C:\WINDOWS\system32\p2pnetworking.exe

B

Big G

This file keeps showing up even after it is detected by
Microsoft AntiSpyware beta software. Microsoft says it is
a "severe" threat so naturally I remove it, restart, and
then, once again it is back. Does anyone know if there is
another file that keeps reinstalling this?
 
E

Engel

Hello Big G;

Steps to take if you have spyware that is not removed by
Microsoft Windows AntiSpyware (betª)
1) Open up AntiSpywªre
2) Click Tools at the tºp
3) Click "Submit a Suspected Spyware Repºrt"
4) Fill out the form with as much detail so they can
anªlyze quickly.


Have you tried these operations running in safe mºde?

1) Update both Microsoft Antispyware and your antivirus
applicªtion.

2B)Shut down the computer and turn off the power. Wait
for at least 30 seconds, and then restart the computer in
Safe mode or VGA mºde.

Empty your IE cache and your other temporary file
folders, eg: c:\temp, c:\windows\temp or C:\Documents and
Settings\<name>\Local Settings\Temp (the path to your
temp folder will change depending on your name) -
sometimes programmes can be hidden in there - watch out
for mysterious *.exe files or *.dll files in those
fºlders.
http://www.mvps.org/winhelp2002/delcache.htm


3) Do full deep scans with Microsoft Antispyware. Repeat
scanning until a complete scan comes through clean.
Ditto with the ªntivirus.

This isn't guaranteed, but it works for a great many
items that at first appear not to be cleaned in normal
mºde.

Let us know how it works ºut.
..
Download the following and run a thorough scan in safe
mºde:

NOTE: Make certain to update every app before booting
into Safe Mode since you WILL
NOT have access to the Internet from Safe Mºde.

Ad-Aware - http://www.lavasoftusa.com
http://hem.bredband.net/b288305/lavasofts_adaware_quick_st
art.htm

Spybot S&D - http://www.safer-networking.org/
http://net-integration.net/index.html
Make certain to not to select any of the
pernament protection for Spybot and DO NOT immunize the
system, as this can interfere with MSAS' Real-tme
Protectiºn.

CWShredder -
http://www.intermute.com/products/cwshredder.html

Spy Sweeper - http://www.webroot.com

Ccleaner - http://www.ccleaner.com

Also check windows updates to make sure you have the
latest security patches and service packs instªlled :
http://windowsupdate.microsoft.com/

Good luck

Engel
 
G

Guest

Hey Big G

If its:

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

Then its gets installed with Kazaa along with Altnet and
should be removed via the add/remove screen

If its as you say and this file:

C:\WINDOWS\system32\p2pnetworking.exe

Then its a Worm (
 
A

AndyManchesta

Sorry I pressed Tab instead of Caps Lock and sent the
above message by mistake :)

Here's it is again :

If its:

C:\WINDOWS\System32\P2P Networking\P2P Networking.exe

Then its gets installed with Kazaa along with Altnet and
should be removed via the add/remove screen

If its as you say and this file:

C:\WINDOWS\system32\p2pnetworking.exe

Then its a Worm (RBot Variant)


Download Killbox

http://www.downloads.subratam.org/KillBox.zip

Save to desktop or C:drive and extract and run Killbox


Place a check next to "Delete On Reboot" and "End
Explorer Shell While Killing File"

In the 'Full Path Of File To Delete' area copy and paste
this:


C:\WINDOWS\system32\p2pnetworking.exe


It should then show below in Blue Writing.

Then Press the Red Circle with a White X (Delete)

Choose yes to "All Deleted Files Will Be Deleted On Next
Reboot"

Choose Yes to "Files Will be deleted on Reboot, Do you
want to reboot now ?"


That should then be deleted when you reboot

There is run command's for this in the registry in these
area's

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices


If you feel confident enough editing the registry goto
start menu then run and type regedit

Start at HKEY_LOCAL_MACHINE and keep pressing the plus+
beside the path name untill you get to the
Run folder(First HKEY_LOCAL_MACHINE then Software then
Microsoft then Windows etc..), Left click run to open the
values on the right pane then right click "P2P
Networking" and press delete do the same in the
RunServices folder

If you have any problems we can take them out using
Hijack This


Next run a virus scan here to make sure you dont have any
other problems

http://housecall.antivirus.com/


Regards

Andy
 
A

AndyManchesta

This may be a easier option to remove the registry run
entries for this so you dont have to manually edit the
registry.

Open 'MSAS' goto 'Advanced tools', then 'System
Explorers', click 'Startup Programs' check in Local
Machine Run and Local Machine RunServices for this 'p2p
Networking' entry, left click any found and then from the
lower right corner press 'Permanently Remove Startup
Program' then exit


All The Best

Andy
 
G

Guest

Thank you guys for your help, I just got home from work
so I will give it a shot. I will let you know how it
turns out. :)
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

AntiSpyware fails to removeVirtumonde (C:\WINDOWS\system32\mlljg.d 4
trojan.backdoor.small.FB 7
SearchAssistant Spyware 3
Comet Systems 2
AntiSpyware Threat Removal 2
my favorites folder was deleted 2
WindUpdates Browser Plug-in 2
NOD32 detects virus in MS AntiSpyware??? 1

Top