liel.exe ??

Discussion in 'System Security & Infection Support' started by qsdls, Aug 26, 2009.

  1. qsdls

    qsdls VIP Member

    Joined:
    Jul 4, 2004
    Messages:
    212
    Likes Received:
    1
    Location:
    Juárez
    Hi, I got this HP desktop infected by some virus that I do not recognize, only thing I can see, was the process liel.exe was repetead like 20 times in task manager, but then windows freeze, so I cant do anything about it..
    I googled the liel.exe process and the first result was a website offering a cleaning tool, but I dont think that windows will allow me to run it before it freezes again,
    what can I do??
    any ideas?
     
    qsdls, Aug 26, 2009
    #1
    1. Advertisements

  2. qsdls

    Maurice Bloody good bloke VIP Member

    Joined:
    Jun 25, 2009
    Messages:
    352
    Likes Received:
    16
    Location:
    London England
    Hi, boot into 'safe-mode' by starting up the PC and tapping the F8 key just as the BIOS displays end and Windows starts to load. You should get a text-based menu and the option is at the top of the list 'safe mode'. Choose that and a bare version of Windows loads without the normal startup programs and drivers etc etc.

    If you are lucky the virus may not be activated. Now you could try running your AV program to see if that will remove the infection.

    If you feel brave enough you can go into the registry and look to see if you can see the calls to start the virus/trojan/malware.

    Two main places to look. First up press Start->run and enter Regedit.

    Expand HKCU\Software\Microsoft\Current Version\Run and look at the entries shown in the right hand pane. You should see calls to start programs up that you will recognise. You can delete anything that looks wrong.

    Then expand HKLM\Software\Microsoft\Current Version\Run - here is most likeley where you'll find and entry starting the nasty up. Deelet suspect entries.

    Now the only risk is that if the virus/trojan is active then when you shutdown cleanly it will rename itself and write new entries in those locations so when you start up again lo-and-behold there it is again.

    Never be fooled into downloading a so-called cleaning tool - that is precisely what they want you to do and it would probably make your PC unusable.

    Viruses/trojans are generally written by men with very small penises.
     
    Maurice, Aug 27, 2009
    #2
    1. Advertisements

  3. qsdls

    clifford VIP Member

    Joined:
    Jul 8, 2009
    Messages:
    184
    Likes Received:
    11
    I would use a BootCD. Navigate to the file through the use of "NTFS Pro for Dos" or simular program. After locating the file remove it with the Del command.

    You will need to know haw to navigate through the use of Dos commands.

    If you need further explanations. I will be happy to help.
     
    clifford, Aug 28, 2009
    #3
  4. qsdls

    qsdls VIP Member

    Joined:
    Jul 4, 2004
    Messages:
    212
    Likes Received:
    1
    Location:
    Juárez
    Thank you so much, I finally got it done. I boot on safe mode with networking , option, and downloaded the Antivirus and Antispyware updates, and then run a full system scan with both of it, and that do it, thanks again!
    Appreciate all your help.
     
    qsdls, Sep 1, 2009
    #4
  5. qsdls

    Maurice Bloody good bloke VIP Member

    Joined:
    Jun 25, 2009
    Messages:
    352
    Likes Received:
    16
    Location:
    London England
    Glad you resolved that.
     
    Maurice, Sep 2, 2009
    #5
  6. qsdls

    qsdls VIP Member

    Joined:
    Jul 4, 2004
    Messages:
    212
    Likes Received:
    1
    Location:
    Juárez
    Sorry, I got another problem.. seems like after windows had started up, no programs or maybe services are ran at the beginning..
    and I cant update windows, on the microsoft website, it displayed an error code: 0x80070002

    [ The website has encountered a problem and cannot display the page you are trying to view. The options provided below might help you solve the problem.
    For self-help options:
    For assisted support options:
    Read more about steps you can take to resolve this problem (error number 0x80070002) yourself. ]

    and also, at the following location on registry:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
    there is a folder named Run and another named run-
    possible infection??
     
    qsdls, Sep 4, 2009
    #6
  7. qsdls

    Maurice Bloody good bloke VIP Member

    Joined:
    Jun 25, 2009
    Messages:
    352
    Likes Received:
    16
    Location:
    London England
    Programs in the Run folder are those that start up when Windows boots. Those in the Run- folder are programs which were previously in the Run folder but have been moved over to stop them running automatically.

    msconfig.exe is the program that is used to modify which programs & services run at start up and it moves entries from Run to Run- and back again depending on the choices made.

    What you need to do is look in both of those locations and decide which entries are valid and which are suspect. Delete the suspect ones and then press Start->Run & enter msconfig.exe and choose the option to perform a normal startup. Reboot and see if all is now correct.
     
    Maurice, Sep 4, 2009
    #7
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.