Virus etc. from Limewire - Task Manager gone etc....

[abrogard]

I downloaded Limewire. I found a file and downloaded it. When it was 100% down I went to the dir to look at it and found hundreds (!) of files of about 550bytes all with long dirty names.
I deleted them. They came back.
I shut down Limewire. It opened itself up again.
I tried to uninstall Limewire it said my installer was corrupt
I tried to 'remove programs' Limewire, it said my installer was corrupt.
I tried to check and stop processes. Task Manager would not run.
I rebooted. It all happened again.

I run win2K with AVG and ZoneAlarm. They let this thing in.

I did a scan with AVG and it said I have 00.exe - a Trojan Horse IRC/BackDoor.SdBot.M...
I have a Virus Java/OpenStream
I have a Virus Worm/VB.CC

Does anyone have any ideas that could help me out here?

regards,

ab

 

[Druegan]

<takes a deep breath>

Ok... I killed this mess off of my housemate's computer about 3 weeks ago. It took a while, and I can't *exactly* recall everything I did to frag it.

However, I *can* give you the gist of what I did.

The first step is to note down what files are listed as "infected" with the trojan.

The second step is to disconnect your system from the internet. You can either disable the device in Windows, or, probably simpler, just remove the connection medium. (ethernet cord, modem cord, etc) Housemate's system was a laptop on a wireless LAN connection, so I had to disable the device.

Third.. delete all those nasty bits. Run a virus scan, if you have one Local.

Anything that shows up, write down the file name and location on a piece of paper.

Fourth.. reboot the computer into safe mode. This is usually selectable by pressing F8 repeatedly during the boot sequence.

Once in safe mode, try to delete those offending files. Then run Regedit.exe

Search the registry for each of the offending filenames. use the automated "search" feature. Manually will take forever. Delete the keys for each instance. ****NOTE: depending on the exact variant you have, and what is infected, this *COULD* damage your machine. Use caution whenever fiddling with the registry.**** This is just what *I* did to kill it. You may not have to if you have a good Antivirus prog.

Fifth... Run your AV software again. If anything still shows, repeat the bits in step 4. If not, go ahead and reboot into normal mode.

Sixth ... try reconnecting your media or re-enabling the device, whichever you did. This *should* have fixed the problem... But occasionally I find I have to run different AV progs to get everything out. If you don't immediately start filling up with crap again, run an online AV scan just to double-check.. but you should be good to go.

Hope it helps.