tag:blogger.com,1999:blog-4056600558769970290.post546562306093132014..comments2024-03-14T00:46:58.461-07:00Comments on the Digital me: jwgkvsq.vmx - Conficker virus manual removalUnknownnoreply@blogger.comBlogger23125tag:blogger.com,1999:blog-4056600558769970290.post-26771966420879485702012-09-27T19:33:41.319-07:002012-09-27T19:33:41.319-07:00Thanks for the tutorial. It worked on my PC. Thi...Thanks for the tutorial. It worked on my PC. This is the random string on my PC which does not appear on your list: mwshl <br><br>I hope you could add it on your list. Thanks!<br /><br /><br />Jasmine Gomeznoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-41367513677650423452012-01-14T08:35:34.641-08:002012-01-14T08:35:34.641-08:00the worm is more malicious,because he blocks the a...the worm is more malicious,because he blocks the access to Microsoft..<br />and to other antivirus site<br />you cannot download mce..<br /><br />the best way is to delete the name of the service on the end of the list.<br />if you don't find the dll in system32 ,it's not important.<br />it is not activated anymore when you restart.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-38033699001719847252011-08-22T14:09:48.484-07:002011-08-22T14:09:48.484-07:00Guys download the malicious s/w remover from Micro...Guys download the malicious s/w remover from Microsoft.. worked like a charm.. My antivirus was able to detect it and delete it but once I rebooted the system, the damn virus was back again in the scan. Took me 2 hours to try this. a 500G portable drive so lots of data to scan :D anyways as people have said above as well.. Download the malicious S/w remover from MS and run it.Ashernoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-59309405119231011472011-03-14T16:39:01.982-07:002011-03-14T16:39:01.982-07:00Miklos:
I found the random string in regedit and d...Miklos:<br />I found the random string in regedit and deleted it, then I ran cmd: svchost -k netsvcs. The random dll I could not find. Is that ok?hemironoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-13188229920211185732011-01-13T08:00:18.329-08:002011-01-13T08:00:18.329-08:00microsoft malicious software removal tool did it f...microsoft malicious software removal tool did it for meAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-28144347841542564222011-01-10T19:44:12.360-08:002011-01-10T19:44:12.360-08:00hi 2 all..
In mine its under drivers with random...hi 2 all.. <br /><br />In mine its under drivers with random name and has got no parameter in regstry.. Jus got a link to a file c:\windows\system32\03.tmpAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-21419057705926104092010-11-06T21:16:14.925-07:002010-11-06T21:16:14.925-07:00Thank You It WorkedThank You It WorkedAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-43118360446496667782010-10-27T15:29:30.597-07:002010-10-27T15:29:30.597-07:00hey thanks for the help, I'm just like the oth...hey thanks for the help, I'm just like the others who couldn't find the parameter, so I searched for a file with the exact size of my jwgkvsq.vmx file, it was a dll, and no surprise it was hidden, not accessible... so I modified the permission so I can delete it, I used processXP to end any open handle of that file (svchost was using it), and finally I deleted it and then restarted and voila !!<br />so I guess the whole registry move was useless to me, but it was a start.. thanks for the info.<br />Abdelrhman.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-8571029213782342182010-08-28T01:55:41.024-07:002010-08-28T01:55:41.024-07:00To Neven Boyanov: I'm sorry for a stupud quest...To Neven Boyanov: I'm sorry for a stupud question, but how did the coincidence of the modification date of kernel32 and jwgkvsq help you? In fact, I've got the same problem, and the modification date of kernel32 is the same as one of jwgkvsq (19:52 16th April 2007). Couldn't you be so kind to share with me the way you find the dll file after that discovery?Sturmvogelnoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-26732440002942166472010-07-21T21:55:00.738-07:002010-07-21T21:55:00.738-07:00cannot run services.msc
cannot run regedit.exe
now...cannot run services.msc<br />cannot run regedit.exe<br />now what else can i do?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-83376272150714315762010-06-20T12:50:50.394-07:002010-06-20T12:50:50.394-07:00I couldn't find the DLL names in the registry ...I couldn't find the DLL names in the registry but I've noticed that the modification date of the jwgkvsq.vmx is the same as the kernel32.dll file in the C:\WINDOWS\system32 ... so that's how I found the file. In my case that was eecsfqhw.dll which I renamed in safe mode. Its size and date were: 162,941 / 2009-03-21 17:06<br /><br />I hope that helps othersNeven Boyanovhttps://www.blogger.com/profile/17985001373002188199noreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-52669611537620406852010-05-12T13:19:24.673-07:002010-05-12T13:19:24.673-07:00found the random string but not the dll file. in s...found the random string but not the dll file. in system 32 and whole c:\windows partition is no file with the exact size of 168096 byte.<br />Is it a good idea to delete or rename my "random string" folder: <br /><br />HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ygxdsx<br /><br />???blubbinoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-2192589832108120112010-04-22T19:11:09.359-07:002010-04-22T19:11:09.359-07:00The exact size of file: 168096 byte. Search the sy...The exact size of file: 168096 byte. Search the system for this file size, and you will find the missing dll file in system32 folder! (It has another name of course.)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-51347435815085154592010-01-04T02:50:47.163-08:002010-01-04T02:50:47.163-08:00i found this random string "wnasnx" last...i found this random string "wnasnx" last list. but i can't find the dll and no parameters key. and i can't delete. please help me. thanksUnknownhttps://www.blogger.com/profile/00356551869078663248noreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-22978697706389362262010-01-04T02:47:35.595-08:002010-01-04T02:47:35.595-08:00"wnasnx" i found this it's the last ..."wnasnx" i found this it's the last one list. but no parameters dll. and i can't delete it. help me please. thanks!Unknownhttps://www.blogger.com/profile/00356551869078663248noreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-52960448382416242242009-12-14T03:33:08.287-08:002009-12-14T03:33:08.287-08:00The jwgkvsq.vmx is a worm-type virus, which spread...The jwgkvsq.vmx is a worm-type virus, which spreads via USB/portable drives and through the network. It also makes autorun.inf file on your USB device as well as a hidden system folder called RECYCLER which contains the jwgkvsq.vmx file. I’m not sure if this is an old virus, but it seems it’s been spreading a lot lately. And most anti-virus doesn’t detect this, but for those who does, it can’t remove it.Computer Supporthttp://www.support1000.comnoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-50357478285832853732009-12-13T18:59:43.551-08:002009-12-13T18:59:43.551-08:00Thanks for the great info. It worked on two syste...Thanks for the great info. It worked on two systems that were infected, and now are malware free. I am a senior IT consultant and remove viruses for a living. I had spent many hours trying to find this one, and none of the best anti-virus software could find it. -ScottAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-1527281302543826002009-11-25T13:51:42.167-08:002009-11-25T13:51:42.167-08:00mee too i was not able to find the random.dll, bec...mee too i was not able to find the random.dll, because the regedit cant show the parameters of the last service on the list.<br /><br />I try to find a wierd dll which create in this days.<br /><br />But i remove this name from that list, the virus is not bother me.<br /><br />Thanks a lot.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-12416831722733576362009-09-03T22:20:33.218-07:002009-09-03T22:20:33.218-07:00For those who cant find the dll file the virus wou...For those who cant find the dll file the virus would have plymorphed to some other form when you connected to the internet.Arun Prabhakarhttps://www.blogger.com/profile/14888016221735780777noreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-20214605739673363432009-09-03T22:02:12.375-07:002009-09-03T22:02:12.375-07:00vwnwhms---it is the random string! but cant find a...vwnwhms---it is the random string! but cant find any dll file.Any suggestion? I thing earth angel is facing the same problem.why there is no reply!Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-23062147422014216612009-08-03T23:17:43.128-07:002009-08-03T23:17:43.128-07:00Thanks, it helped me to remove the virus easily.Thanks, it helped me to remove the virus easily.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-61742523944427436022009-06-16T00:20:10.960-07:002009-06-16T00:20:10.960-07:00same problem with earth angel. ls help!same problem with earth angel. ls help!juandererhttps://www.blogger.com/profile/05756353637551235970noreply@blogger.comtag:blogger.com,1999:blog-4056600558769970290.post-40640183952574751062009-05-09T11:36:00.000-07:002009-05-09T11:36:00.000-07:00It really works man, Thanks !!It really works man, Thanks !!Raveendra Paihttps://www.blogger.com/profile/15193388067178067979noreply@blogger.com