help in getting this off the pc

technokid88

Part of a System
Joined
15 Feb 2006
Messages
741
Came across this when i ran Netlimiter 2, it shows what files try or have acess to the net.

li.exe, the thing has a pic of some ugly blond lady as the icon. Can't delete it none of my spyware stuff catches it. It's located here

ON Windows XP
C:\Windows\System32\li.exe

This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable

Any ideas on what i should run to get ride of this thing off.
I ran s&d and windeffinder and they did not find anything on my pc.
 
no ill try that one... This program worked great thanks... actully i have used this program before on my other computer, but had lost the program. Thanks for your help.

Ad-aware SE Build 1.06
 
Last edited:
google ewido and download it and update it.

then restart your machine after the memory has finish checking keep on pressing f8, a menu will appear select safe mode. and do a FULL scan with ewido in this windows mode, then whilst still in this mode go to trend micro's home page and run their free scan on all drives.

Both of those should get rid of any issue.

Ad-aware sucks ass. don't even bother and don't bother to scan anything whilst in normal windows mode.

Also if you have anti virus software also run a scan whilst you're in the safe mode version as well.

If you don't have any anti spyware you can get AVG free for well free, just google AVG free.
 
Lancer yeah i usally do the safe mode way of taking virus and adware off my computer. But decided to try the easy way. Thanks for you info too.
 
Notes on this Virus:

Li.1178

These are not dangerous memory resident parasitic viruses. They hook INT 21h and write themselves to the end of COM files that are executed.

"Li.1178" checks input from DOS prompt and on entering "pajama" it displays: "Welcome Great One!". In some cases it sends Novell Netware packets.

"Li.1413" hooks also INT 09h and checks keyboard input. When the string "kkyyzz" is entered, the virus removes itself from memory. While executing of LI.EXE file the virus stores keyboard input and sends Novell Netware packet(?).

Running HijackThis will help us help you - here is an example of a forum thread where they did it, and it got fixed....

Link
 
Last edited:
This May Be An Indicator Other Spyware Or Virus's I Would Follow My Path First, Then If Need Be Follow Mastershakes.
 
If all else fails, shoot the virus with a 12-gauge shotgun, close-range.

Post pictures after destruction.

We will surely enjoy them.

:cool:
 
Sazar said:
If all else fails, shoot the virus with a 12-gauge shotgun, close-range.

Post pictures after destruction.

We will surely enjoy them.

:cool:

With it fully powered on, and have a rapid shot camera (3, 4 pics per second)
we should see some cool sparks and what not... maybe a quick BSOD ? hehehehe
 
lol.... i ran ad-aware, took care of the problem. I usally monitor everything that runs on my network.
 
Ad-aware has helped me remove a lot of malicious stuff that my AV and other apps don't.

It gets a bad rap but the tool serves a purpose.

I would still run hijackthis to find out if you have any other stuff running.
 
This is a trojan you have, (Downloader.NTfull) is the true name. its not a virus...

Besides the "li.exe" look out for the following that may be rooted on your PC

process: links.exe: MD5 Hash: d8ec0c8d61d6958958b...
process: ntzl.exe: MD5 Hash: ddc24a50fd8b3a9e683...
process: lib.exe: MD5 Hash: 89b5939e56fabb100ac...
process: ntnc.exe: MD5 Hash: bf7e8eb3000b0ca40d5....
process: lich.exe: MD5 Hash: f39820619fb05c9874b...
process: ntzl.exe: MD5 Hash: f39820619fb05c9874b..



Download a-squared Free.
http://www.emsisoft.com/en/software/download/

Follow the instructions. Run a scan and see if it detects the "li.exe" & its root. after a complete scan, remove the trojan.


As mentioned in the thread, Post a Hijack log. Also before you do, Run CCleaner
to remove cookies and temp file to show a un-clutered log.
 
I went into my c drive i saw this folder
C:\5f83a27137c7edcc4ac4e5145c07ccdd and in it there is one exe file

SigStub.exe
discription says
Microsoft Malware Protection Signature Update Stub

so is this true or some kind of virus, i googled the exe file found nothing.
 
I'm confused now,,your first post you said you found >>> "li.exe" and was causing problems for you. Based on your post I did follow up on your problem.

Could you please post a Hijack-this log so we can have a look at it? or did you rid the problem file already...??
 

Members online

No members online now.

Latest profile posts

Also Hi EP and people. I found this place again while looking through a oooollllllldddd backup. I have filled over 10TB and was looking at my collection of antiques. Any bids on the 500Mhz Win 95 fix?
Any of the SP crew still out there?
Xie wrote on Electronic Punk's profile.
Impressed you have kept this alive this long EP! So many sites have come and gone. :(

Just did some crude math and I apparently joined almost 18yrs ago, how is that possible???
hello peeps... is been some time since i last came here.
Electronic Punk wrote on Sazar's profile.
Rest in peace my friend, been trying to find you and finally did in the worst way imaginable.

Forum statistics

Threads
62,015
Messages
673,494
Members
5,621
Latest member
naeemsafi
Back