Windowslive.exe virus

wizardofid · Post by **wizardofid** » 07 Nov 2009, 00:19

This little bugger won't go away spybot search and destroy only disables it doesn't delete and avast only picks up when it tries to access the net.I'm fed up looking for it.

I have searched the net but only annoys me further.Has any one else got rid of it or a method that works.

The other question.

My other computer had a virus called ntdete1t.com virus how do I re-enable windows to view hidden folders and files
registry editing didn't help still stays hidden.

Post by **Monty** » 08 Nov 2009, 09:50

A reinstall of the OS is probably the best method.

Bladerunner · Post by **Bladerunner** » 08 Nov 2009, 10:16

Check your CurrentVersion\Run registry entries. You'll be able to trace it in case it's there.

wizardofid · Post by **wizardofid** » 08 Nov 2009, 10:21

I just formatted like a month ago all my settings and every thing is just back to the way I like it....

I also keep getting attacked from an IP address avast blocks it but`it doesn't show up on the log so I don't have the address

Bladerunner · Post by **Bladerunner** » 08 Nov 2009, 10:23

wizardofid wrote:I just formatted like a month ago all my settings and every thing is just back to the way I like it....

I also keep getting attacked from an IP address avast blocks it but`it doesn't show up on the log so I don't have the address

Start -> Run -> cmd -> netstat -n

wizardofid · Post by **wizardofid** » 16 Nov 2009, 21:44

Thanks got the IP it's a local address on MTN's network same as mine only the last 3 numbers differ.

Some perhaps scanning for an open port what gives?

Post by **KALSTER** » 17 Nov 2009, 02:09

Just do a quick test. Run, command + enter. Type: CD\ + enter, dir /ah + enter. See if you can see an autorun.inf file.

wizardofid · Post by **wizardofid** » 17 Nov 2009, 12:05

Thanks checked no autorun.inf files

avast is telling me this

DCOM EXPLOIT-attack from 41.112.142.133:135/tcp

WTF!?

The information doesn't help much.But it is a local IP.Scanning perhaps.?
Is there any way one of tracing the address to the city or tower at least?

Code: Select all

% This is the AfriNIC Whois server.

% Note: this output has been filtered.

% Information related to '41.112.0.0 - 41.127.255.255'

inetnum: 41.112.0.0 - 41.127.255.255
netname: MTNNS-NET6
descr: MTN Network Solutions
country: ZA
admin-c: ZC164-AFRINIC
tech-c: ZC164-AFRINIC
org: ORG-MNSL1-AFRINIC
status: ALLOCATED PA
mnt-by: AFRINIC-HM-MNT
mnt-lower: TF-209-212-96-0-209-212-127-255-MNT
mnt-domains: TF-209-212-96-0-209-212-127-255-MNT
source: AFRINIC # Filtered
parent: 41.0.0.0 - 41.255.255.255

organisation: ORG-MNSL1-AFRINIC
org-name: MTN Network Solutions (Pty) Ltd.
org-type: LIR
country: ZA
address: 2 Falcon View, Constantia Business Park, Cnr 14th Ave & Hendrik Potgieter Drive.
address: Weltevreden Park, Ext 18 2196
e-mail: [Email Removed]
e-mail: [Email Removed]
e-mail: [Email Removed]
e-mail: [Email Removed]
phone: +2711 912 3000
fax-no: +2711 911 5443
admin-c: ZC164-AFRINIC
tech-c: ZC164-AFRINIC
mnt-ref: AFRINIC-HM-MNT
mnt-ref: TF-196-41-160-0-196-41-191-255-MNT
mnt-by: AFRINIC-HM-MNT
remarks: This organization uses RWhois. For reassignment information,
remarks: Please see their RWhois server at:
remarks: rwhois://rwhois.mtnns.net:4321.
remarks: noc e-mail: <[Email Removed]>, phone: +27 11 860110860
remarks: abuse e-mail: <[Email Removed]>, phone: +27 11 860110860
source: AFRINIC # Filtered

person: MTN Network Solutions Pty Ltd
address: 7 Sturdee Ave
address: Rosebank, Gauteng 2196
address: ZA
phone: +27 0 11 280 0860
e-mail: [Email Removed]
nic-hdl: ZC164-AFRINIC
source: AFRINIC # Filtered

PCFormat Forum Archive

Windowslive.exe virus

Windowslive.exe virus

Re: Windowslive.exe virus

Re: Windowslive.exe virus

Re: Windowslive.exe virus

Re: Windowslive.exe virus

Re: Windowslive.exe virus

Re: Windowslive.exe virus

Re: Windowslive.exe virus