Limewire virus hides a complete folder

BullGuard Antivirus Forum > Virus Removal > Removal Help > Limewire virus hides a complete folder

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Turk
New Member

Date Joined Nov 2005
Total Posts : 2

Posted 12-3-2005 2:09 (GMT +1)

Hello there,

I hope you can help with this problem.

Probably bad Karma for using Limewire--I noticed a hidden folder titled Complete with tons of porn-sounding .zip files which tipped me off, because I only download music. And when I view the folder's attributes, the size endlessly multiplies before my eyes. Also, Limewire constantly starts itself up, even though i change the settings and close it repeatedly. I've uninstalled Limewire, but it still attempts to start itself unsuccessfully and I've deleted the Complete folder, but i'm not sure if I can do more to remove whatever this is.

Any help would be much appreciated.

many thanks!

Logfile of HijackThis v1.99.1
Scan saved at 8:52:48 PM, on 12/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\winupdates\winupdates.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\SEANMC~1\LOCALS~1\Temp\Rar$EX00.913\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\PROSetWireless\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mm_server] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_server.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Powerword 2005.lnk = C:\Program Files\Kingsoft\PowerWord 2005\XDICT.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.barney
O15 - Trusted Zone: http://www.ivyacademy.cn
O16 - DPF: {87070D29-46AB-4DBD-863D-8730DAE1CA7B} (FileUploader Class) - http://barney/oa/developmentjournal/UFileUploader.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/Ver2005/OL2005.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4B7C5EF2-7BE8-4D47-A3C9-4B1BAACA7A61}: NameServer = 202.106.0.20 202.106.46.151
O17 - HKLM\System\CS1\Services\Tcpip\..\{4B7C5EF2-7BE8-4D47-A3C9-4B1BAACA7A61}: NameServer = 202.106.0.20 202.106.46.151
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe

sue
New Member

Date Joined Dec 2005
Total Posts : 1

Posted 12-7-2005 5:50 (GMT +1)

help i have the same thing

namwith
New Member

Date Joined Dec 2005
Total Posts : 1

Posted 12-10-2005 11:04 (GMT +1)

I had this problem, ran norton found out i had the W32.Alcra.B virus. I went here: http://www.sophos.com/support/disinfection/alcra.html and found a tool to remove it. It worked well.

Turk
New Member

Date Joined Nov 2005
Total Posts : 2

Posted 12-15-2005 8:45 (GMT +1)

thanks for the tip namwith, so far so good. any luck sue?

goblin
New Member

Date Joined Dec 2005
Total Posts : 1

Posted 12-18-2005 10:23 (GMT +1)

how can i get rid of that complete folder?

MichaelVash7886
New Member

Date Joined Dec 2005
Total Posts : 4

Posted 12-19-2005 4:17 (GMT +1)

The only way I found to do it was to open the folder in IE. If you know the pathway for it. Then you can just delete all the items, first get rid of the virus though.
Also to stop limewire, delete it's folder in program files

.MiKE.
New Member

Date Joined Dec 2005
Total Posts : 36

Posted 12-28-2005 5:13 (GMT +1)

afaik i dont have that problem but i have LW pro .....
just in case id like to know where the folder was - can one of u give me the dir
ty MiKE

boomer
New Member

Date Joined Jan 2006
Total Posts : 1

Posted 1-11-2006 9:22 (GMT +1)

i just DL'd limewire again and i got the worm but followed the link and im no cleam ty

ThankYou so much NamWith

brentley1986
New Member

Date Joined Jan 2006
Total Posts : 1

Posted 1-20-2006 8:46 (GMT +1)

In regards to the hidden folder that limewire creates...

I have successfully found and completely deleted the folder off the computer...

But I have another problem

I am troubled by the W32\Alcra-B Worm...I have downloaded and ran the program namwith suggested...

The link he provided;

http://www.sophos.com/support/disinfection/alcra.html

This program however is not picking up any sign of the worm on my computer..although I have ran the antivirus tool AntiVir XP on my computer and have scanned the computer several times...Every time it there seems to be a detection of the worm in the computer...AntiVir XP is able to delete one of the files containing the worm...But there also seems to be a problem with that...It cannot delete the items that are in my archives folders...Also, this worm is being picked up on my computer as WORM\Alcra.B is this the same as Alcra-B?

Anybody with suggestions or solutions to this problem:

Please e-mail me at loverboy6909@hotmail.com or alternatively at brentley1986@yahoo.com.

It would be greatly appreciated..

redrodhook
New Member

Date Joined Jun 2006
Total Posts : 1

Posted 6-13-2006 1:13 (GMT +1)

try panda online scan it worked for me

sue said...
help i have the same thing

inferno3481
New Member

Date Joined Jun 2006
Total Posts : 1

Posted 6-28-2006 10:32 (GMT +1)

Hi, I too seem to have contracted the Alcra-B Worm. I used the program that NamWith recommended (thanks so much!) and removed the worm. I also deleted my entire Limewire folder. Then I re-installed Limewire and everything seemed to be working fine. Limewire no longer automatically opened when I shut the program. However when I opened Limewire, my computer seemed to slow down tremedously and to my horror the Files Sharing number (at the bottom left hand corner in Limewire) rose steadily from 0 all the way 18966 (all the files on my computer). I am also no longer able to access Task Manager from the Windows Security page (via Ctrl-Alt-Del). I re-ran the program recommended by NamWith but nothing came up. Am I facing another virus/trojan/worm on my computer and if so does anyone know how to get rid of it?

Anybody with suggestions or solutions to this problem:

Please e-mail me at inferno3481@yahoo.com

thanks so much for your time.

Lotr360
New Member

Date Joined Jun 2006
Total Posts : 1

Posted 7-7-2006 6:16 (GMT +1)

Remove the complete folder (which took up a whopping 5.31GB in my comp),

To be able to see it, open up Tools on top of Windows Explorer. Click Folder Options, go to View,

Then tick show hidden files and folder and untick hide protected operating system files, apply it.

go to (C:\Document and Settings\your username\Complete

huiying
New Member

Date Joined Sep 2006
Total Posts : 1

Posted 9-9-2006 1:20 (GMT +1)

I do not know what happened or when it happened but i do know for sure that it happened after i downloaded limewire (it did not happen straight after i downloaded and used it...well not that i think it did). I did not realise that the "removable devices" section in "my computer" was nowhere to be seen until two days ago when I wanted to burn a cd. So now with that part gone, i don't know whats gonna happen to all my stuff in my hardisk. so i'm wondering if limewire brought the prob in or another program did...i hope limewire didn't though...i like limewire...rocks!

oh and if anyone of you can help me with this problem of mine, please tell me as soon as possible just by posting over here.

thanks

Post Edited (huiying) : 9/9/2006 12:28:43 PM GMT

Anthony916
New Member

Date Joined Oct 2006
Total Posts : 1

Posted 10-4-2006 1:31 (GMT +1)

I need some help. i downloaded Hijak this . This is what i got . Need to know what is bad and what is nt bad. I have limewire uninstalled on my cmputer but along time ago. I came across a hidden folder with a bunch of adult content in it. i erased it. I came across it today. But cant seem to locate where the folder was. I used the search option in windows xp to find it but it wasnt there. Limewire slowed down my computer need to get rid of excess files from this software hope someone can help me

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\system32\HPConfig.exe
C:\WINDOWS\system32\RadioSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HpRfDev.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
C:\windows\system\hpsysdrv.exe
C:\Windows\system32\HpSrvUI.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\FilmLoop Player\FilmLoop.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\DOCUME~2\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://att.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://att.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://srch-us4nb.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.hp.com/info/e-center-p
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;http://localhost
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: CCHelper Class - {0CF0B8EE-6596-11D5-A98E-0003470BB48E} - C:\Program Files\Panicware\Pop-Up Stopper Companion\CCHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Pop-Up Stopper &Companion - {8F05B1A8-9D77-4B8F-AF54-6B2202066F95} - C:\Program Files\Panicware\Pop-Up Stopper Companion\popupus.dll
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [HP TV Now] C:\Program Files\Hewlett-Packard\HP TV Now\HpTvNow.exe /RK
O4 - HKLM\..\Run: [HP Display Settings] C:\Program Files\Hewlett-Packard\HP Notebook Utilities\hptasks.exe /s
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QT4HPOT] C:\PROGRA~1\HEWLET~1\ONE-TO~1\OneTouch.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Presentation Ready] C:\Program Files\Hewlett-Packard\HP Presentation Ready\PresRdy.exe -r
O4 - HKLM\..\Run: [hp Silent Service] C:\Windows\system32\HpSrvUI.exe
O4 - HKLM\..\Run: [hpScannerFirstBoot] c:\hp\drivers\scanners\scannerfb.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FilmLoop] "C:\Program Files\FilmLoop Player\FilmLoop.exe" -hide
O4 - HKCU\..\Run: [PopUpStopperProfessional] "C:\PROGRA~1\PANICW~1\POP-UP~2\POPUPS~1.EXE"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.hp.com/info/e-center-p
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1158794205125
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1158800145668
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
O23 - Service: HP RF Device Service (HpRfDev) - Hewlett-Packard - C:\WINDOWS\system32\HpRfDev.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: RadioSvr - Hewlett-Packard - C:\WINDOWS\system32\RadioSvr.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

webgirl
New Member

Date Joined Jan 2007
Total Posts : 1

Posted 1-15-2007 6:24 (GMT +1)

Hi,

I have had similar problems with Limewire, but now are pretty much fixed except for the "Complete" folder. It is still hidden, even though I have followed
"To be able to see it, open up Tools on top of Windows Explorer. Click Folder Options, go to View,
Then tick show hidden files and folder and untick hide protected operating system files, apply it.
go to (C:\Document and Settings\your username\Complete "
it is still there. When I run ad-Aware and Norton scans, I still see the scan on this folder for a good 20 minutes. I can't view the complete folder in any Windows based windows.

I am not sure how to remove it.

Please Help.

whatcha
New Member

Date Joined Mar 2007
Total Posts : 1

Posted 3-14-2007 6:33 (GMT +1)

you cant simply unhide the folder i know i tried :(
open up your run window and type cmd
from the c prompt use the command "attrib /d /s -S -H file name (complete)"
it should show up in the normal window now

asaygo
Junior Member

Date Joined Apr 2007
Total Posts : 60

Posted 7-2-2007 8:59 (GMT +1)

Details on how to stop this worm can be found in the BullGuard tech guides: How to remove Worm.VB.Ymeak.A

Post Edited (asaygo) : 02-07-2007 07:59:55 GMT

TraceSpecialist
New Member

Date Joined Dec 2007
Total Posts : 1

Posted 12-12-2007 11:55 (GMT +1)

After seeing many people looking for help on the issue of Limewire starting itself I research the problem and managed to fix the problem by:

1: Uninstal Limewire. (all components and non removed folders.)

2: Search for either crack.zip, patch.zip or keygen.zip. If it finds a folder with multiple zip files of 1kb in length delete the whole file from the msdos c prompt.( Mine was hidden as C:\Windows\Fonts\' but would not show up unless I searched for the files mentioned previous.)

3: Run panda ActiveScan at www.pandasecurity.com/homeusers/solutions/activescan/

4:Once Clean Run Spyware Terminator from www.spywareterminator.com.

5: Re-install Limewire

This shold fix the problem.

A good way to check if this resolution will work is to open limewire and go to tools, Options. If the option window won't stay open, do my Fix List

Post if you need more help.

Damon

Trace Specialist

Post Edited (TraceSpecialist) : 13-12-2007 01:18:15 GMT

zichael
New Member

Date Joined May 2008
Total Posts : 1

Posted 5-5-2008 11:29 (GMT +1)

To remove that folder, I booted into safe mode command prompt, (win2000), changed to the folder with cd (typed "cd docume~1\name") then "rmdir !" where "!" is the name of the offending folder. I haven't removed the worm yet so it keeps coming back. But if you've killed the worm, maybe this is helpful to you.

I couldn't delete the folder through windows or using the command prompt in normal mode- i think the worm hijacks the command prompt and task manager.

I'm currently downloading Linux. I swear this is it for windows.

Megan47
New Member

Date Joined May 2008
Total Posts : 1

Posted 5-21-2008 9:00 (GMT +1)

I had a major problem with Limewire and in the end it corrupted my hard drive. I had to get a computer guy to sort out the computer, he told me that half his business comes from limewire problems. Basically it is lethal to your computer and if you have it its only a matter of time before you get hit with spyware that can infect your computer, thats basically what it is about. 'Nothing is Free'.

Also for those with Pro Share 360 which I went on to purchase thinking it was safe cause I paid, its another slower version of Limewire. After i installed it and downloaded a few songs my computer started playing up and I googled it found this out. Ran a scan and it had infiltrated the scan programme, so computer guy is back to sort out again!!.

Forum Information

Currently it is Saturday, January 10, 2009 12:36 AM (GMT +1)
There are a total of 66.010 posts in 16.187 threads.
In the last 3 days there were 18 new threads and 109 reply posts. View Active Threads