Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


can't find niteaim.exe [WinNite] malware to get rid of it

  • Please log in to reply
4 replies to this topic

#1 nataliejane


  • Members
  • 3 posts
  • Local time:07:48 AM

Posted 01 July 2005 - 01:53 AM

using: Windows XP
have: Norton Anti Virus 2005, Webroot Spysweeper: current on updates.

having a problem with:


My sister accidently downloaded a malware program though AIM June 12th called WinNite, niteaim.exe. She realized right away after clicking what just happened & shut down the computer. I started it up again & was asked if I wanted to run WinNite. right away I googled both terms and found a single link from the Norman Sandbox company:
This is what I found on the link:

"Report created: 12.06.2005 04:58:15

Automatic analysis of W32/MEWpacked.gen
[ General information ]
* File length: 3973 bytes.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\NITEAIM.EXE.

[ Changes to registry ]
* Creates value "WinNite"="C:\WINDOWS\NITEAIM.EXE" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

[ Network services ]
* Connects to "anite.m1rr0r.net" on port 8080 (TCP).

[ Process/window information ]
* Creates a mutex ANITE.
* Will automatically restart after boot (I'll be back...)."

Norton Antivirus wasn't detecting anything after I ran a full sweep,(...WONDERFUL! this cost money?!) with spysweeper as well. So used the search on the start menu & asked to show hidden files and manually deleted the NITEAIM.EXE. I didn't think it was gone though, but I couldn't find it when I searched for it again a couple of times later on & forgot about it.

Today when my sister logged onto the computer the spysweeper program asked if " Alert: WinNite: C:\WINDOWS\NITEAIM.EXE.
Registry or Startup folder:HKLM:Run. should be removed?"

So I clicked remove. I searched for the file afterward and couldn't find it. I was concerned again, I googled it, came across this site. I tried to use the tutorials


and I downloaded the Autoruns program as directed. I also went to My Computer - tools - folder options - view & asked it to show hidden files & unclicked hide extentions for known file types. I rebooted in safe mode and followed those directions but when I used the Autoruns program I didn't see a "view menu" all I had was the Options at the top which gave only 3 items to check or uncheck, not the 5 the tutorial asked for: "Hide Signed Microsoft Entries" and "Verify Code Signatures" I don't remember what the 3rd one was but it was also on the list with the original 5. 2 were missing from:
Show AppInit DLLs <--- wasn't there for sure.

Show Explorer Addons

Show Services

Show Winlogon Notifications

Hide Signed Microsoft Entries

Verify Code Signatures

I couldn't find any WinNite or NITEAIM.EXE.
Also while under safe mode I ran a search on the start menu for the program. I couldn't find it.

And that's where I'm at now. Could someone help? I'd appericate it very much.

Thank you.

BC AdBot (Login to Remove)


#2 TEB


  • Banned
  • 449 posts
  • Local time:07:48 AM

Posted 01 July 2005 - 02:06 AM

I suggest downloading Hijack this
And post your login the hijack this forum. They will analyze your system, then lead you throguh instructions to clean your system.

#3 Leurgy


    Voted most likely

  • Members
  • 3,831 posts
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:07:48 AM

Posted 01 July 2005 - 04:05 AM

Hello nataliejane and welcome to BC.

I want to apologize for your confusion. The Tutorial you refer to in your link was only written on May 15/05 and concerns Version 7 of Autoruns and now that link you downloaded from gets you Version 8. It seems that Sysinternals, who wrote that program, have updated on June 15th and the program has changed.

Thanks for bringing this to our attention and we'll have someone post here shortly with the info you need. Sorry for causing this concern.

Edited by Leurgy, 01 July 2005 - 04:10 AM.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool

#4 Grinler


    Lawrence Abrams

  • Admin
  • 43,613 posts
  • Gender:Male
  • Location:USA
  • Local time:08:48 AM

Posted 01 July 2005 - 08:40 AM

The tutorial has now been updated to reflect the new version of the software. Just make sure there are checkmarks under each option in the Options menu and then look for the problem file in the various tabs. Focus more in services and Logon as they are probably there, but you should check each tab.

#5 nataliejane

  • Topic Starter

  • Members
  • 3 posts
  • Local time:07:48 AM

Posted 03 July 2005 - 09:13 PM

I'll re-try the autoruns program, thanks. If I can't find it to delete I'll try the hijackthis.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users