Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Can't get rid of WIN32.P2P-WORM.ALCAN.A!

Started by Hard B , Jan 24 2006 01:31 AM

  • Please log in to reply

#1
Hard B
Posted 24 January 2006 - 01:31 AM

Hard B

    New Member

  • Member
  • Pip
  • 4 posts
Two days ago I tried updating Limewire from 4.9 to 4.10. I started geting pop ups and notice my system was running slow. I also noticed I couldn't open task manger to manually shutdown programs and the system resotr tab in the My Computer properties is missing. I tried a number of fixes from this board includiing the bfu.exe which ata least got me my task manager back. Unfortunately, the pop ups and unstable system continues. I now can't go to Microsoft Windows update site with out IE hanging.

I followed all the steps listed in the "Malware" section to attempt to get rid of this worm. Her is the most recent HiJack log file:
----------------------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 11:18:14 PM, on 1/23/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\bmwebcfg.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\My Archives\PC Fixes\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mektek.ne...ex.php?act=home
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O10 - Broken Internet access because of LSP provider 'bmnet.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1138086498983
O20 - Winlogon Notify: Reliability - C:\WINDOWS\system32\irp6l57s1.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bytemobile Web Configurator (bmwebcfg) - Bytemobile, Inc. - C:\WINDOWS\System32\bmwebcfg.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: NetMeeting Remote Desktop Sharing (mnmsrvc) - Unknown owner - D:\WINDOWS\System32\mnmsrvc.exe (file missing)
O23 - Service: Remote Desktop Help Session Manager (RDSessMgr) - Unknown owner - D:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

---------------------------------------------------------------------------------------------------------------

I am almost to the point of completely reinstalling Win XP. I would like to find another option is possible.
  • 0

Advertisements

#2
didom
Posted 26 January 2006 - 12:19 PM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please download and unzip BFUzip from http://computercops..../Merijn/bfu.zip
Run the program and click the Web button as shown here:
Posted Image

Use this URL to copy into the address bar of the Download script window:
http://metallica.geekstogo.com/p2pnetwork.bfu

Execute the script by clicking the Execute button.
Note that you should see a progress bar while the script is being executed.

If you have any questions about the use of BFU please read here:
http://metallica.gee...structions.html

Reboot and post a new HijackThis log.
Also let me know if Taskmanager works now.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP