can't get rid of worm
Results 1 to 10 of 10

Thread: can't get rid of worm

  1. #1
    Junior Member
    Join Date
    Mar 2005
    Posts
    1

    can't get rid of worm

    hi all,

    this is my first post on this website. I am not very good with advanced computing, but lately I've been taking a bit more care of my laptop. I noticed in my task manager an application called wfdmgr.exe, and after googling it I learnt it was a mail worm. I tried to get rid of it but it still comes back after rebooting. Here is what I did:

    (I am on Win XP)
    1) I unchecked the system restore mode
    2) I ended the task in the process
    3) I typed the name of the application in the Start search engine but found nothing else
    4) I looked at hkey_local_machine\software\microsoft\windows\currentversion\run but found nothing suspicious, except maybe the 1st process, only because it has no description
    5) I rebooted the pc
    6) I run task manager, wfdmgr is back again!

    I thought maybe you guys could help me

    thanks

  2. #2
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    Go here, download Hijack This, run it, save the results as a text file and after you have removed any identifying information from it and attach it to your next message.

    There are several people here that will tell you what to do next quite quickly.
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  3. #3

    Re: can't get rid of worm

    Originally posted here by mavax
    hi all,

    4) I looked at hkey_local_machine\software\microsoft\windows\currentversion\run but found nothing suspicious, except maybe the 1st process, only because it has no description

    yeah - well some that stuff don't always launch from that reg key. look @ the link!!

    http://www.bleepingcomputer.com/forums/tutorial83.html

  4. #4

    Re: Re: can't get rid of worm

    Originally posted here by Jebo Majku
    yeah - well some that stuff don't always launch from that reg key. look @ the link!!

    http://www.bleepingcomputer.com/forums/tutorial83.html
    Nice link you got there-

    But I think Hijack This was updated to cover it? In fact I'm trying it right now and it looks like it picked up the registry areas that are covered in that link. Although- you're saying the link is about not using the registry to load services? Which one of us is confused? That whole article is entirely about the registry... Let me check again.

    edit- from site
    Knowing how to diagnose a service running as a malware is an important part of fighting spyware. As more and more spyware and viruses use this technique , the understanding of how services work and are configured in the Registry will make the difference between fixing a computer and not fixing it.

  5. #5
    Senior Member
    Join Date
    May 2003
    Posts
    1,199
    Everyone is going to die, I am just as good of a reason as any.

    http://think-smarter.blogspot.com

  6. #6
    Senior Member
    Join Date
    Mar 2004
    Posts
    510
    Are you running any anti-virus software on your computer?

    If not, while your following XTC's instructions, you can use trend micro's online scan.

    http://housecall.trendmicro.com/
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  7. #7
    Senior Member
    Join Date
    Jan 2004
    Posts
    124
    If you want to get rid of any kind of malware, you should first go to safe mode (tapping F8 during boot proces).

    In registry beside HKEY_LOCAL_MACHINE/software/microsoft/windows/current version/run
    you should check ...runonce ... runservice ...runserviceonce
    and ofcourse all those keys in HKEY_CURENT_USER/... and the same like above.

    HijackThis is tool that does all work for you. It check all places from where program or service can run, and also check for some .dll things that spyware drops in IE...
    But before you remove anything with HijackThis make backup and consult someone who knows more about this. Like TigerShark said, you can post results here.... it is the best way.

    Soda: If you carefully read post from that banned guy, you will see that he (probably) wanted to say that this specific regkey mavax checked is not the only regkey for starting programs
    Ikalo
    ------
    Make your knowledge your deadliest weapon.

  8. #8
    Even i used to be infected with the same worm.NAV2003,2005 didnt cure it.
    Does it really harm you?
    I dont think so.Just a few k'a of memory until u end task it

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    gizmofreak

    Please read this:

    http://it.trendmicro-europe.com/ente...YTOB.B&VSect=T

    Then answer your own question

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    Junior Member
    Join Date
    Apr 2005
    Posts
    9
    i had got a worm to which wouldn't get removed coz the system was using the infected file with virus in normal mode...so i went into safe mode and ran my norton av scan and found the virus which i was able to delete

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides