Okay, so I can't be sure where I picked this up from, but I did notice right after I read an email from someone (No attachments!) I got about a half-dozen alerts from my Firewall that programs I'd never seen before were trying to access the internet.

I quickly ran ad-aware, and found a buttload of new stuff, registry key, entries, processes, the works.

So then I also ran AVG Anti-virus, and it also found a trojan horse downloader.
It said it could not remove or move it though.

I did a google search, and found NOTHING on this.

The program is WMVDMOD.exe

I found a bunch of listings for WMVDMOD.DLL that appears to be a windows media player file.

Note that this is an .exe NOT the .dll

Any ideas??

Thanks -

Bingo

By the way, here's all the info. I'm running WinXP.

The file is located at C:\\Windows\System32\WMVDMOD.EXE

It's named in the anti-virus log as Trojan horse Downloader.Small.6.T

I couldn't find anything on either Google or the AVG site for either the file name, or the Virus name.

Bingo

have you updated the mediaplayer patches? do you run antivirus software? if so did it quarantine the file? i would disconnect from internet and do a complete virus scan asap and let the virus software clean it. also i would clean out all temp folders on pc and cookies.

just looked up that file and found nothing. i use a program called spy sweeper which i find to be the most efficient. run it in safe mode first so nothing is booted into memory while scanning :thumbs:

It might not be able to remove it because it is currently running. Can you hit control-alt-delete, click on processes running and shut down that program? Then run the AVG and remove it.
:hmmm:

just curious, do you have a pocket pc by any chance?

Originally posted by ME BIGGD01@Jun 3 2004, 12:48 AM
have you updated the mediaplayer patches? do you run antivirus software? if so did it quarantine the file? i would disconnect from internet and do a complete virus scan asap and let the virus software clean it. also i would clean out all temp folders on pc and cookies.
I haven't tried updating Media Player. I'll give that a go.

I do run anti-virus software. It's AVG. It couldn't quarrantine it since it said it could neither move it or delete it.

I'll also try cleaning out the temp stuff.

Bingo

Originally posted by OUTLAWS Tip@Jun 3 2004, 01:25 AM
It might not be able to remove it because it is currently running. Can you hit control-alt-delete, click on processes running and shut down that program? Then run the AVG and remove it.
:hmmm:
I hadn't thought of that, but dammit. I checked and it's not running there. I'll try AVG again though, since maybe it was running last night!

Bingo

Woo Hoo!!

I think Tip may have had it! I tried running AVG again after seeing that it wasn't running in the Task Manager Processes listing, and it was able to remove it!

Hoorah. Nice thing to keep in mind, if anti-virus is unable to touch it, make sure it isn't currently running!

Bingo

glad to hear you got it clean bingo. a rule of thought is when doing maintaining a pc and doing the ole cleanouts, try running those adwares or such in safe mode to make sure nothing is running in memory.

it seems that virus software today doesnt do a good enough job when it comes to spyware which in my oppinion is viruses. today you need to be running both apps at startup to prevent the headache you just had. :thumbs:

mildly confused. If he knew exactly where the bad file was located, why couldn't he go through my computer and delete it? :blink:

Because it would say that the file was in use and can't be deleted. That's why they are saying boot into Safe mode, The program that is starting the file doesn't have a chance to start running.

You could also boot to a DOS prompt and do it that way.

Originally posted by Outlaws Shogun@Jun 4 2004, 08:39 AM
Because it would say that the file was in use and can't be deleted. That's why they are saying boot into Safe mode, The program that is starting the file doesn't have a chance to start running.

You could also boot to a DOS prompt and do it that way.
Yup. That was it exactly. I knew enough to know how to drill down and find it, just didn't know enough to know WHY I couldn't move it. :P

Bingo