EliteKiller Posted April 8, 2008 I've been seeing a lot of people infected with the wmsdkns.exe trojan since Apr. 5., and I wasn't sure if you've added it to the definitions yet. Prevx info: http://www.prevx.com/filenames/X3204800 ... S.EXE.html Here's a HJT log from spywareinfo: http://forums.spywareinfo.com/index.php ... ntry628529 Primary Symptoms: -Receiving False Security Alerts every few minutes -Receiving False Security Popups, generally claiming to be Windows Security Center system warnings (pic: http://vil.nai.com/images/143406_vil_wi ... center.gif) -Receiving IE Popups leading to http://livesecuritycenter.com which quickly changes the address to 'about security' and offers Spymaxx and/or AntiSpyStorm 2008 -Desktop Background image has been replaced by a HTML file called "default" which announces that a spyware threat has been detected; click here to scan your PC for spyware -Access to Task Manager "has been disabled by Administrator" -General computer slowdown... Culprits: C:\WINDOWS\system32\wmsdkns.exe UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\wmsdkns.exe Multiple entries: O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file) I also noticed three folders related to 180Solutions, Zango, and a couple of random folders that started with an S. When I ran SAS 4.0.1154 on an infected pc Sunday afternoon it did not pick up the infection. Unfortunately I was in a hurry and did not upload it to you for a sample. I used Unlocker 1.86 to delete the file (HJT misc. tools < delete file on reboot should work as well), and after a reboot all of the symptoms above were resolved. Share this post Link to post Share on other sites
SUPERAntiSpy Posted April 8, 2008 Do you have a sample of the file? We are collecting the various samples to make sure we get all variants. Share this post Link to post Share on other sites
EliteKiller Posted April 8, 2008 Unfortunately I was in a hurry and did not upload it to you for a sample. I'll remote into the customer's pc and send it to you later this afternoon if it's still available. Share this post Link to post Share on other sites
SUPERAntiSpy Posted April 8, 2008 Unfortunately I was in a hurry and did not upload it to you for a sample. I'll remote into the customer's pc and send it to you later this afternoon if it's still available. Ok thanks! When in doubt, always grab the samples Share this post Link to post Share on other sites
EliteKiller Posted April 8, 2008 The sample has been uploaded to you. Share this post Link to post Share on other sites
Pandato Posted April 12, 2008 If your scan was last week, you should update your definitions and scan again. Be sure to reboot if asked to do so. You may need to scan in safe mode if you cannot do so in normal mode. Be sure to send any malware detected but not removed to samples at superantispyware.com. Share this post Link to post Share on other sites
Mankind Posted April 12, 2008 even i didnt think any reply would be this quick... im gonna reinstall this program after ive passed out with lack of sleep but i do keep any/all anti spyware/virus programs updated weekly if not dailys to be sure there able to catch new stuff... an i will say this which is AVG and spyware terminator all free anti spyware/virus programs have also been unluckly to fix this... also them folders which get installed if my records anything to go by are 1x 180 soulution folders 1x zango folder 2x 180 search assistant folders but two different spellings 1x seekmo folder 1x stc folder 1x Sysmnt folder there the only folders i no which are spyware so i hope that helps you guys out befor ei reinstall SAS p.s.. thnaks for the speedy gonzalas responce! *mankind wanders to the nearist shop selling comfy bed to hybernated for a light year* loll Share this post Link to post Share on other sites
Mankind Posted April 12, 2008 We have updated our definitions each day - make sure you are scanning with the latest definitions - make sure they match those here: https://www.superantispyware.com/definitions.html If you still have a problem, submit a support request here: https://www.superantispyware.com/support.html beatchawowa 2 speedy replies thnaks also to you mr admin! i shalll be sure to double check the definitions match your above recommendations before i runa full scan and i will post after its done to keep youguys informaed Share this post Link to post Share on other sites
