TechSpot

Problems after using Limewire

By Matlai17
Apr 13, 2007
  1. I've scanned my computer with my anti viruses and I thought nothing was too wrong with my Limewire closing after a few seconds of closing (Thought it was a glitch) until I looked it up on the internet and found this site. Can you check if I have a virus that I can't detect with my anti virus? My Internet Explorer also closes after a while as well. Thank you for whatever you can do for me. I would very much appreciate it. (now that I read back, this post seems very dull. Sorry about that!)

    Here is my HJT attachment:
     
  2. tomrca

    tomrca TS Rookie Posts: 1,000

    hi. sorry to say, but you have quite a few nasties sitting in your pc.
    please go to THIS LOACATION and follow all the instructions. there is no shortcuts!!after you have completed them post a fresh hjt log and avg log.
     
  3. momok

    momok TS Rookie Posts: 2,265

    Hi

    Your system is infected with a series of trojans and adware.

    You may wish to copy and paste these instructions on notepad for easier reference later.

    Boot into safe mode under your normal user name. See how HERE

    Next turn on "Show all files and folders, including hidden and system". See how HERE

    Go to start > run and type services.msc. Press the enter key.

    Search for the following services(if there) double click to select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    winupdates.exe
    whse.exe
    kybrd.exe
    dfndra.exe
    nwnm.exe
    tapi32.exe


    Open your task manager by pressing holding ctrl, alt and pressing del. Alternatively, use ctrl + shift + esc. Go to the processes tab, and end the following processes, if found:

    winupdates.exe
    whse.exe
    kybrd.exe
    dfndra.exe
    nwnm.exe
    tapi32.exe


    After that, run HijackThis and fix the following entries, if found (do this by placing a tick in the check boxes beside these entries and clicking "Fix checked":

    O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-89B3-BE29F5D3E32D} - (no file)
    O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
    O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
    O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
    O4 - HKLM..Run: [keyboard] C:\kybrd.exe
    O4 - HKLM..Run: [defender] C:\dfndra.exe
    O4 - HKLM..Run: [newname] C:\nwnm.exe
    O4 - HKCU\..\Run: [WinHlp] C:\WINDOWS\System32\tapi32.exe
    O15 - Trusted Zone: www.archiviosex.net
    O15 - Trusted Zone: www.linkautomatici.com
    O15 - Trusted Zone: www.redfunny.com
    O15 - Trusted Zone: www.skymasters.biz
    O16 - DPF: {10000000-1000-0000-0000-000000000000} - file://C:\Recycler\Q678341.exe

    Also fix these entries if you do not recognise the sites to be ones you frequent. Fix ALL O17 entries too.
    O16 - DPF: {400429E4-BED4-472E-93BF-F85AB8565DFF} - http://www.terp17.com/ax/axo.cab
    O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/eliteview.cab
    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c8.cab?2ffa25d59e669145a5231c359 89761a4353adc359ca85f19bc0aabf8c75cf502d03a6418b97160482684ad7d348a64b136db6e879 b1ee3312eeb84d3:d4cfae920c178c84bcb234c06cc46aff

    Close HJT.

    Navigate in Windows Explorer and delete the following files and/or directories in bold.

    C:\Program Files\winupdates\winupdates.exe
    C:\Program Files\WhenUSearch\whse.exe
    C:\kybrd.exe
    C:\dfndra.exe
    C:\nwnm.exe
    C:\WINDOWS\System32\tapi32.exe

    Reboot into normal mode and rehide your protected OS files.

    Thereafter, please post a fresh HJT and AVG Antispyware log from normal mode as an attachment into this thread.
     
  4. Matlai17

    Matlai17 TS Rookie Topic Starter

    Did Suggestion

    I did what was suggested but still when I opened and ran Limewire, it still closed on me like before.
    I am not sure what the AVG antispyware log is but here is the HJT log:
     
  5. momok

    momok TS Rookie Posts: 2,265

    Hi,

    I just realised that your copy of windows is not updated. You really need to update to at least SP1, preferably SP2. This can prevent a lot of potential future infections.

    Also, what what the result of the scan in AVG antispyware? From what it appears, your HijackThis log is clean. However, just to be sure, please go to Viruses/Spyware/Malware, preliminary removal instructions and follow step 12.
    Post your HijackThis, AVG antispyware and ComboFix logs as an attachment after this.

    That said, I cannot stress how important it is for you to really patch your windows to at least SP1. Please do so before you do your scans and post your fresh logs.


    Regards,
    Your friendly Momok =)
     
  6. TimeParadoX

    TimeParadoX TS Rookie Posts: 2,273

    Just A suggestion:

    DO NOT use p2p ( Person to Person ) file transfer programs like Limewire, they open your ports when you download stuff and sends basically all your computer info over the limewire FTP servers which will end up getting you full of viruses and other bad stuff like that ;)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...