Wrestling articles with updated news about stars & matches.
restarts automatically after closing
Published on August 22, 2006 By mrboo In Windows XP
Every body who has a problem after installing limewire [which starts automatically, inspite of closing in few seconds is due to a virus activity called KB13] unable to turn it off are infected by virus.

Indications , "CTRL+ALT+DEL" keys doesnt work, unable to open taskbar, unable to open cmd.exe, limewire start automatically.

Here is the step to solve the issue,

"
1) Uninstall Limewire. You can reinstall it at the end of these steps.

2) Disable System Restore in Windows. This can be done by right clicking on My Computer, selecting Properties, and then clicking on the System Restore tab. Then check the box Turn Off System Restore. Hit Apply, and then OK. If you are prompted to restart Windows, do so.

3) Now we need to fool the virus into allowing us to open the Task Manager. This can be done by copying the Task Manager executable file from the Windows directory. To do this, go to c:\windows\system32, select the file taskmgr.exe, right click on it, and select Copy. Go to the desktop, and click on an empty part of the desktop. Then right click on the desktop, and select Paste.

4) Double click on the taskmgr.exe file on your desktop. This should open the Task Manager. Click on the Performance tab. If you are in fact infected with a virus, you will likely (although not necessarily) see close to 100% CPU usage!! Now click on the Processes tab, followed by clicking twice on the CPU column header. What this does is order the files running on your computer based on the amount of CPU resources they are consuming in real time. If there is a process, other than System Idle Process, that is consuming close to 100% of the CPU, then it is this process (or file) that is infecting your computer. For me, and likely for a lot of you, that file will be winupdates.exe. Don't be tricked. This is not a Microsoft program. It's a virus masking itself as a legitimate file. Please remember the exact name of this process, because you will need it in a later step.

5) Click on this process to highlight it, then click the button End Process. A warning prompt should pop up. Click on Yes.

6) Now that this process is killed, we need to remove any references to it from the Registry. Once again, because this virus is blocking us from opening the Registry Editor, we need to trick the virus by copying the file to the desktop. Follow the same steps as in number 3, except this time, copy the following two files from their respective directories, and paste them on the desktop.

c:\windows\regedit.exe
c:\windows\system32\cmd.exe

7) Open regedit from the desktop. In the left window, click on My Computer so that it is highlighted. Now select Edit from the menu, followed by Find. In the Find box, type the name of the process that you ended from the Task Manager. If you recall, mine was winupdates. Do not include the .exe, just winupdates. Then click Find.

8) For the item that it found in the right window, click it to highlight it if it isn't highlighted already, and then right click on it, and select Delete. If a prompt pops up, select Yes or OK to confirm the delete.

9) Now, hit the F3 button once. This will find the next reference to that bad file. Follow step 8 again to delete the reference. Repeat steps 9 and 8 until the editor indicates that there are no more references to this file. Then exit the editor.

10) Finally, click on cmd.exe which you copied to the desktop. It will open the Command Prompt (which looks like DOS). Type the following commands in order, and hit Enter after each line:

cd c:\
cd program files
rd /s /q winupdates

11) Now restart your computer. Reinstall Limewire.

This should hopefully fix your problem.

"
Just to add to the steps that I posted earlier, also do the following:

1) Go to the following directory and delete any file with winupdates in the name.

c:\windows\prefetch

2) When you're done with all of my steps, plase make sure to go back into the System Properties by right clicking on My Computer, and unchecking the Turn Off System Restore box under the System Restore tab.

For those of you who can't seem to find taskmgr.exe, cmd.exe, or regedit.exe, I would suggest you do the following if you have not already done so:

Open My Computer. Select Tools from the menu, followed by Folder Options. Click on the View tab. Make sure that there is a check mark next to the following items:

Display the Contents of System Folders
Show Hidden Files and Folder

Now, make sure there are no checkmarks beside the following:
Hide protected Operating System Files.

