help in getting this off the pc

Discussion in 'Windows Desktop Systems' started by technokid88, Apr 21, 2006.

  1. technokid88

    technokid88 Part of a System Folding Team

    Messages:
    741
    Location:
    In a world without windows
    Came across this when i ran Netlimiter 2, it shows what files try or have acess to the net.

    li.exe, the thing has a pic of some ugly blond lady as the icon. Can't delete it none of my spyware stuff catches it. It's located here

    ON Windows XP
    C:\Windows\System32\li.exe

    This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable

    Any ideas on what i should run to get ride of this thing off.
    I ran s&d and windeffinder and they did not find anything on my pc.
     
  2. Sazar

    Sazar F@H - Is it in you? Staff Member Political User Folding Team

    Messages:
    14,905
    Location:
    Between Austin and Tampa
    Have you run ad-aware?
     
  3. technokid88

    technokid88 Part of a System Folding Team

    Messages:
    741
    Location:
    In a world without windows
    no ill try that one... This program worked great thanks... actully i have used this program before on my other computer, but had lost the program. Thanks for your help.

    Ad-aware SE Build 1.06
     
    Last edited: Apr 21, 2006
  4. lancer

    lancer There is no answer! Political User Folding Team

    Messages:
    3,093
    Location:
    FL, USA
    google ewido and download it and update it.

    then restart your machine after the memory has finish checking keep on pressing f8, a menu will appear select safe mode. and do a FULL scan with ewido in this windows mode, then whilst still in this mode go to trend micro's home page and run their free scan on all drives.

    Both of those should get rid of any issue.

    Ad-aware sucks ass. don't even bother and don't bother to scan anything whilst in normal windows mode.

    Also if you have anti virus software also run a scan whilst you're in the safe mode version as well.

    If you don't have any anti spyware you can get AVG free for well free, just google AVG free.
     
  5. technokid88

    technokid88 Part of a System Folding Team

    Messages:
    741
    Location:
    In a world without windows
    Lancer yeah i usally do the safe mode way of taking virus and adware off my computer. But decided to try the easy way. Thanks for you info too.
     
  6. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
    Notes on this Virus:

    Li.1178

    These are not dangerous memory resident parasitic viruses. They hook INT 21h and write themselves to the end of COM files that are executed.

    "Li.1178" checks input from DOS prompt and on entering "pajama" it displays: "Welcome Great One!". In some cases it sends Novell Netware packets.

    "Li.1413" hooks also INT 09h and checks keyboard input. When the string "kkyyzz" is entered, the virus removes itself from memory. While executing of LI.EXE file the virus stores keyboard input and sends Novell Netware packet(?).

    Running HijackThis will help us help you - here is an example of a forum thread where they did it, and it got fixed....

    Link
     
    Last edited: Apr 21, 2006
  7. lancer

    lancer There is no answer! Political User Folding Team

    Messages:
    3,093
    Location:
    FL, USA
    This May Be An Indicator Other Spyware Or Virus's I Would Follow My Path First, Then If Need Be Follow Mastershakes.
     
    Vanquished likes this.
  8. Sazar

    Sazar F@H - Is it in you? Staff Member Political User Folding Team

    Messages:
    14,905
    Location:
    Between Austin and Tampa
    If all else fails, shoot the virus with a 12-gauge shotgun, close-range.

    Post pictures after destruction.

    We will surely enjoy them.

    :cool:
     
  9. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
    With it fully powered on, and have a rapid shot camera (3, 4 pics per second)
    we should see some cool sparks and what not... maybe a quick BSOD ? hehehehe
     
  10. technokid88

    technokid88 Part of a System Folding Team

    Messages:
    741
    Location:
    In a world without windows
    lol.... i ran ad-aware, took care of the problem. I usally monitor everything that runs on my network.
     
  11. Sazar

    Sazar F@H - Is it in you? Staff Member Political User Folding Team

    Messages:
    14,905
    Location:
    Between Austin and Tampa
    Ad-aware has helped me remove a lot of malicious stuff that my AV and other apps don't.

    It gets a bad rap but the tool serves a purpose.

    I would still run hijackthis to find out if you have any other stuff running.
     
  12. tdinc

    tdinc █▄█ ▀█▄ █ Political User

    Messages:
    3,507
    Location:
    Sterling Heights, MICHIGAN
    This is a trojan you have, (Downloader.NTfull) is the true name. its not a virus...



    Download a-squared Free.
    http://www.emsisoft.com/en/software/download/

    Follow the instructions. Run a scan and see if it detects the "li.exe" & its root. after a complete scan, remove the trojan.


    As mentioned in the thread, Post a Hijack log. Also before you do, Run CCleaner
    to remove cookies and temp file to show a un-clutered log.
     
  13. technokid88

    technokid88 Part of a System Folding Team

    Messages:
    741
    Location:
    In a world without windows
    I went into my c drive i saw this folder
    C:\5f83a27137c7edcc4ac4e5145c07ccdd and in it there is one exe file

    SigStub.exe
    discription says
    Microsoft Malware Protection Signature Update Stub

    so is this true or some kind of virus, i googled the exe file found nothing.
     
  14. tdinc

    tdinc █▄█ ▀█▄ █ Political User

    Messages:
    3,507
    Location:
    Sterling Heights, MICHIGAN
    I'm confused now,,your first post you said you found >>> "li.exe" and was causing problems for you. Based on your post I did follow up on your problem.

    Could you please post a Hijack-this log so we can have a look at it? or did you rid the problem file already...??
     
  15. technokid88

    technokid88 Part of a System Folding Team

    Messages:
    741
    Location:
    In a world without windows
    Forget it i took care of it
     
    Last edited: Apr 28, 2006