yumyumcookie Posted February 24, 2010 Posted February 24, 2010 Hi, I got home several days ago to find a note on my desk from my girlfriend saying she found stuff on my limewire that made her physically ill, i asked her what it was she found and she said 63 dodgy porn videos. The problem is, i havn't used limewire in months, even years, and all i ever did use it for was mp3 downloads for the first couple of days as i found it quite a good tool before all the viruses i found come with it, so my question is, how did these videos get there? I couldnt check when they were downloaded as they were deleted as she said she was in such shock tht she got rid of them. I asked my friend if he knew anything about these videos as this was a serious issue and it was him who downloaded limewire on my pc to begin with and has also used my pc many many times. He told me that he did download a porno as a joke a long time ago as he knew my family used it so was playing a practical joke but after a couple of days realised i hadnt noticed (as i never use the bloody program) so he deleted it. IS there a link between any of this tht could of happened by downloading previous stuff on limewire or anything at all that could of done this? Im not sure if this is worth notting but i have also have a trojan on my computer at current but havn't got round to formatting my pc yet so not sure if that has anything to do with it. Quote
maynardvdm Posted February 24, 2010 Posted February 24, 2010 Hi I am sure our malware expert can help you, but first it will be a good idea to get rid of limewire for good. Go to Add/Remove Programs and remove it from there. After that you will recieve further instructions on removing any malware it has caused. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs. RaidMax Smilodon Gaming Case | Gigabyte Z77X-UD5H M/B | Intel Core i5 3570K @ 3.4GHz | 8GB Corsair RAM | Nvidia GTX550 Ti 1GB GDDR5 | Corsair 800w PSU Register for FREE >>here<< | If we have helped you, please consider a donation >>here<< SAS | MBAM | WinPatrol | Avira | ERUNT | Nvidia Drivers http://i285.photobucket.com/albums/ll57/mjsmileys/userbarnew4sec.gif
yumyumcookie Posted February 24, 2010 Author Posted February 24, 2010 i will do but that really doesn't help my initial reason of how they got there, could it be linked to a virus or a link tht came from other downloads i used it for? Quote
yumyumcookie Posted February 24, 2010 Author Posted February 24, 2010 also after i hve removed what should i do next? Quote
Starbuck Posted February 24, 2010 Posted February 24, 2010 Hi yumyumcookie, I've never heard of Limewire downloading things by it'self. Neither have i heard of a trojan downloading from Limewire on it's own before. Malware doesn't normally give you something for free, it's normally there to take something from you. It's common for some malware to give you popups to porn sites and try to get you to click on these links. This is a puzzling situation. If you want me to check your system for malware, i'd be happy to. Just follow the steps below and let me have the reports: Step 1 Please download Malwarebytes Anti-Malware and save it to your desktop. Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware [*]Then click Finish. [*]MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. [*]On the Scanner tab: Make sure the "Perform Full Scan" option is selected. Then click on the Scan button. [*]If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. [*]The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. [*]When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". [*]Click OK to close the message box and continue with the removal process. [*]Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. [*]Make sure that everything is checked, and click Remove Selected. [*]When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) [*]The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. [*]Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. Step 2 Download OTL to your desktop. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check . . http://img.photobucket.com/albums/v708/starbuck50/new/newOtl2.png Now copy the lines in the codebox below. netsvcs msconfig %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys nvrd32.sys symmpi.sys adp3132.sys /md5stop %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: MBAM scan report Both reports from OTL Thanks. Quote Member of:UNITE
Tootech Posted February 24, 2010 Posted February 24, 2010 My money would be on another user able to access the computer - Limewire doesn't have a mind of its own!! Just as an aside...... One of my customers once had a similar problem, loads of spyware turned up on his PC. It was my job to remove it, curious I looked through his browser history to find one Friday night there had been some prolific adult surfing. That was of course the source of the spyware. I was asked by my customer how the spyware had found its way onto the PC. I was a little confused and mentioned the date/time stamps of the surfing history. Turned out his work colleague has been over to 'check the business email' while he was away :) Moral of the story.....I treat my PC like my bank account - locked down and secure (but not full) :-) Quote
Match Posted February 24, 2010 Posted February 24, 2010 It may also pay to check that nothing or no one has enabled your remote desktop http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/rdesktop_disable.mspx?mfr=true I treat my PC like my bank account - locked down and secure (but not full) :-) I've given up trying to 'own' my own bank account, lol married :) Quote
yumyumcookie Posted February 25, 2010 Author Posted February 25, 2010 Iv'e just checked that and its showing a tick next to allow remote access, what does this mean then? (without stating the obvious) Quote
RandyL Posted February 25, 2010 Posted February 25, 2010 Taken from Windows Help and Support. When you enable Windows Remote Assistance: <LI class=listItem>You can get help using Windows Remote Assistance.Windows Remote Assistance is allowed through Windows Firewall so that it can communicate with your helper's computer. When you add a program to the list of allowed programs in a firewall, or when you open a firewall port, you allow a particular program to send information to or from your computer through the firewall. Allowing a program to communicate through a firewall (sometimes called unblocking) is like punching a hole in the firewall. Each time you open a port or allow a program to communicate through a firewall, your computer becomes a bit less secure. The more allowed programs or open ports your firewall has, the more opportunities there are for hackers or malicious software to use one of those openings to spread a worm, access your files, or use your computer to spread malicious software to others. It's generally safer to add a program to the list of allowed programs than to open a port. If you open a port, it stays open until you close it, whether or not a program is using it. If you add a program to the list of allowed programs, the "hole" is open only when needed for a particular communication. To help decrease your security risk: <LI class=listItem>Only allow a program or open a port when you really need to, and remove programs from the list of allowed programs or close ports that you no longer need.Never allow a program that you don't recognize to communicate through the firewall. Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Match Posted February 25, 2010 Posted February 25, 2010 OK lets not get the two mixed up, Remote Assistance works through Windows Live Messenger and allows you to request another computer to log into your computer, Dell has been getting some Bad publicity over using this for support, the idea being that by requesting me to log in to your computer using remote assistance I could for example set up your email account for you. Remote Desktop is designed so that anyone with the right IP address and Password could log in to your computer and use it as though they are sitting in front of it, If wake on lan is enabled in the Bios you can even turn it on from sleep mode. useful if you don't fancy going to the office or you forgot to email that report that you prepared last night. BUT, I have also come across a couple of versions of windows Vista that people have Downloaded that set this up automatically when installed and send the Details to a web site !!!! SO it is quite possible for a virus to also do this in my opinion Windows XP: Get Started Using Remote Desktop Using Remote Assistance to Get Help When You Need It Quote
yumyumcookie Posted February 26, 2010 Author Posted February 26, 2010 Just tried following the link the the walfare software but it doesnt seem to be working for me, keeps saying page cannot be displayed Quote
Starbuck Posted February 26, 2010 Posted February 26, 2010 To be honest, i think we can forget about all the possible Remote Assistance and Remote Desktop theories. I just can't see this being the cause in your case. To go through all the trouble to access your system, download something from limewire and then just leave it on your system!! no, it doesn't add up. Someone that has access to your system has done this, so they can watch the porn .... and then has just left it there. ( probably so they could return and watch it again) Follow the steps in post #5 and i'll take a look and make sure nothing bad is on the system and also make sure any p2p programs are nuked. Quote Member of:UNITE
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.