Also, if you are using the Search function in Windows to locate these files, make sure that you do it in the following way:

1) Click on the Start button in Windows, and then select Search.

2) Select All Files and Folder

3) Enter the file name in the first box.

4) Click on More Advanced Options.

5) Make sure that the following all have checkmarks next to them:
Search System Folders
Search Hidden Files and Folders
Search Subfolders

Then once these are checked, click on Search.

I hope this helps!
"
Take Care guys

Quick heal is the only antivirus so far found it & deletes immdly, but even it fails to identify the virus till it corrupts the system.



"

Comments (Page 1)
3 Pages1 2 3 
on Aug 22, 2006
hope u guys prevent b4 it plays
on Aug 22, 2006
Thanks for the great help!
on Aug 22, 2006
Your Welcome Deferance, just making everybody aware of the bloody virus, which already afected my system.
on Aug 23, 2006
This is one of the biggest dangers of downloading things from unknown sources. Sooner or later you get nailed. As someone who has downloaded his fair (?) share of music using P2P software I still have to laugh at the idea of getting a virus from the very program that is used to "borrow" other people's property.
on Aug 23, 2006
It entered my system as msconfig.exe, I was completely screwed up by the virus, add to it I uninstalled Limewire a long time back but a message use to popup every 10 secs saying that limewire is missing.
I am still unable to rectify it, I fear of formating as I might lose loads of precious data's and whats the point if it gonna come back again.

Anyways Ur method seems a bit useful for me, it did remove the virus, but the deleted files & virus comes back again, I got no clue from where it is regenerating again.
if U could help me in that it would be great.
on Aug 23, 2006
Kazaa and Limewire are parasites and should be exterminated.
on Aug 23, 2006
yeah , peer to peer should be banned, especially if these softwares cant provide security.
on Aug 23, 2006
I dont personally find anything wrong with peer to peer networking, it is indeed revolutionary way of connecting people & pc.
But not many people like the concept and they spread virus & spywares like the one listed in the article.

Anyways its upto person to person to take the risk of using software like this.
Limewire is virus & spyware free but among the p2p software it is targeted most because of its popularity.
on Aug 23, 2006
I dont personally find anything wrong with peer to peer networking


Nothing wrong with the network itself, but the problem is that 95% of the stuff out there is pirated and violates copyrights. Just because something is easy to steal, doesn't mean it's ok to do so.

I don't really feel bad for people who've gotten viruses or spyware when downloading stolen material. What goes around, comes around.
on Aug 23, 2006
well people does use p2p for sharing,as said before thats a revolutionary concept, sharing doesnt mean stealing dude, but Yes I do agree most of them use it for sharing copyright violations, but remember one thing even without p2p its still possible to copyright violations, there are lots of site does it legally, lots of them transfer through messanger and other stuffs.

To add to it there are loads of pirated release, so why put all blame on p2p alone, see the good concept in p2p try helping the net community by preventing p2p usage in wrong way.
on Aug 25, 2006
Its true there is virus that is targeting limewire software. Come on guyz keep away from them.
Thanks Mrboo and other for article & review.
on Aug 26, 2006
actually the problem exisits only with the latest version of limewire, luckily I had an old version of it & its running fine.
on Aug 26, 2006
well no comments, I would never try Limewire again.
on Sep 10, 2006
I have the same problem But when I look into the task manager, there is no other process that is running CPU like the System Idle Process. I have tried to run the computer with av but the ctrl+alt+del function still wouldn't work..
on Sep 10, 2006
just found out Friday WinMX has been around for the last yr after doing a workaround + many of us were unaware...of late the volume of p2p on Limewire has been declining steadily...even the dependable weekend opportunity frame is in decline..give WinMX a looksee for re dLing the patched app @ http://www.winmxgroup.com/ anyone needing to'portforward' with their router to get a TCP connection can automatically do so with the app found here http://www.portforward.com/store/pfconfig.htm
3 Pages1 2 3