Cannot get rid of Win32.p2p-worm.Alcan.a

Discussion in 'Malware Help (A Specialist Will Reply)' started by Jim Wright, Jun 27, 2005.

  1. Jim Wright

    Jim Wright Private E-2

    Got this I believe from Limewire. Cannot access program manager etc, Adware Se removes it, but on re-boot it's back.

    I have a Hijackthis log if wanted.

    Using Win Xp Pro.

    Help please.
     
    Jim Wright, Jun 27, 2005
    #1
  2. Anon-068c403e2d

    Anon-068c403e2d Anonymized

    I usually dont answer spyware questions but until bj or chaslang is back I have one trick that you can try.Try disabling system restore when you delete the worm,then you can re-enable it afterwards.It might be hiding in there.If it works you may still stay here until the spyware guys really give you the green signal.Also doesnt your anti-virus catch it?Do a full scan before re-enabling system restore.
     
    Anon-068c403e2d, Jun 27, 2005
    #2
  3. Jim Wright

    Jim Wright Private E-2

    I have done all the checks, downloaded that which is required, scanned etc, it keeps coming back.

    Any Ideas plse.

    Jim
     
    Jim Wright, Jun 27, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Are you saying you ran ALL of this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    If so, and you still have problems, please follow the steps below exactly:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Jun 27, 2005
    #4
  5. Jim Wright

    Jim Wright Private E-2

    Yes, done what you asked but it won't budge. Messenger and other programs exited from toolbar, cannot use task manager as worm has disabled it.

    Log is attached. My bootdrive is H:

    Thank you.

    Jim
     

    Attached Files:

    Jim Wright, Jun 28, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Please run HijackThis and click on the "Open the Misc Tools Section" button on the open page. Then select "Open process manager" on the left-hand side. Look for the following process (or processes) and one at a time kill them by selecting it and then click "Kill process". Then click yes.

    H:\Program Files\winupdates\winupdates.exe


    After killing all the above processes, click "Back".

    Then please click "Scan" and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

    O4 - HKLM\..\Run: [winupdates] H:\Program Files\winupdates\winupdates.exe /auto


    After clicking Fix, exit HJT.

    Boot into safe mode and use Windows Explorer to delete:
    H:\Program Files\winupdates <--- the whole folder

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.


    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Jun 28, 2005
    #6
  7. Jim Wright

    Jim Wright Private E-2

    Chaslang, thank you very much, seems to have done the job. Posted new HJT log as requested. Again thank you.

    Jim
     

    Attached Files:

    Jim Wright, Jun 28, 2005
    #7
  8. catbro6166

    catbro6166 Corporal

    Hello I just thought I would see what I could do to help.

    The P2P worms are peer to peer virus trackers they come from any and all file sharing software this you know I have limewire and run firewalls out the ass same problem occured on mine and I went through all the stuff in the majorgeeks fix and nothing got it the problem is registry related and the only way to fix it is to go into safe mode which disables all non system related services and run all cleaners that majorgeeks have and adaware then go into your file sharing software and disable startup upon boot up. If you would like give me email and I will be glad to help out any way I can been there it sucks but its repairable with lots of patience. brock.cates@catesmechanical.com lots of luck hope you get it.
     
    catbro6166, Jun 28, 2005
    #8
  9. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    According to Jim Wright's last message, he already said the problem is resolved.
     
    chaslang, Jun 29, 2005
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You log is clean. To help keep it that way, run the steps in the below thread:

    How to Protect yourself from malware!
     
    chaslang, Jun 29, 2005
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds