i have the b.exe virus on my computer and this virus blocks my access to the registry and kills my task manager. it also causes one certain program(limewire) to keep starting up on its own each time i shut it down. is there anyway to remove this? system restore is not working for me either

Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.

Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.

Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

After you post the Hijack This log run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.

After you post the Kaspersky log download the following tools.

Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode

Download Ewido Security Suite then set it up this way Ewido Setup Instructions We will need this later in safe mode

Be sure to update Ewido

Download killbox to your desktop from this link Killbox We will need it later in safe mode

Here is some removal info on it by Symantec
http://www.sarc.com/avcenter/venc/data/w32.alcra.b.html

Hopefully my advice will help you...Please post back with your results....thanks

I have the same problem as the guy who posted first and i need help please. i'm on windows xp and my taskmanager died so did my regedit.Also same thing with limewire doesn't wanna stop starting up.

i had this same maleware, long story short i rebooted and AS SOON AS i hit my user icon i started hitting cntl+alt+del to get into task manager. the b.exe file did not have time to prevent me from getting into it. i stopped the b.exe (in processes). then i just kept stopping limewire and bearshare (both were executing) until they did not return. catching them just as they started up in task manager. a search on google led me to the site below and i followed the instructions. the program 'autoruns' they recommend is free. follow their steps carefully, especially if you are not an expert user. bleeping computer had a lot of good info. i hope this helps.

http://www.bleepingcomputer.com/startups/b.exe-8492.html

LadyJoy, thanks for the great info.

Hopefully my advice will help you...Please post back with your results....thanks

sorry, been up all night fixing this.

need to add, you also need to get rid of the file that caused the problem, for me it was a 228 kb file for sandra lite software i tried to get off limewire. (i promise i will never look for software on there again, my friend has 98se and needed some help and they only sell software for 2000, xp and 2003 now)

back to more... it also created an svchost.exe file and placed it in C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe and an svchost.exeCommonStartup file in a folder called 'pss' (it may be different for other varients of the virus) in the windows folder. 3 files in the windows/prefetch folder for b.exe-?????.pf, svchost.exe-?????.pf and sandra?????????????.pf that need to be deleted as well. ? is for the garbage the virus added to the filename.

the registry entry for the startup/svchost.exe file was in HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache and HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^svchost.exe is the registry entry that will keep dumping the startup program back into the system, as it points to svchost.exeCommonStartup, if it finds that any or all of the components have been deleted. so that key must be deleted before rebooting. another entry was at HKEY_USERS\S-1-5-21-1729010350-2042993446-3480794843-1004\Software\Microsoft\Windows\ShellNoRoam\MUICache.

sorry for the long post, am exhausted. suffice to say get all entries that point to the C:\Documents and Settings\All Users\Start Menu\Programs\Startup\svchost.exe out of the registry. there were no entries for b.exe or the sandra lite.exe file i orginally executed in the registry, only the 2 different svchost.

do not delete just any entry for svchost as it is a file used by the OS. make sure they are only for the startup and commonstartup files.

i also found a folder named '_' in my download destination folder for bearshare that contained numerous .exe files, all 228 kb, that would spread the virus further on the net. i found these files by doing a search for any files created the exact same date and time of the b.exe file.

i don't know what symantec said as i had already done this work before i found this site. i hope my poor grammer is understandable.

'i may be a webmaster but i am not a pc guru', mainframes were my thing until 1/21/2000 when Y2K was over. But your never to old to start over. LOL