using: Windows XP
have: Norton Anti Virus 2005, Webroot Spysweeper: current on updates.
having a problem with: http://www.bleepingcomputer.com/startups/WinNite-10782.html
My sister accidently downloaded a malware program though AIM June 12th called WinNite, niteaim.exe. She realized right away after clicking what just happened & shut down the computer. I started it up again & was asked if I wanted to run WinNite. right away I googled both terms and found a single link from the Norman Sandbox company:
This is what I found on the link:
"Report created: 12.06.2005 04:58:15
Automatic analysis of W32/MEWpacked.gen
[ General information ]
* File length: 3973 bytes.
[ Changes to filesystem ]
* Creates file C:\WINDOWS\NITEAIM.EXE.
[ Changes to registry ]
* Creates value "WinNite"="C:\WINDOWS\NITEAIM.EXE" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
[ Network services ]
* Connects to "anite.m1rr0r.net" on port 8080 (TCP).
[ Process/window information ]
* Creates a mutex ANITE.
* Will automatically restart after boot (I'll be back...)."
Norton Antivirus wasn't detecting anything after I ran a full sweep,(...WONDERFUL! this cost money?!) with spysweeper as well. So used the search on the start menu & asked to show hidden files and manually deleted the NITEAIM.EXE. I didn't think it was gone though, but I couldn't find it when I searched for it again a couple of times later on & forgot about it.
Today when my sister logged onto the computer the spysweeper program asked if " Alert: WinNite: C:\WINDOWS\NITEAIM.EXE.
Registry or Startup folder:HKLM:Run. should be removed?"
So I clicked remove. I searched for the file afterward and couldn't find it. I was concerned again, I googled it, came across this site. I tried to use the tutorialshttp://www.bleepingcomputer.com/forums/How...are-tut101.html
and I downloaded the Autoruns program as directed. I also went to My Computer - tools - folder options - view & asked it to show hidden files & unclicked hide extentions for known file types. I rebooted in safe mode and followed those directions but when I used the Autoruns program I didn't see a "view menu" all I had was the Options at the top which gave only 3 items to check or uncheck, not the 5 the tutorial asked for: "Hide Signed Microsoft Entries" and "Verify Code Signatures" I don't remember what the 3rd one was but it was also on the list with the original 5. 2 were missing from:
Show AppInit DLLs <--- wasn't there for sure.
Show Explorer Addons
Show Winlogon Notifications
Hide Signed Microsoft Entries
Verify Code Signatures
I couldn't find any WinNite or NITEAIM.EXE.
Also while under safe mode I ran a search on the start menu for the program. I couldn't find it.
And that's where I'm at now. Could someone help? I'd appericate it very much.