-
March 11th, 2005, 01:49 AM
#1
Junior Member
can't get rid of worm
hi all,
this is my first post on this website. I am not very good with advanced computing, but lately I've been taking a bit more care of my laptop. I noticed in my task manager an application called wfdmgr.exe, and after googling it I learnt it was a mail worm. I tried to get rid of it but it still comes back after rebooting. Here is what I did:
(I am on Win XP)
1) I unchecked the system restore mode
2) I ended the task in the process
3) I typed the name of the application in the Start search engine but found nothing else
4) I looked at hkey_local_machine\software\microsoft\windows\currentversion\run but found nothing suspicious, except maybe the 1st process, only because it has no description
5) I rebooted the pc
6) I run task manager, wfdmgr is back again!
I thought maybe you guys could help me
thanks
-
March 11th, 2005, 02:13 AM
#2
Go here, download Hijack This, run it, save the results as a text file and after you have removed any identifying information from it and attach it to your next message.
There are several people here that will tell you what to do next quite quickly.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
March 11th, 2005, 02:19 AM
#3
Banned
Re: can't get rid of worm
Originally posted here by mavax
hi all,
4) I looked at hkey_local_machine\software\microsoft\windows\currentversion\run but found nothing suspicious, except maybe the 1st process, only because it has no description
yeah - well some that stuff don't always launch from that reg key. look @ the link!!
http://www.bleepingcomputer.com/forums/tutorial83.html
-
March 11th, 2005, 03:28 AM
#4
Re: Re: can't get rid of worm
Nice link you got there-
But I think Hijack This was updated to cover it? In fact I'm trying it right now and it looks like it picked up the registry areas that are covered in that link. Although- you're saying the link is about not using the registry to load services? Which one of us is confused? That whole article is entirely about the registry... Let me check again.
edit- from site
Knowing how to diagnose a service running as a malware is an important part of fighting spyware. As more and more spyware and viruses use this technique , the understanding of how services work and are configured in the Registry will make the difference between fixing a computer and not fixing it.
-
March 11th, 2005, 11:43 AM
#5
-
March 11th, 2005, 04:19 PM
#6
Are you running any anti-virus software on your computer?
If not, while your following XTC's instructions, you can use trend micro's online scan.
http://housecall.trendmicro.com/
\"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn
-
March 11th, 2005, 04:42 PM
#7
Senior Member
If you want to get rid of any kind of malware, you should first go to safe mode (tapping F8 during boot proces).
In registry beside HKEY_LOCAL_MACHINE/software/microsoft/windows/current version/run
you should check ...runonce ... runservice ...runserviceonce
and ofcourse all those keys in HKEY_CURENT_USER/... and the same like above.
HijackThis is tool that does all work for you. It check all places from where program or service can run, and also check for some .dll things that spyware drops in IE...
But before you remove anything with HijackThis make backup and consult someone who knows more about this. Like TigerShark said, you can post results here.... it is the best way.
Soda: If you carefully read post from that banned guy, you will see that he (probably) wanted to say that this specific regkey mavax checked is not the only regkey for starting programs
Ikalo
------
Make your knowledge your deadliest weapon.
-
April 24th, 2005, 08:49 PM
#8
Even i used to be infected with the same worm.NAV2003,2005 didnt cure it.
Does it really harm you?
I dont think so.Just a few k'a of memory until u end task it
-
April 24th, 2005, 09:32 PM
#9
gizmofreak
Please read this:
http://it.trendmicro-europe.com/ente...YTOB.B&VSect=T
Then answer your own question
-
April 25th, 2005, 05:25 AM
#10
Junior Member
i had got a worm to which wouldn't get removed coz the system was using the infected file with virus in normal mode...so i went into safe mode and ran my norton av scan and found the virus which i was able to delete
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|