I have been using LimeWire, sadly. I must have forgot about all the times in the past I have gotten Trojans from it.

Anyways... I used it and now I have a few viruses that my anti-virus will not find, nor remove. I got a list of the running apps here:
http://img179.imageshack.us/img179/4415/badfx0.png



The first 2 are the viruses. Everything else is safe (except for the limewire :f: ) If I go to execute or quarintine the program running it won't work because it is in use... Booting on Linux will not work - my HD format does not support Linux, and re-format (wipe HD) is not an option either - I have a lot of stuff I need on this computer that I need and can not backup.

Any suggestions on how to kill it? I have tried everything from removeing on windows startup, to most anti-virus programs...

BTW, I think the Trojan is just an uploader that constantly uploads the infected files and downloads other infected files and uploads them, making more users get it (AKA a Botnet?). So it decreases my DL speeds :( I had to wait for 20 minutes to load SRL to post this >_>


Thanks for reading, I hope you guys can help me...
~Harry.

Edit: @ you losers that make viruses: Why do you like to cause problems? Don't got enough attention IRL? :p

ouch uh wipe hd?

Have you tried HijackThis or AntiVir?

You can get HijackThis here: http://www.hijackthis.de/ , and also upload the log that hijackthis makes there too.

Tried them both, still no go :(

@thebob: Lol, I already said that reformatting is not an option xD

Have you tried Kaspersky?
If yes then I can't really help.. :(

(P.S. Why did you use LimeWire when you have uTorrent?)

Hy, what do you mean by "my HD format does not support Linux"? I didn't think that was possible.

Anyways, can you stop it from starting by removing it from your startup list?

Get HijackThis and post the logs on some nerdsite (except here) and they'll be able to help you.

http://vundofix.atribune.org/
http://siri.geekstogo.com/SmitfraudFix.php
http://www.virus.gr/portal/en/content/free-antivirus-tools-collection

Have you tried Kaspersky?
If yes then I can't really help.. :(

(P.S. Why did you use LimeWire when you have uTorrent?)
Yeah =/

I use LimeWire because the pr0n on it is better than most Torrents, and it also goes much faster (because it is all botnetted viruses I am betting :rolleyes: )

Hy, what do you mean by "my HD format does not support Linux"? I didn't think that was possible.

Anyways, can you stop it from starting by removing it from your startup list?
My HD uses some weird format on it, if I start Linux it ALWAYS fails to Mount it. I dunno why.

Nope, it automaticly adds it again.

Get HijackThis and post the logs on some nerdsite (except here) and they'll be able to help you.

I can post it here :p

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:23:30, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\WhatPulse\WhatPulse.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
O4 - HKCU\..\Run: [WhatPulse] C:\Program Files\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Global Startup: startnodxd.lnk.disabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178219378046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1187557866785
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 4212 bytes

Not much fun nor use for me, post somewhere where there's some malware and trojan pro's around, I doubt people here can be too much help. And come to msn lolkay?

Linux LiveCD?

Lol, MSN routes through Internet Explorer, which the Trojan was also routing through, so I quarintined IE and now my internet works... but once I enable IE to do fun stuff like MSN = I fail. =/ Meh, I might go on soon..

@Jason2gs: Lolwut, I already told you it won't let me access my HD when I am in there because it uses a different file format, so it fails to mount.

By the looks of that log it looks like the viruses are pretty good.
HijackThis didn't detect the virus - you are in trouble.
(edit: I was beatin')


Have you tried BitDefender? NOD32? or Avast?

@Jason2gs: Lolwut, I already told you it won't let me access my HD when I am in there because it uses a different file format, so it fails to mount.

Isn't there something to download that lets you have NTFS file support?

Isn't there something to download that lets you have NTFS file support?

*Gives you cookie for knowing that format's name*

I dunno, you got a link? I got a Linux Live CD for Ubuntu 6.06 LTS. I can't DL another version - if they have a "Send CD to your house for free" thing like Ubuntu did for me, I can get a newer version with that support. :)

What file system do you have? You can check by going to my computer and selected your hard drive and view the properties

What Bullzeye said - NTFS.

