Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Limewire Restarts Itself, No Access To Task Manager


  • Please log in to reply
5 replies to this topic

#1 Reya

Reya

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:49 PM

Posted 12 October 2006 - 01:33 AM

Apparently I've gotten a common virus/backdoor trojan...It keeps restarting Limewire after I'd completely exited the program, and won't allow me access to the task manager.

Norton has stated that the threat has been removed. >_< I HATE Norton.

This occured right after downloading a file, although said file has been successfully deleted.

I have uninstalled and reinstalled, but the problem persists exactly as before.

I've had some experience with HJT, and use Castlecops to doublecheck my hunches. The hijack log is clean, as far as I can tell.

YES, I know limewire is evil. On a computer that isn't mine, it's my only choice. I'm rather well-versed in the removal of most malware...This baffles me.

OS: Windows XP

Version of Limewire: 4.12.6

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:49 AM

Posted 12 October 2006 - 08:43 AM

Hello Reya

I've had some experience with HJT, and use Castlecops to doublecheck my hunches. The hijack log is clean, as far as I can tell.

Have you been trained on how to use this tool and investigate/identify all the entries it creates?

HijackThis is an advanced tool that requires advanced knowledge about the Windows Operating System. Most of the log entries are required to run a computer and removing essential ones can potentially cause serious damage such as your Internet no longer working or problems with running Windows itself.

HijackThis is an enumerator and similar in some respects to a registry editor program which displays areas of the Windows registry where the majority of Viruses, Trojans, Spyware, Adware, and Malware reside. HJT will scan certain areas of your system and then create a log to help diagnose the presence of undetected malware in these known hiding places. It then relies on experts to interpret the log entries and determine what needs to be fixed.

Futher, removing entries in HJT before the problem is properly identified can make the malware undetectable to other detection and removal tools. Full system scanning tools like Ad-aware, Spybot S&D and SpySweeper will remove the registry entries as well as the related files which results in a more complete removal process. HJT this should only be used to clean up the entries left behind, after you have properly removed the malware. If you do not have advanced knowledge about computers you should NOT fix anything using HijackThis without consulting a expert as to what to fix.

With that said, lets see how we can help. Have you performed any anti-malware scans? If not, start here:

Download and scan with AVG Anti-Spyware 7.5 in "SAFE MODE".
(This is Ewdio 4.0 renamed. If you already have Ewido installed, please update to this version which has a special "clean driver" for removing persistent malware). Be sure to print out the AVG Anti-Spyware Install-Scan Instructions.

Download and scan with Ad-Aware SE Personal 1.06. Setup & Configure as shown here.
Note: If you encounter any problems while downloading the updates, manually download them from here.
Download and scan with Spybot S&D 1.4. Setup & Configure as shown here - (do not choose the option to install TeaTimer)
Note: If you encounter any error messages while downloading the updates, manually download them from here.
Download and scan with SUPERAntiSypware Free for Home Users
Note: If you encounter any problems while downloading the updates, manually download and unzip them from here.

Then perform this online Virus scan: Trend Micro Housecall <- Use "Autoclean" and manually delete what it can't clean.
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]

If your still having problems, then we will direct on posting a hijackthis log for the HJT Team experts to review.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Reya

Reya
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:49 PM

Posted 12 October 2006 - 06:01 PM

Heya Quietman.

Thanks for your suggestions. The problem is now solved, after 7 hours of mucking around with it, I used Merijn's Brute Force Uninstaller and ran the alcanshorty script in safe mode with networking.

I also used aSquared trojan scanner, a freeware that found over 1000 backdoor trojans within the folder that Limewire downloads to. EVERY SINGLE FILE had a backdoor. >_>

I went to sleep almost immediately after the problem was solved, went to work, came home and checked here.

To answer your HJT-related questions, I was training to become an expert with Dwight at thetechguys before the site shut down mysteriously. Before beginning training to help other people with their issues, I was cleaning my own HTJ logs, as well as those of several friends with the help of Castle Cops, Merijn's tutorial, and one other tutorial that I can't at the moment remember. That, combined with google, gave me all the resources I needed to determine which entries (most are memorised by now) that are commonplace in a log, and which ones need to be removed, and which ones need outside scripts and fix tools (smitfraud. THAT was fun to learn. >_<) That said, once again, I'm completely confident in my ability to NOT destroy the computer through HJT, but I'm always second guessing and regoogling when it comes to entries that might be putting the computer at risk.

And after giving this computer's owner a word about how her Norton antivirus, after TWO HOURS of scanning, came up with not a single threat...Followed by a trojan scanner that picked up over 500 entries (second of two scans), I'm thinking I've almost convinced her to use AVG. :D

Thanks again for your willingness to help, as well as your suggestions.

Edited by Reya, 12 October 2006 - 06:03 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:49 AM

Posted 12 October 2006 - 06:35 PM

Your welcome and glad to hear you were able to resolve the issue. Maybe you should reconsider and finish your training.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Reya

Reya
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:49 PM

Posted 12 October 2006 - 06:40 PM

I messaged Grinler. :3 I've actually got the time again (although that means I'm not working as much, and that sucks for bills), and I would like to get back into the swing of things.

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:49 AM

Posted 13 October 2006 - 12:20 PM

Good luck. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users