Mankind Posted April 15, 2008 hi with the SAS all up to date with the definitions i was able to clear all them annoying folders i posted before on here and that was without needing to reboot in safe mode however when i do get more time i will do the safe full scan to see if that removes all the other issues posted below... Primary Symptoms: -Receiving False Security Alerts every few minutes -Receiving False Security Popups, generally claiming to be Windows Security Center system warnings (pic: http://vil.nai.com/images/143406_vil_wi ... center.gif) -Receiving firefox mozilla Pop ups for some Anti-spider software program w -Desktop Background image has been replaced by a HTML file called "default" which announces that a spyware threat has been detected; click here to scan your PC for spyware -Access to Task Manager "has been disabled by Administrator" -General computer slowdown... so it seems like its 2 types of spyware blended together... but tonight is my night off because i have a big date with tons of beer at my female anti christ sisters birthday drink up! and i doubt i will be in any fit state to even work my pc after that so first it beer brain blowing then human recovering in safe mode for me then when if im not to hungover its pc's time for a a medical checkup again will once again keep you guys updated so you no how it goes and for anyone else suffering with these issues on there pc's! p.s. glad your company invented a free SASprogram!!!!!! Share this post Link to post Share on other sites
Llomero Posted April 24, 2008 i am also having the same problem posted by mankind with all those folders as trojans. they get deleted with SUPERAntiSpyware but when i reboot they are back. i've updated the definitions to the most current one 4-22-08 i believe. and still they comeback. Share this post Link to post Share on other sites
SUPERAntiSpy Posted April 24, 2008 i am also having the same problem posted by mankind with all those folders as trojans. they get deleted with SUPERAntiSpyware but when i reboot they are back. i've updated the definitions to the most current one 4-22-08 i believe. and still they comeback. Submit a support request here and we can run a custom diagnostic : https://www.superantispyware.com/support.html Share this post Link to post Share on other sites
Mankind Posted April 24, 2008 good news im finally free from all the spyware! i got a feeling it was somehow prgramed to stop after a certain time, not sure if thats possible but thats just my opinion. thanks for the help though guys! p.s. to anyone whos just found this topic, these people do no what there doing so dont be afraid to ask for help Share this post Link to post Share on other sites
Bobfish Posted May 6, 2008 I was/still am infected with the wmsdkns.exe virus as well, and it's been a nightmare fighting back against it. I *THINK* i'm close to success but i was hoping you might be able to help me confirm it. First of all, THANK YOU! SAS was the only program that was able to successfully remove most / (all?) of the infection - while SpyDoctor, Ad-Aware, Norton Ati-virus, and Spybot S&D all failed. I am extremely impressed. SAS helped me regain permanent control of my task manager (although I had found a temporary workaround through the 'Run' command line), and also eliminated the fake Internet security popups. HOWEVER: while SAS now gives me a clean report when I run a scan, Spybot S&D still detects the Smitfraud-c virus (which i understand is linked to the wmsdkns trojan) whenever the computer restarts, as well as a bunch of entries from Zango, 180Solutions, etc. Needless to say, Spybot fails to delete them permanently. ALSO: HijackThis still detects the wmsdkns.exe virus in its scan, located in the windows/system32 folder. Since none of the main symptoms are manifesting themselves, I'm assuming the virus is either dormant or effectively crippled, but i would have a lot more peace of mind if you could help me confirm this and/or remove it once and for all. Given SAS' success on my computer so far, I'm extremely encouraged. Thank you in advance! Share this post Link to post Share on other sites
Mankind Posted May 6, 2008 its well worth fully updateing SAS then rebooting into safe mode and running a full system scan. i did that and im finally free from all the hassle i went threw for days. as for the file appearing in systems32 folder, that i cant even offer help with, but im sure someone else on here will be able to help on that side of things. Share this post Link to post Share on other sites
wrtpeeps Posted May 7, 2008 I used SAS and it detected the .exe and quarantined it. However I still cannot access my task manager. Any ideas? Cheers. Share this post Link to post Share on other sites
SUPERAntiSpy Posted May 7, 2008 I used SAS and it detected the .exe and quarantined it. However I still cannot access my task manager. Any ideas? Cheers. Under the SUPERAntiSpyware Preferences->Repairs->Enable Task Manager Share this post Link to post Share on other sites
wrtpeeps Posted May 7, 2008 How silly of me. Thank you so much. Amazing program. CHeers! Share this post Link to post Share on other sites
SUPERAntiSpy Posted May 7, 2008 How silly of me. Thank you so much. Amazing program. CHeers! Enjoy the product, and please tell your friends! Share this post Link to post Share on other sites
The Dalton Posted May 12, 2008 My little cousin downloaded this on my moms computer yesterday.. thinking she got it from a link off myspace. Anyways I just wanted to say that I'm downloading your program right now... I just found out how to get the task manager and registry editor working again to find the process, so hopefully this software picks it up. If so, I just wanted to say thanks.. if not.. help! Share this post Link to post Share on other sites