Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How To Remove "lwintmdt.exe"


  • Please log in to reply
7 replies to this topic

#1 alinia

alinia

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 04 October 2007 - 08:48 AM

This is my first question on this blog. Hi everyone. My mother language is Dutch, so sorry if I make many mistakes in English.
My problem: from time to time when I start up my computer I get the message dat the computer is infected whith a malliscous file on startup/The name of the file is ' lwintmdt.exe' . Then then I'am prompted to put it in quarentaine, which I do. Next time I start my computer, it's the same story.
The file is in c:windows\system32
I' tried to delete the file there, but I could'nt, because it is in use. Then I went to the register and deleted everywhere I could the line whit the name in it.
I search the whole register by using the ctrl+F.
Nothing helps. By restarting the same story.
I have a firewall, and several antispyware programs on my computer, such as AVG, Xsoftspy, Diamonds Wormgaurd. Neither of the found somthing suspicious.
How can I remove this "thing"?
I have a lapop Aspire 1700, whith windows XP and installed service pack 2.
Can sombody help me?

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:15 PM

Posted 04 October 2007 - 09:19 AM

Go to jotti's virusscan or virustotal.com. In the "File to upload & scan" box, browse to the location of lwintmdt.exe and submit (upload) it for scanning/analysis.
Post back with the results of the file analysis.

It's probably bad but I'd like to see what info comes back before removing it. If confirmed as bad you can reboot in "SAFE MODE" and then try deleting it.

If that does not work, then do this:

Download FileASSASSIN.zip and save to your desktop (this tool is compatible with Win 2000/NT/XP/Vista only).
  • Create a new folder on your C:\ drive called FileASSASSIN and extract (unzip) the file to that folder. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.)
  • Open the folder and double-click on FileASSASSIN.exe.
  • Select the following file(s) to delete by dragging it onto the text area or select it using the (...) browse button.
    • lwintmdt.exe <-- C:\Windows\system32\ folder
  • Select a removal method. Start with "Attempt FileASSASSIN's method of file removal."
  • Click delete and the removal process will begin.
  • If that did not work, start the program again, select the file(s) the same way as before and this time check "Use delete on reboot function from windows."
Note: If you cannot find the file(s), you may have to Reconfigure Windows XP to show hidden files, folders. (We are doing this so we can look for and delete hidden files if necessary but don't delete anything other than what I ask you to delete. After your system is clean, follow the same procedure to hide these files and folders again to protect them from accidental deletion).
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:15 PM

Posted 04 October 2007 - 10:19 AM

Super Antispyware says that file name is used by Zeno Search. Check your Add/Remove program for Zeno and remove.
Suggest you run a scan using SAS.
Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/
Let us know the results.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#4 alinia

alinia
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 09 October 2007 - 02:53 AM

Thanks, I get rid off this spyware ....

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:15 PM

Posted 09 October 2007 - 04:04 AM

Your welcome. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 buddy215

buddy215

  • Moderator
  • 13,318 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:15 PM

Posted 09 October 2007 - 08:36 AM

Glad you have your problem fixed.
The two programs you mentioned---Xsoftspy, Diamonds Wormgaurd---I would not consider either reliable for finding and removing malware. There are many "bad" security programs that hype their abilities but are really only good at removing your money from your wallet and a lot of them actually INSTALL malware.
Check out the programs that the members here have used and recommended.
http://www.bleepingcomputer.com/forums/topic3616.html
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#7 alinia

alinia
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:15 AM

Posted 10 October 2007 - 04:54 AM

Thanks Buddy
I'll take notice of that;
regards

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,758 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:15 PM

Posted 10 October 2007 - 09:25 AM

XoftSpy is a program that was previously listed as a rogue product on the Rogue/Suspect Anti-Spyware Products List because of concerns with False positives, questionable license terms, and the use of aggressive, deceptive advertising, including exploitation of the name "Spybot". It has since been delisted but in my opinion it is not a very effective program compared to others with a proven track those mentioned in BC's List of Virus & Malware Resources or one of the other Trustworthy Anti-Spyware Products.


DiamondCS WormGuard provides Heuristic protection. The vendor is reputable, has been around a long time and they make other well known security programs.

Heuristic analysis is the ability of an anti-virus program to detect new viruses before the vendor can get samples and update the program's definitions for detection. Heuristics uses non-specific detection methods to find new or unknown malware which allows the anti-virus to detect and stop if before doing any harm to your system. The techniques involves inspecting the code in a file to see if it contains virus-like characteristics. If the number of these characteristics/instructions exceeds a pre-defined threshold, the file is flagged as a possible virus.

The disadvantage to using heuristics is that it is not as reliable as signature-based detection (blacklisting) and can potentially increase the chances that a non-malicious program is flagged as malicious. With heuristics, there is always a potential risk for a "False Positive" when the heuristic analysis flags a file as suspicious or infected that contains no malware. Reducing the detection sensitivity will minimize the risk but then that increases the possibility for new malware to infect your system.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users