View Single Post
  #1 (permalink)  
Old June 21st, 2005
kc0rkx_finch kc0rkx_finch is offline
Enthusiast
 
Join Date: June 17th, 2005
Posts: 49
kc0rkx_finch is flying high
Default Fix For LW even if you arent having trouble with LW L@@K!!

Lately there has been an epidemic of a virus that so far is UNDETECtABLE by ALL virus scanners. It will cause LW to continuosly pop up and continue to reopen itself heres the fix. I know because i had it. You may be thinking yeah right, but theres one sure fire way to find out if youve been infected. Press Ctrl-Alt-Del. If the task manager comes up you are okay and do not need to read any further. If it doesnt, Follow these steps to get rid of it. These are the instructions from the forum "Limewire acting wierd" put into one big long instruction sheet. because i copy pasted all of this so some stuff may be repeated couple of times as in the original forum this was done in many seperate posts and now is being put in chronological order.


1) Create a system restore point
Start>Allprograms>accessories>system tools>System restore
Follow on screen instructions.

2) Go to the following directory and delete any file with winupdates in the name. Do not be fooled this is not the actual windows update stuff its a virus. i know that might be hard for some of you to believe but i had it and ive got more than one virus scan which none picked this up.

c:\windows\prefetch

3)Open My Computer. Select Tools from the menu, followed by Folder Options. Click on the View tab. Make sure that there is a check mark next to the following items:

Display the Contents of System Folders
Show Hidden Files and Folder

4)Now, make sure there are no checkmarks beside the following:
Hide protected Operating System Files.

5) Uninstall Limewire. You can reinstall it at the end of these steps.

6) Disable System Restore in Windows. This can be done by right clicking on My Computer, selecting Properties, and then clicking on the System Restore tab. Then check the box Turn Off System Restore. Hit Apply, and then OK. If you are prompted to restart Windows, do so. Also, this will NOT delete the restore point you just created.

7) Now we need to fool the virus into allowing us to open the Task Manager. This can be done by copying the Task Manager executable file from the Windows directory. To do this, go to c:\windows\system32, select the file taskmgr.exe, right click on it, and select Copy. Go to the desktop, and click on an empty part of the desktop. Then right click on the desktop, and select Paste.

8) Double click on the taskmgr.exe file on your desktop. This should open the Task Manager. Click on the Performance tab. If you are in fact infected with a virus, you will likely (although not necessarily) see close to 100% CPU usage!! Now click on the Processes tab, followed by clicking twice on the CPU column header. What this does is order the files running on your computer based on the amount of CPU resources they are consuming in real time. If there is a process, other than System Idle Process, that is consuming close to 100% of the CPU, then it is this process (or file) that is infecting your computer. For me, and likely for a lot of you, that file will be winupdates.exe. Don't be tricked. This is not a Microsoft program. It's a virus masking itself as a legitimate file. Please remember the exact name of this process, because you will need it in a later step.

9) Click on this process to highlight it, then click the button End Process. A warning prompt should pop up. Click on Yes.

10) Now that this process is killed, we need to remove any references to it from the Registry. Once again, because this virus is blocking us from opening the Registry Editor, we need to trick the virus by copying the file to the desktop. Follow the same steps as in number 3, except this time, copy the following two files from their respective directories, and paste them on the desktop.

c:\windows\regedit.exe
c:\windows\system32\cmd.exe

11) Open regedit from the desktop. In the left window, click on My Computer so that it is highlighted. Now select Edit from the menu, followed by Find. In the Find box, type the name of the process that you ended from the Task Manager. If you recall, mine was winupdates. Do not include the .exe, just winupdates. Then click Find.

12) For the item that it found in the right window, click it to highlight it if it isn't highlighted already, and then right click on it, and select Delete. If a prompt pops up, select Yes or OK to confirm the delete.

13) Now, hit the F3 button once. This will find the next reference to that bad file. Follow step 8 again to delete the reference. Repeat steps 9 and 8 until the editor indicates that there are no more references to this file. Then exit the editor.

14) click on cmd.exe which you copied to the desktop. It will open the Command Prompt (which looks like DOS). Type the following commands in order, and hit Enter after each line:

cd c:\
cd program files
rd /s /q winupdates

16) make sure to go back into the System Properties by right clicking on My Computer, and unchecking the Turn Off System Restore box under the System Restore tab.

17) Now restart your computer. Reinstall Limewire

18) create a restore point after you have removed the virus. Then delete all but the latest resore points. Heres how.

To delete all but the last restore point you made
1) Right click on C:/ in My Computer
2) Click Properties
3) Click Disk Cleanup
4) Click Tab <More Options>
5) Under System Restore Click <Clean up...>

by the way, deleting restore points is OPTIONAL but i would
and did because they will actually contain the virus file and if you restore to one of the infected points, Congradulations you're reinfected.

I think that pretty well covers it. if you find any mistakes please post here and i will correct my error. i have read through this like 10 times already though so i know none of the errors will be computer fatal errors. heck i did it on my own pc following these instructions which are actually from a guy in another post here. Thanks Bobby Naini. youre a genius and i give all credit to him. I take none for my own. Bye and good luck.

Last edited by kc0rkx_finch; June 21st, 2005 at 09:39 AM.
Reply With Quote