Abs.Net web Page

Share Your Knowledge, Build your Network..

Downloading LimeWire 1.5.2 from unauthorized website can bring dissaster

Posted by Hari Saryono on 8 April 2009

Limewire 1.5.2 now available for download. This P2P Sharing program offer many improvement including new look and more secure. Check out LimeWire official website for more.

I never use Limewire before, that’s why I want to try. My google search hit this website. It’s interesteing, isn’t it?. I don’t want to download from ddl, because I have no account there, so I download from LimeWire Official Website.

Scroll down this website. See an interesting one?. Yes, here’s the picture.


I click download the keygen, because download the serial link look broken. Before installing LimeWire, I just wonder if this keygen work. I click it twice, and…. nothing happen. I try again, clicking twice and… nothing happen.

For your note, I didn’t use any antivirus that time, because I just uninstalling my AVIRA 8 while downloading AVIRA 9 didn’t finish yet. This must be a virus, I suspected.

I try to CTRL+ALT+DELETE my computer and… bamm…

I found some interesting program “svcnost.exe”. Suspicious, right?. So I googled “svcnost.exe” and, in the same time I send “svcnost.exe” and keygen to avira lab. As you can guess, It’s a malware.

Check out what AVIRA found here for keygen analysis report and here for svcnost.exe report.

I don’t know what this virus really do, and I’m connected to the net when I clicked this keygen. Maybe they steal my password. Whatever, I’ve change it.

What’s this virus do?

According to what I read from various places, it will steal your data and sending itself to your contact email. The complete list is:

  • Allow complete access to your computer without your authorisation/knowledge
  • Destroy/corrupt data on your system
  • Steal private information (I.E emails/passwords/credit card information)
  • Sending spam emails from your computer without your knowledge
  • Denial-of-service attacks (DOS) on internet websites

Trojans are commonly spread through e-mail attachments, chat rooms or received/downloaded files that give the impression they are actually something else.

How To Clean It?

After CTRL+ALT+DELETE and kill svcnost.exe process, Manually I search for svcnost.exe in regedit. I found 2 places where svcnost.exe exist. Just delete it.

Then I search svcnost.exe in my hard drive. I found only 1 place : c:/windows/system32/svcnost.exe, although other researcher found in another places. Maybe I terminate the process too soon.

  • %CommonPrograms%\startup\startup1.exe
  • %System%\3comnet\service\svcnost.exe
  • %System%\svcnost.exe
  • %Windir%\help\svcnost.exe

If you find it, delete it.


Good Downloading Practice

Sometimes, we can’t avoid downloading from “high risk” site like what I’d explained. I suggest you activate antivirus automatic scanner.

  1. If scan result showing Keygen, it’s OK, you can disable your antivirus for a moment, run the keygen, apply it, zip your keygen for future use, and then activate your antivirus again.
  2. If scan result is Malware / Trojan, you better find another source or consider to buy.

4 Responses to “Downloading LimeWire 1.5.2 from unauthorized website can bring dissaster”

  1. […] Downloading LimeWire 1.5.2 from unauthorized website can bring … […]

  2. […] Downloading LimeWire 1.5.2 from unauthorized website can bring … […]

  3. Good and relevant post. I have

  4. Really nice post. Very Informative and helpful post.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: