Gnutella Forums  

Go Back   Gnutella Forums > Current Gnutella Client Forums > LimeWire+WireShare (Cross-platform) > Open Discussion topics
Register FAQ The Twelve Commandments Members List Calendar Arcade Find the Best VPN Search Today's Posts Mark Forums Read

Open Discussion topics Discuss the time of day, whatever you want to. This is the hangout area. If you have LimeWire problems, post them here too.

Welcome To Gnutella Forums

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content, fun aspects such as the image caption contest and play in the arcade, and access many other special features after your registration and email confirmation. Registration is fast, simple and absolutely free so please, join our community today! (click here) (Note: we use Yandex mail server so make sure yandex is not on your email filter or blocklist.)

If you have any problems with the Gnutella Forum registration process or your Gnutella Forum account login, please contact us (this is not for program use questions.) Your email address must be legitimate and verified before becoming a full member of the forums. Please be sure to disable any spam filters you may have for our website, so that email messages can reach you.
Note: Any other issue with registration, etc., send a Personal Message (PM) to one of the active Administrators: Lord of the Rings or Birdy.

Once registered but before posting, members MUST READ the FORUM RULES (click here) and members should include System details - help us to help you (click on blue link) in their posts if their problem relates to using the program. Whilst forum helpers are happy to help where they can, without these system details your post might be ignored. And wise to read How to create a New Thread

Thank you

If you are a Spammer click here.
This is not a business advertising forum, all member profiles with business advertising will be banned, all their posts removed. Spamming is illegal in many countries of the world. Guests and search engines cannot view member profiles.

           Deutsch?              Español?                  Français?                   Nederlands?
   Hilfe in Deutsch,   Ayuda en español,   Aide en français et LimeWire en françaisHulp in het Nederlands

Forum Rules

Support Forums

Before you post to one of the specific Client Help and Support Conferences in Gnutella Client Forums please look through other threads and Stickies that may answer your questions. Most problems are not new. The Search function is most useful. Also the red Stickies have answers to the most commonly asked questions. (over 90 percent).
If your problem is not resolved by a search of the forums, please take the next step and post in the appropriate forum. There are many members who will be glad to help.
If you are new to the world of file sharing please do not be shy! Everyone was ‘new’ when they first started.

When posting, please include details for:
Your Operating System ....... Your version of your Gnutella Client (* this is important for helping solve problems) ....... Your Internet connection (56K, Cable, DSL) ....... The exact error message, if one pops up
Any other relevant information that you think may help ....... Try to make your post descriptive, specific, and clear so members can quickly and efficiently help you. To aid helpers in solving download/upload problems, LimeWire and Frostwire users must specify whether they are downloading a torrent file or a file from the Gnutella network.
Members need to supply these details >>> System details - help us to help you (click on blue link)


There are senior members on the forums who serve as Moderators. These volunteers keep the board organized and moving.
Moderators are authorized to: (in order of increasing severity)
Move posts to the correct forums. Many times, members post in the wrong forum. These off-topic posts may impede the normal operation of the forum.
Edit posts. Moderators will edit posts that are offensive or break any of the House Rules.
Delete posts. Posts that cannot be edited to comply with the House Rules will be deleted.
Restrict members. This is one of the last punishments before a member is banned. Restrictions may include placing all new posts in a moderation queue or temporarily banning the offender.
Ban members. The most severe punishment. Three or more moderators or administrators must agree to the ban for this action to occur. Banning is reserved for very severe offenses and members who, after many warnings, fail to comply with the House Rules. Banning is permanent. Bans cannot be removed by the moderators and probably won't be removed by the administration.

The Rules

1. Warez, copyright violation, or any other illegal activity may NOT be linked or expressed in any form. Topics discussing techniques for violating these laws and messages containing locations of web sites or other servers hosting illegal content will be silently removed. Multiple offenses will result in consequences. File names are not required to discuss your issues. If filenames are copyright then do not belong on these forums & will be edited out or post removed. Picture sample attachments in posts must not include copyright infringement.

2. Spamming and excessive advertising will not be tolerated. Commercial advertising is not allowed in any form, including using in signatures.

3. There will be no excessive use of profanity in any forum.

4. There will be no racial, ethnic, or gender based insults, or any other personal attacks.

5. Pictures may be attached to posts and signatures if they are not sexually explicit or offensive. Picture sample attachments in posts must not include copyright infringement.

6. Remember to post in the correct forum. Take your time to look at other threads and see where your post will go. If your post is placed in the wrong forum it will be moved by a moderator. There are specific Gnutella Client sections for LimeWire, Phex, FrostWire, BearShare, Gnucleus, Morpheus, and many more. Please choose the correct section for your problem.

7. If you see a post in the wrong forum or in violation of the House Rules, please contact a moderator via Private Message or the "Report this post to a moderator" link at the bottom of every post. Please do not respond directly to the member - a moderator will do what is required.

8. Any impersonation of a forum member in any mode of communication is strictly prohibited and will result in banning.

9. Multiple copies of the same post will not be tolerated. Post your question, comment, or complaint only once. There is no need to express yourself more than once. Duplicate posts will be deleted with little or no warning. Keep in mind a forum censor may temporarily automatically hold up your post, if you do not see your post, do not post again, it will be dealt with by a moderator within a reasonable time. Authors of multiple copies of same post may be dealt with by moderators within their discrete judgment at the time which may result in warning or infraction points, depending on severity as adjudged by the moderators online.

10. Posts should have descriptive topics. Vague titles such as "Help!", "Why?", and the like may not get enough attention to the contents.

11. Do not divulge anyone's personal information in the forum, not even your own. This includes e-mail addresses, IP addresses, age, house address, and any other distinguishing information. Don´t use eMail addresses in your nick. Reiterating, do not post your email address in posts. This is for your own protection.

12. Signatures may be used as long as they are not offensive or sexually explicit or used for commercial advertising. Commercial weblinks cannot be used under any circumstances and will result in an immediate ban.

13. Dual accounts are not allowed. Cannot explain this more simply. Attempts to set up dual accounts will most likely result in a banning of all forum accounts.

14. Video links may only be posted after you have a tally of two forum posts. Video link posting with less than a 2 post tally are considered as spam. Video link posting with less than a 2 post tally are considered as spam.

15. Failure to show that you have read the forum rules may result in forum rules breach infraction points or warnings awarded against you which may later total up to an automatic temporary or permanent ban. Supplying system details is a prerequisite in most cases, particularly with connection or installation issues.

Violation of any of these rules will bring consequences, determined on a case-by-case basis.

Thank You! Thanks for taking the time to read these forum guidelines. We hope your visit is helpful and mutually beneficial to the entire community.

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old March 8th, 2005
Posts: n/a
Angry A festival of malware in pcsurg.rar

A festival of malware in pcsurg.rar

I had the misfortune of experiencing this 1sthand the other day: 3 ISTbar regkeys/values, 4 from ( targets internet trusted zones (inf from AdAware), & the exe from which all this sprang, rraut.exe (associated with "blue"-something in the registry) & a .txt file, composed of numbers.
Yes, I did click on it. I was lulled into a false sense of security by Limewire dl warnings in the past, & NAV warning about/deleting W32Tibick. Later, it found and quarantined 2 "bloodhound unknown" suspects, deleted DealHelper, & NetOptimizer, failed to delete ISTbar(s), mmxsitessc.exe, gammainstaller.exe.exe.
12 hours later, 2 Norton Antivirus, AdAware, X Clean, Spyhunter, SpySubtract scans (not to mention finding & manually rewriting over them with Norton “wipe info”)! I did another AdAware scan, and found 9 reg keys/values for DyFuCA and about 40 for Backweb lite! Rraut.exe planted itself in my startup group, & gives a reg value, but its neither finable in registry, nor in the C drive! If this had been one of my early experiences with file sharing, I would never have gone near it again. Not only would I have been chicken, but I wouldn’t have known enough to have used the arsenal of tools I did to even remove as much as I have! My computer would have been as frozen as the wretched NYC outdoors is today, all the malwares trying to phone home at once!
On one of the googled sites, I saw a reference to an article, which may explain the viciousness & amount of malware in one small download:
” PC World has learned that some Windows Media files on peer-to-peer networks such as Kazaa contain code that can spawn a string of pop-up ads and install adware. They look just like regular songs or short videos in Windows Media format, but launch ads instead of media clips”. The rest of the article can be found at:,aid,119016,00.asp
Although mine was a .rar which decompressed into an exe, I’m sure that it would be no great stretch to code.

