Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wscsvc32.exe has taken over my computer


  • Please log in to reply
7 replies to this topic

#1 awefulladam

awefulladam

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 21 December 2009 - 02:53 PM

Ok I am on my personal laptop, trying to fix my dads computer he uses for his business so the data on there is kinda crucial. Recently he got the virus/malware/whatever you want to call it wscsvc32.exe. I consider myself pretty tech savvy and have tried several approaches to fixing this bug already with things recommended across forums.

I have tried to install Malwarebytes to no avail, upon installing it usually freezes before I am given the chance to update and when it does give the option, I am not entirely sure it does update as he was having problems accessing the internet.

I ran a HijackThis report, but the program yields no text file log for me to save and post anywhere that I can find.

I have tried disabling the virus' starting with msconfig, I have tried to manually find the virus and delete it but the search function for the computer is no longer usable, I have booted in safe mode to try and run Mbam, Hijack etc and I am reaching the end of what I know how to do...

I should mention he is running Windows XP professional Version 2002, SP3.

Any help with my situation is greatly appreciated, thank you.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:19 PM

Posted 21 December 2009 - 03:11 PM

Hello, try running RKill.... then quickly run MBAM (malwarebytes)

Please download Rkill by Grinler and save it to your desktop.Link 2
Link 3
Link 4
  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista, right-click on it and Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
You will need to run the application again if rebooting the computer occurs along the way.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 awefulladam

awefulladam
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 21 December 2009 - 07:21 PM

Hi, thanks for the quick response.

So I downloaded rKill to my flash and tried to copy/paste onto the infected comp since it has no internet, but copy/paste has been turned off or will not work for some reason so I ran it from my flash drive and it seemed to work since the pop-up errors stopped.

After running that I tried to run Mbam right away and no gui popped up for the program. I can see it start in the processes using Windows Task Manager, I am just not able to see it at all. I tried uninstalling and reinstalling Mbam after using rKill as well, and I also tried running, reinstalling Mbam under safe mode as well.

Across the board it looks like the program will start as its process appears, but I cannot get access to its gui to do anything with it, if I could get a screenshot I would but thats the best explanation I have.

I also tried running HijackThis just to see If I could get a text file out of it but it still yielded nothing...

Edited by awefulladam, 21 December 2009 - 07:22 PM.


#4 MATTSPCHELP

MATTSPCHELP

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Leicester, United kingdom
  • Local time:12:19 AM

Posted 21 December 2009 - 08:09 PM

Try Restarting, Running rkill as soon as you login and then running malwarebytes,
Microsoft Certified Desktop Support Technician

#5 awefulladam

awefulladam
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 22 December 2009 - 10:43 PM

I tried restarting and before doing anything running rkill, ran malwarebytes as soon as I was able and was met with the same problem, the process starts, but nothing appears on the screen for me to manipulate. If I could at least copy/paste I can move all the important files and then I have no problem wiping it and starting from scratch, but it wont allow me to move any files, copy, or paste anything.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:19 PM

Posted 23 December 2009 - 11:44 AM

See if you can run The VIPRE Rescue Program
after that try MBAm again.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 awefulladam

awefulladam
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:19 PM

Posted 23 December 2009 - 06:56 PM

the VIPRE thing appeared to have worked, but when I ran MBam again no dice. I ended up manually opening every important file on his computer and saving it to my flash drive. I am wiping this pos and starting fresh. Thanks for the help tho guys =) Merry Christmas or Happy Holidays or whatever have you.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:07:19 PM

Posted 23 December 2009 - 10:24 PM

You're welcome...
Not an unwise decision to make. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS.
Use the free version of Active@ KillDisk.
Or Darik's Boot And Nuke

The best sources of Information on this are
Reformatting Windows XP
Michael Stevens Tech

Of course also feel free to ask anything on this in the XP forum. They'd be glad to help.

==============================

2 guidelines/rules when backing up

1) Backup all your important data files, pictures, music, work etc... and save it onto an external hard-drive. These files usually include .doc, .txt, .mp3, .jpg etc...
2) Do not backup any executables files or any window files. These include .exe/.scr/.htm/.html/.xml/.zip/.rar files as they may contain traces of malware. Also, .html or .htm files that are webpages should also be avoided.

Download Belarc Advisor - builds a detailed profile of your installed software and hardware, including Microsoft Hotfixes, and displays the results in your Web browser.
Run it and then print out the results, they may be handy.

Since we don't know exactly which infections we're dealing with here, we should take some precautions before we attempt to move files from the infected machine. Run the following on your clean computer, and make sure you insert your flash drives at the prompt.
Download and Run FlashDisinfector

Please download Flash_Disinfector.exe by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.


Reinstall Windows Vista
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users