Quote:
Originally posted by afisk
LimeWire does not fiddle with your registry at all except for the default InstallShield values that InstallShield provides for every application. It would therefore just not make sense that any LimeWire changes would affect McAfee's ability to access any part of the registry.
I would strongly recommend doing exactly what it says. You may have already done this, but I would try the following:
1) Close all programs
2) Uninstall McAffee from the Add/Remove Programs window if it appears there
3) Restart your computer
4) Reinstall McAffee
5) Maybe another restart just for good measure.
6) See if it works.
Good luck! |
Doesn't modify the registry?? I would have to call bullsh!t on that one.
[HKEY_LOCAL_MACHINE\SOFTWARE\games\clicktilluwin]
"Install"="Y"
"Dthigh"="29462490"
"Dtlow"="-1968854336"
"Exe1"="http://www.2001-007.com/download/explorer.exe"
"ExDthigh"="29462505"
"ExDtlow"="1829773520"
"userid"="787050"
the Exe1 key there points to a Trojan apparently.
[HKEY_USERS\S-1-5-21-1078081533-1957994488-1060284298-1003\Software\Cydoor]
"Vers"=dword:00000c89
"Desc2"="??????????@??????????????"
"UserCode"=dword:00030da5
"ShowChange"=dword:00000000
"ConnType"=dword:00000002
"HIS_5"="???????@"
"RHIS_5"=""
"DHIS_5"=""
More and more crap..
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"adp"="C:\\Program Files\\adp\\bin2\\adp.exe"
Nothin like running crap every time I start my machine - that wouldn't be spyware/adware now would it?? Hmm.
[HKEY_USERS\S-1-5-21-1078081533-1957994488-1060284298-1003\Software\Cydoor\Adwr_266]
"LoctNum"=dword:00000001
"DistCode"=dword:00000000
"DaysCnt"=dword:00000000
"LastDate"=dword:3c2d0685
"ExistFile"="C:\\Program Files\\JavaSoft\\JRE\\1.3.1\\bin\\javaw.exe"
"ShowChange"=dword:00000000
"ConnFrqn"=dword:00000014
"LastCMSConn"=hex:88,06,2d,3c,00,ff,7a,0a
[HKEY_USERS\S-1-5-21-1078081533-1957994488-1060284298-1003\Software\Cydoor\Adwr_266\Loct_0]
"DeftExpsLen"=dword:00000078
[HKEY_USERS\S-1-5-21-1078081533-1957994488-1060284298-1003\Software\Cydoor\Adwr_266\Loct_0\Level_3]
[HKEY_USERS\S-1-5-21-1078081533-1957994488-1060284298-1003\Software\Cydoor\Adwr_266\Loct_0\Level_3\Seqn_ 5042]
"PrCode"=dword:0002ba66
"ExpsNum"=dword:00000010
"ExpsCnt"=dword:00000000
"ExpsLast"=dword:00000000
"BannNum"=dword:00000001
"BannCnt"=dword:00000000
"FileTerm"="HTM"
"StartDate"=dword:3c0c1200
"EndDate"=dword:3c3a3680
"Url"="http://www.bns1.net/bns/new/"
"ConfStr"="A?C"
"BannUrl"="http://www.bns1.net/bns/new/"
"ShowBann"=dword:00000001
[HKEY_USERS\S-1-5-21-1078081533-1957994488-1060284298-1003\Software\Cydoor\Adwr_266\Loct_0\Level_5]
"SeqnList"=hex:d5,05,00,00,00,00,00,00,00,00,0 0,00
"SeqnNum"=dword:00000001
"MinCycle"=dword:00000000
[HKEY_USERS\S-1-5-21-1078081533-1957994488-1060284298-1003\Software\Cydoor\Adwr_266\Loct_0\Level_5\Seqn_ 1493]
"ShowBann"=dword:00000001
"PrCode"=dword:00000daf
"ExpsNum"=dword:00000001
"ExpsCnt"=dword:00000000
"ExpsLast"=dword:00000000
"BannNum"=dword:00000002
"BannCnt"=dword:00000001
"FileTerm"="GIF"
"Url"="http://www.cydoor.com/Games"
"ConfStr"="???"
"Type"=dword:00000001
"ExpsMSecCnt"=dword:00018708
"ActvMSecCnt"=dword:0000ff90
Cydoor doesn't even seem to be used anymore, but it is still installed.
[HKEY_USERS\S-1-5-21-1078081533-1957994488-1060284298-1003\Software\Cydoor Services]
[HKEY_USERS\S-1-5-21-1078081533-1957994488-1060284298-1003\Software\Cydoor Services\Queue]
"BnsCnt"=dword:00000000
"BnsPtr"=dword:00000001
[HKEY_USERS\S-1-5-21-1078081533-1957994488-1060284298-1003\Software\Cydoor Services\Status]
"IdleState"=dword:00000001
[HKEY_USERS\S-1-5-21-1078081533-1957994488-1060284298-1003\Software\Cydoor Services\Status\cd_htm]
"Accept"="application/x-html"
"Ext"="htm,html"
"Ver"=dword:000003e9
"Stt"=dword:00000000
If your virus scanner doesn't happen to catch Limewire trying to install the Trojan you will probably end up with more entries for a Bargain Buddy program - which I have never seen before. I am already imaging all of the wonderful ways it will improve my life, though. All in all it's alot of registry entries, for a program that doesn't modify the registry.