I don't know if this will help but
http://sourceforge.net/projects/linux-ntfs

If that doesn't work, I think the thing I've used is this (http://www.ubuntugeek.com/widows-ntfs-partitions-readwrite-support-made-easy-in-ubuntu-feisty.html).

http://forum.tweaks.com/forum/Forum29-1.aspx

....

@Jason2gs: Lolwut, I already told you it won't let me access my HD when I am in there because it uses a different file format, so it fails to mount.

Feisty is rather old. Either get a newer version of the Ubuntu LiveCD, or some better suited LiveCD.


if they have a "Send CD to your house for free" thing like Ubuntu did for me, I can get a newer version with that support.

Haha, don't be so cheap :p

CDs are what? 10c a piece here in the US?

But if you really don't want to squeeze out a little bit of cash for 50 blank CDs, use Damn Small Linux. Fits on a thumb drive, and it'll work just fine for what you need.

Um...Ubuntu supports NTFS

Feisty is rather old. Either get a newer version of the Ubuntu LiveCD, or some better suited LiveCD.



Haha, don't be so cheap :p

CDs are what? 10c a piece here in the US?

But if you really don't want to squeeze out a little bit of cash for 50 blank CDs, use Damn Small Linux. Fits on a thumb drive, and it'll work just fine for what you need.

He wants a CD shipped, because he has dial-up.

He wants a CD shipped, because he has dial-up.

Ah, yes. Dreaded dial-up. I remember that!

Let's all pay homage to Harry for having to put up with Dial-up.

*Hum... Hum... Hum...*

Kk. Homage is over. Harry: Leave the download running for the night ;)

I'd need to leave for over 6 weeks to finish, even running 24/7.. =/ Meh, only option I have is CD sent to me.

Only thing I have ever downloaded over 700mb was a movie I needed (non-pornographic) and because it was for a school project that my final average depended on - I sat in my grandma's lawn for 8 hours straight leeching off some person's wifi. Wouldn't work in the house :/

i need help for the jr.member rank advancement help if u could

1 week 10 days no spam so stop leeching!:fiery: and don't try to hijack thread also lol sorry hy didn't read to much of post so didn't see can't reformat hard drive.

is it run by system or owner?
what account are you using?admin?
do you know what you downloaded to get it?
your using a wifi network? it might be from your host.

it looks like and extension bloodhound and its networking so try this:

1)download the attachment-its pskill (process kill) basicly nukes it out of existence.

2)once you download extract the exe and dll to your system32 folder

3)restart your pc, hit f8 on startup to enable adv options....choose safemode with networking; as login, choose admin (not owner-even if your the only user it should have it,otherwise just choose owner)

4)now go back to system32 folder, open cmd and type "pskill"
it will give you some help... here is an exaple of what your syntax should look like:

pskill -t \\mypcname -u myusername -p mypassword virusname.dll

if you dont have to use a password to log onto you pc (like mine) just do
pskill -t \\mypcname virusname.dll

after that, type
del virusname
in cmd....it might work, but if that doesnt, restart you pc in safe mode with cmd only (not network) this way the viruses cant start the just open cmd and type delvirusname.dll

http://shipit.ubuntu.com

also, why can't you backup?

I'd need to leave for over 6 weeks to finish, even running 24/7.. =/ Meh, only option I have is CD sent to me.

http://www.damnsmalllinux.org/

50 Meg download.

..... Don't delete anything from your System32 folder unless you're ready for a possible reformatting....

Even if the virus added it there, jesus? ;O

'Écoutez-le, ne soyez pas un juif, hes disposé à aider ...! :P'

I say go with Jesus, hy.

hmm i delete and alter plenty of stuff in my system32 folder and it never caused any problems, i do reformat my hd from time to time to clean it up, but its not because of any errors. you can atleast try scaning your pc in safe mode...

borrow a portable hard drive from someone, and put it all on, then wipe ur hd and pull all data from the portable one.

easy solution, so that you don't have to wipe all that data :(

browser extentions can be stopped in IE options and then deleted while they are stopped... i cant see the picture very clearly but that looks like what it is to me

Lol, already solved long ago :D Was a Virtumonde virus.