If there is anything to be learned from this (aside from the obvious), its
1) virus-hunting programs like NAV aren’t especially made for malware, so its possible that some might slide on through into your computer.
2) Adaware doesn’t keep vigil like virus-monitoring programs do. You actually have to set the scan in motion.
3) NEVER just hit “accept” when AdWatch mentions a pgm is trying to access the registry! True, if you click on the link for more details, it just sends you to the Lavasoft page where they tell you to be careful (the link isn’t specific for each instance). The popup AdWatch box is kind of small and cuts off the end of long entries, so you don’t really have all the inf. And most of the time, the change was instigated by an action on your part. But, when in doubt, CHOOSE BLOCK!

I will never get back the time spent exorcising all this trash, but what might make me feel a little better about this is if someone reads it and avoids the same fate. I probably would get absolutely wickedly cheerful if presented with writer of this rarbomb, trussed up on a spit (hint… ; ) ). Be careful!
Reply With Quote
  #2 (permalink)  
Old March 8th, 2005
Posts: n/a
Exclamation Speak of the Devil...

Here I am, bravely going forth to complete my task (see what happens when you download a trial programs from a reputable site like, only to find that when you try and use it, the only thing it will say is "trial period expired"?)

Anyway, I was also hoping to run into that nasty rar again *combative look*

I look to my results, and find PC Surgeon Crack, an exe, 263kb. However, it contains a lovely little worm called W32.Tibick.

From Symantec:
W32.Tibick is a worm that propagates through file-sharing networks. This worm also connects to an IRC channel and listens for messages from the attacker.

Also Known As: Worm.P2P.Tibick [Kaspersky]

Type: Worm
Infection Length: 12,820, vary
When W32.Tibick executes, it does the following:

Copies itself as %System%\svcnet.exe.

Note: %System% is a variable that refers to the System folder. By default this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).

Adds the value:

"System Restore" = "svcnet.exe" to one of these registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Run

so that the worm runs when you start Windows.

Creates a folder named %Windir%\msview and copies itself as multiple file names (here they name all sorts of files one might find at a file sharing site).
Modifies the settings of various file-sharing applications, if present, to use the newly created folder as the default sharing folder. This applies to the following applications:


The worm may also update itself when a new version is available.

This seemed familiar, so I looked at my incomplete dl's - it was the file responsible for the W32.Tibick I mentioned in my 1st posting! Here it is, just lurking & waiting for another victim!

I blocked the sender, In 2 days time, even the densest of people would have noticed the changes (mentioned above), in their system. Several of the anti-malware, antivirus pgms I used were free ones on the web. There really is no excuse for ignorance in this matter!

I don't understand deliberate, casual cruelty, especially to those who you have never even met. Is there any other way a worm-bearing file could still be around 2 days later, unless its deliberate?
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
197.7 Trojan/malware info luthier Open Discussion topics 2 October 12th, 2006 07:57 PM
new malware!bot help noviator Windows 5 April 2nd, 2006 04:44 AM
malware file mcga Download/Upload Problems 1 April 17th, 2005 05:38 PM
Malware bundled with Limewire??? dogbreath Open Discussion topics 15 March 19th, 2005 10:24 AM
Spyware, Adware, Malware on OSX? keithybhoy General Mac OSX Support 2 March 15th, 2005 06:42 AM

All times are GMT -7. The time now is 09:56 AM.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2023, vBulletin Solutions, Inc.
SEO by vBSEO 3.6.0 ©2011, Crawlability, Inc.

Copyright © 2020 Gnutella Forums.
All Rights Reserved.