a custom machine, which indicates you have the required OS disc in your possession and most likely have the knowledge to reload the OS and all the applicable drivers for your hardware... I long ago adopted the use of dual boot machines where each OS resides on its own physical HDD and said HDDs are partitioned so that the OS resides on the first 30GB of the drive and the rest of the drive is used for data storage...this allows for transfer of data to another partition (which saves one from having to burn data to a cd/dvd for backup) and also limits the amount of space which needs to be defragmented so that one's OS runs to its fullest abilities....simple stored data rarely needs defragmentation but the OS and software does on a regular basis (about once a month)... |
Try one of these sites - they're specialists in malware removal & can help you!! I would suggest The 4Th one. But all can do the trick Spyware Warrior :: Index CastleCops® » Security Forums SpywareInfo Forum FAQ - SWI Forums Malware Removal - MajorGeeks Support Forums |
Malware Thanks for the advice. I cleaned up the final issue with IEDefender (at least, I have my fingers crossed). It sure saved me a ton of time reformatting, updating and reinstalling everything! Thanks again, Clint :xirokrotima: |
Rar and Zip files changing This is for Peerless, Thanks for your help. I normally feel the same way about chasing malware, worms and viruses, but this one seemed to be confined to only a few issues. It appears I have cleaned everything on both drives with Bitdefender and FixIEdef. They either deleted or at least identified the locations of the problems where the program could not clean or delete them. I am pretty sure I have the problem cleaned with about 2 hours of work vs tons of time reformatting, updating and reinstalling everything.... Thanks again, Clint:super: |
glad to hear you 'easily' won the battle...of course the war will never be won when dealing with nefarious father raping 'hackers' |
| All times are GMT -7. The time now is 05:39 AM. |
Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.
Copyright © 2020 Gnutella Forums.
All Rights Reserved.