TechSpot

LimeWire Self-Reopening & Iexplorer Spam/Pop-up's

By jokerschild584
Dec 19, 2007
  1. :wave: Hello all,

    This is my first posting to the tech spot. I know my fair part about computers, but seem to be running into a continuing problem. first, my lime wire keeps reopening itself, even after i shut it down (directly from the task manager) , secondly my internet explorer is giving me pop-ups now.

    i hate to run on writing nonsense, but i feel i should better explain myself. so someone can understand my situation. I currently have Avast security, and i ran, and found nothing. so as a temporary repair i disabled Internet explorer so i don't continuously get pop-ups (i don't use internet explorer anyways .. i use Mozilla-Firefox). and secondly , i relocated the lime wire installation from the C:\ to another drive i have. I did this simply for temporary repair.. So whatever is attacking my computer, simply recognizes the installation of lime wire to the C: and its root name, but when i removed it and installed it into another drive, the lime wire no longer kept opening its-self.

    Like i said, i did this as a temporary repair, but i fear my problem may get worse,

    can anyone please help me :(

    Mel,
     
  2. evilfantasy

    evilfantasy Banned Posts: 428

  3. jokerschild584

    jokerschild584 TS Rookie Topic Starter

    I did the --------- Viruses/Spyware/Malware, preliminary removal instructions

    I installed and ran the programs (AVG, CCleaner, SmitFraud, Virtumundo, VundoFix, Aaw2007, Combo Fix, HJT,SS&D, Panda, etc..) accordingly as described in the list/instructions provided,

    Thank you very much,


    also please note: NO RootKits were found by Panda,

    and in this thread/posting .. if i did it correctly should be the 3 log files that were mentioned
     
  4. evilfantasy

    evilfantasy Banned Posts: 428

    Lets see if we can get this the rest of the way cleaned up.


    Open HijackThis and select Do a system scan only then place a check mark next to:


    O2 - BHO: (no name) - {8D906006-04C8-40DE-8ACE-6ACE3A99B9CA} - C:\Program Files\Windows Plus\mevohC:\WINDOWS\system32\doc4\mmildot83122.exe.dll (file missing)
    O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)


    Close all windows except for HijackThis and click Fix checked

    ----------

    Download ViewpointKiller

    * Unzip the program and all of the contents of ViewpointKiller.zip to a location such as your desktop.
    * Double click the ViewpointKiller icon to run ViewpointKiller.exe. Select the "File" menu, and select "Check to see if you have Viewpoint installed".
    * If ViewpointKiller indicates that any of the Viewpoint variants are installed, select the proper "Kill" option in the File menu.

    Follow the prompts and instructions very carefully, answering "Yes" or "No" depending on which option you are most comfortable with. The MsConfig instructions are very important, so be sure to read them carefully.

    Note: When done with ViewpointKiller, simply right click and delete all files that were unzipped.

    ----------

    Delete these files/folders, as follows:

    * Open notepad and copy/paste the text in the quote box below into it (all except the word QUOTE):

    * Save this as CFScript on the desktop.
    * Then drag the CFScript (hold the left mouse button while dragging the file) and drop it (release the left mouse button) into ComboFix.exe as you see in the screenshot below. Important: Perform this instruction carefully!

    [​IMG]

    * ComboFix will begin to execute, just follow the prompts. After reboot (in case it asks to reboot), it shall produce a log for you. Post that log (Combofix.txt) in your next reply.

    Note: Do not mouseclick combofix's window while it is running. That may cause your system to hang

    ----------

    Next post please attach
    combofix log
    New HijackThis log
     
  5. jokerschild584

    jokerschild584 TS Rookie Topic Starter

    I did the --------- ViewpointKiller & CFScript

    Thank you so much ,

    i attached the logs files you requested of HJT & ComboFix
     
  6. evilfantasy

    evilfantasy Banned Posts: 428

    Looks good.


    Let's clear out the programs we've been using to clean up your computer, they are not suitable for
    general malware removal and could cause damage if launched accidentally.

    Please download OTMoveIt by OldTimer OTMoveIt.exe and place it on your desktop.

    1. Double click OTMoveIt.exe to launch it.
    2. Click on the CleanUp! button.
    3. OTMoveIt will download a list from the Internet, if your firewall or other defensive programs alerts you, allow it access.
    4. You will be prompted to allow the clean up procedure, click Yes
    5. When finished exit out of OTMoveIt

    -----

    Please download ATF Cleaner by Atribune. ATF Cleaner.exe

    Make sure that all browser windows are closed.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All and UNCHECK Cookies.
    • Click the Empty Selected button.

    If you use Firefox browser
    • Click Firefox at the top and choose: Select All and UNCHECK Cookies.
    • Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    If you use Opera browser
    • Click Opera at the top and choose: Select All and UNCHECK Cookies.
    • Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

    Click Exit on the Main ATF Cleaner menu to close the program.

    ----------

    This is a good time to clear your infected system restore points and establish a new clean restore point:
    • Go to Start > All Programs > Accessories > System Tools > System Restore
    • Select Create a restore point, and click Next.
    • Next, go to Start > Run and type in cleanmgr
    • Select the More options tab
    • Next to System Restore click Clean up...
    This will remove all restore points except the new one you just created.

    ----------


    How is the computer running now?
     
  7. jokerschild584

    jokerschild584 TS Rookie Topic Starter

    I think im finally done :)

    Thank you O SO MUCH evilfantasy ...

    as they would say "your my hero"

    my computerseems to be running better than ever.

    i reinstalled limewire to its original C: location, and it no longer pops up by itself
    and i enabled Iexplorer again, and i have yet to get my first pop-up ...

    THANK YOU SO MUCH ..

    i wish there was some way i could repay you guys/girls ...

    p.s. ... can i uninstall some/all of the programs i installed within the

    Viruses/Spyware/Malware, preliminary removal instructions

    HAPPY HOLIDAYS...!
     
  8. evilfantasy

    evilfantasy Banned Posts: 428

    OTMoveIt took care of all of them that should be removed. You can uninstall any of the others if you wish.

    Glad it is working OK!!!!

    To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?



    Safe surfing..........[​IMG]
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...