Wrestling articles with updated news about stars & matches.
restarts automatically after closing
Published on August 22, 2006 By mrboo In Windows XP
Every body who has a problem after installing limewire [which starts automatically, inspite of closing in few seconds is due to a virus activity called KB13] unable to turn it off are infected by virus.

Indications , "CTRL+ALT+DEL" keys doesnt work, unable to open taskbar, unable to open cmd.exe, limewire start automatically.

Here is the step to solve the issue,

"
1) Uninstall Limewire. You can reinstall it at the end of these steps.

2) Disable System Restore in Windows. This can be done by right clicking on My Computer, selecting Properties, and then clicking on the System Restore tab. Then check the box Turn Off System Restore. Hit Apply, and then OK. If you are prompted to restart Windows, do so.

3) Now we need to fool the virus into allowing us to open the Task Manager. This can be done by copying the Task Manager executable file from the Windows directory. To do this, go to c:\windows\system32, select the file taskmgr.exe, right click on it, and select Copy. Go to the desktop, and click on an empty part of the desktop. Then right click on the desktop, and select Paste.

4) Double click on the taskmgr.exe file on your desktop. This should open the Task Manager. Click on the Performance tab. If you are in fact infected with a virus, you will likely (although not necessarily) see close to 100% CPU usage!! Now click on the Processes tab, followed by clicking twice on the CPU column header. What this does is order the files running on your computer based on the amount of CPU resources they are consuming in real time. If there is a process, other than System Idle Process, that is consuming close to 100% of the CPU, then it is this process (or file) that is infecting your computer. For me, and likely for a lot of you, that file will be winupdates.exe. Don't be tricked. This is not a Microsoft program. It's a virus masking itself as a legitimate file. Please remember the exact name of this process, because you will need it in a later step.

5) Click on this process to highlight it, then click the button End Process. A warning prompt should pop up. Click on Yes.

6) Now that this process is killed, we need to remove any references to it from the Registry. Once again, because this virus is blocking us from opening the Registry Editor, we need to trick the virus by copying the file to the desktop. Follow the same steps as in number 3, except this time, copy the following two files from their respective directories, and paste them on the desktop.

c:\windows\regedit.exe
c:\windows\system32\cmd.exe

7) Open regedit from the desktop. In the left window, click on My Computer so that it is highlighted. Now select Edit from the menu, followed by Find. In the Find box, type the name of the process that you ended from the Task Manager. If you recall, mine was winupdates. Do not include the .exe, just winupdates. Then click Find.

8) For the item that it found in the right window, click it to highlight it if it isn't highlighted already, and then right click on it, and select Delete. If a prompt pops up, select Yes or OK to confirm the delete.

9) Now, hit the F3 button once. This will find the next reference to that bad file. Follow step 8 again to delete the reference. Repeat steps 9 and 8 until the editor indicates that there are no more references to this file. Then exit the editor.

10) Finally, click on cmd.exe which you copied to the desktop. It will open the Command Prompt (which looks like DOS). Type the following commands in order, and hit Enter after each line:

cd c:\
cd program files
rd /s /q winupdates

11) Now restart your computer. Reinstall Limewire.

This should hopefully fix your problem.

"
Just to add to the steps that I posted earlier, also do the following:

1) Go to the following directory and delete any file with winupdates in the name.

c:\windows\prefetch

2) When you're done with all of my steps, plase make sure to go back into the System Properties by right clicking on My Computer, and unchecking the Turn Off System Restore box under the System Restore tab.

For those of you who can't seem to find taskmgr.exe, cmd.exe, or regedit.exe, I would suggest you do the following if you have not already done so:

Open My Computer. Select Tools from the menu, followed by Folder Options. Click on the View tab. Make sure that there is a check mark next to the following items:

Display the Contents of System Folders
Show Hidden Files and Folder

Now, make sure there are no checkmarks beside the following:
Hide protected Operating System Files.

Also, if you are using the Search function in Windows to locate these files, make sure that you do it in the following way:

1) Click on the Start button in Windows, and then select Search.

2) Select All Files and Folder

3) Enter the file name in the first box.

4) Click on More Advanced Options.

5) Make sure that the following all have checkmarks next to them:
Search System Folders
Search Hidden Files and Folders
Search Subfolders

Then once these are checked, click on Search.

I hope this helps!
"
Take Care guys

Quick heal is the only antivirus so far found it & deletes immdly, but even it fails to identify the virus till it corrupts the system.



"

Comments (Page 2)
3 Pages1 2 3 
on Sep 12, 2006
Reply By: mishii Posted: Sunday, September 10, 2006
I have the same problem But when I look into the task manager, there is no other process that is running CPU like the System Idle Process. I have tried to run the computer with av but the ctrl+alt+del function still wouldn't work..



First thing you need to do is to install a firewall program like Zone Alarm, it will block the virus accessing the net.
U can then identify what malicious program is trying to access the net.
based on that you can identify what is the name of the virus.
on Sep 12, 2006
sorry unable to pass a comment earlier because of some technical difficulties in joeuser.com
on Sep 12, 2006
Thank you so much I'll try to do that and see if it works.
on Sep 14, 2006
hmm I saw the first program that tried to access the internet was called winlog.exe. but when i checked the task manager, it wasn't consuming any cpu at all? I'm sorry for asking so many questions but I really don't want to back everything up and format my lap top
on Sep 17, 2006
I have to agree with StephanA on that comment

Limwire, KaZaa are the 2 worst P2P Networks on the net. I use winmx and have been for the last 3+ years and have never had a problem with it.. i have friends that cant seem to use Limewire or KaZaa without having major problems after using it.. Im sorry but those 2 programs need to be delt with. I recommend anyone using them to stray away from them cause you will have nothing but problems.


just my 2 cents
on Sep 17, 2006
Limewire Virus is a redundancy.
on Sep 25, 2006
Sorry Mishii for late reply again, I was just off for some time.
winlog.exe might be the problem, inspect that with an anti-virus like quick heal and you might come to know whether it is the one that causing trouble or not.
on Nov 11, 2006
Im baffled, i had this thing and completely reboot but now i've got all my university work on here and so this is now not an option. i've tried following the methodology listed but i encountereed a problem.

1. i dont have a system32 file
2 my TASKMAN.exe doesnt run from my desktop.

can anyone help me.
on Nov 11, 2006
Well in that case I would say mail to one of the anti-virus team.
on Dec 30, 2006
you guys shouldn't even use limewire nor limewire pro... im not going to mention what i use to get banned from this forum. just pm me if you want to know... however it is the open source program for limewire... and its better too
on Dec 30, 2006
oh and no viruses here either, because i just got a new comp. and installed my lime-wire like (but not limewire) program.
on Feb 06, 2007
it could be mp3 rocket, if I am right
on Jul 24, 2009

I hope Mishi's problem is solved, goodluck to rest, make sure your aware of this problem.

on Jul 24, 2009

29 month old Necrothread....should be walking and talking by now....

on Jul 24, 2009

Love a good necrothread...

3 Pages1 2 3