Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 New Processes In Task Manger Legit?


  • Please log in to reply
8 replies to this topic

#1 Justa

Justa

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:52 PM

Posted 04 July 2009 - 01:42 PM

I just noticed that I have two new processes appearing in Task Manager on my Windows XP Home machine. They appear in all caps as shown.

WLIDSVC.EXE

and

WLIDSVCM.EXE

I am having difficulty in finding much reference to either of these two through Google searches. Does anyone know if these are legit processes. Avira virus scan and Malawarebyte quick scan have not detected anything and my machine appears normal.

Thanks

BC AdBot (Login to Remove)

 


m

#2 Justa

Justa
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:52 PM

Posted 05 July 2009 - 06:52 AM

WLIDSVC.EXE
WLIDSVCM.EXE

I remembered that I had not tried Process Explorer from Sysinternals which provides a lot more information than Task Manager. It shows both processes to be associated with Windows Live ID from Microsoft. :thumbsup: I suspect a recent update from Microsoft added these two processes. I will try to figure out if they are really needed or not on my resource limited machine.

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:52 PM

Posted 05 July 2009 - 01:11 PM

There is some further info on these here..


Wdsvc.exe
Retrospect Western Digital Service. Program installed by the installation CD for Western Digital external USB Hard Drives. Typically, the Western Digital USB drives come bundled with the Dantz Retrospect backup program for the user to use with the drive. This service enables the Dantz Retrospect backup software to backup to the drive and restore from it.

wdsvc stand for Western Digital service. It's a driver for WD Dual-option external USB hard drive

Some malware camouflage themselves as wdsvc.exe, particularly if they are located in c:\windows or c:\windows\system32 folder. Thus check the wdsvc.exe process on your pc whether it is pest.

I would recommend you run MBAM
Next run MBAM (MalwareBytes):

NOTE: Before saving MBAM please rename it to zztoy.exe....now save it to your desktop.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#4 Justa

Justa
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:52 PM

Posted 05 July 2009 - 01:45 PM

Thanks boopme,

I have updated and run Malwarebytes quick scan and the log is posted below.

Malwarebytes' Anti-Malware 1.38
Database version: 2377
Windows 5.1.2600 Service Pack 3

7/5/2009 13:38:53
mbam-log-2009-07-05 (13-38-53).txt

Scan type: Quick Scan
Objects scanned: 109324
Time elapsed: 7 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:52 PM

Posted 05 July 2009 - 02:34 PM

You're OK and you're welcome!
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Justa

Justa
  • Topic Starter

  • Members
  • 222 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:10:52 PM

Posted 05 July 2009 - 02:40 PM

Thanks boopme!!

I appreciate all the hard work you put in here helping others.
:thumbsup:

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,195 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:52 PM

Posted 05 July 2009 - 02:57 PM

:thumbsup: You're most welcome, please take a moment to read quietman7's excellent prevention tips in post 17 here
Click>>Tips to protect yourself against malware and reduce the potential for re-infection:
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 DDL56

DDL56

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 27 April 2010 - 08:22 PM

I realize that this is an old thread, but I came across it when searching for the process IDs of WLIDSVCM.EXE and WLIDSVC.EXE.

In case anyone else browses to this forum in search of these two that show up when right-clicking the Windows Taskbar and then left-clicking Task Manager in the dialog box:

They have nothing to do with Western Digital hard drives. They are functions related to the Windows Live Toolbar installed on versions of Internet Explorer.

#9 AlanMintaka

AlanMintaka

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 04 October 2010 - 11:44 AM

There is some further info on these here..

Wdsvc.exe
Retrospect Western Digital Service. Program installed by the installation CD for Western Digital external USB Hard Drives. Typically, the Western Digital USB drives come bundled with the Dantz Retrospect backup program for the user to use with the drive. This service enables the Dantz Retrospect backup software to backup to the drive and restore from it.

wdsvc stand for Western Digital service. It's a driver for WD Dual-option external USB hard drive


As DDL56, this is wrong. The original poster asked for information about WLIDSVC.EXE and WLIDSVCM.EXE, NOT Wdsvc.exe.

WLIDSVC.EXE and WLIDSVCM.EXE are the Windows Live ID Service and Windows Live ID Service Monitor, respectively. They usually get installed when you install one or more Windows Live Clients (e.g. Windows Live Photo Gallery). When you log into your Windows Live account, these services cache your userid/password information for use in logging into other Windows Live clients and online services.

That's part of the theory, at any rate. In practice, sometimes they work as advertised, sometimes they don't. I've found that my userid and password are cached for use when I run different Windows Live clients; but if I click on "Help and Support" in any of these clients to access the online help and/or forums, I have to log into my Windows Live account again. It doesn't matter if I'm running IE or Firefox as my default browser.

Given this fact, I tried uninstalling the two services. They weren't listed in Control Panel | Programs and Features as installed programs, but I was able to use the free Revo Uninstaller to uninstall the two services while retaining all other Windows Live components.

It didn't make any difference. The next time I ran Windows Live Photo Gallery, the services were re-installed and launched. So it appears that I'm stuck with them, even though they do nothing to support logging into Windows Live online services.

Platform Info:

OS: Windows 7 Home Premium
Windows Live Essentials, platform support, etc: 15.4.3502.922
Windows Live Photo Gallery: 15.4.3502.922
Windows Live Movie Maker: 15.4.3502.922
Other Windows Live Clients: Not installed
Windows Live ID Service: 7.250.4225.0
Windows Live ID Service Monitor: 7.250.4225.0
Microsoft Office: Not installed
Internet Explorer: 8.0.7600.16385
Mozilla Firefox: 3.6.10

Hope this information is useful to anyone else wondering about these Live ID services. Note that I've chosen not to install Microsoft Office or any Windows Live ID clients other than Movie Maker and Photo Gallery. This might have some bearing on why the ID services don't cache my login info for online use.

Have a good one,
Big Al Mintaka

Edited by AlanMintaka, 04 October 2010 - 11:46 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users