Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware infection - wscvc32.exe


  • Please log in to reply
4 replies to this topic

#1 impala096

impala096

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 10 January 2010 - 02:10 AM

I am currently running Windows XP Media Center Edition Version 2002 SP 3. I experienced the following problem today shortly after downloading a torrent file (it had a lot of leachers and seeders so I assumed it was legit and at the time AVG was running in the taskbar). Some popups appeared warning me that my computer was not safe and to download a program named Malware Defense. It then continued to automatically download files onto my computer without any button to press to cancel the operation. At this point the popups crashed my computer and I was forced to restart.

Upon starting my computer, a red circle with a white X over it appears stating “Danger! There are some serious security threats detected on this computer: Viruses, Trojans, keyloggers, exploits, etc.” A windows security center popup will also appear warning that no virus protection was found on the computer. Approximately 2 minutes after starting up my computer, the following pop ups will also appear:

-Malware Defense advertisement warning me that your computer is at risk and to download the software.
-A 'security center alart' dialog box stating:

Do you want to block this supicious software?
NAME: Net-Worm.Win32.Mytob.t
Risk High Risk
Description This network work infects computers running Windows. The worm itself is a Windows PE EXE file, written in Visual C++. The file may be packed with one or a range of packers, and the size of the infected file may therefore vary. The packed file is approximately 47KB or greater in size, and the unpacked file is approximately 150KB to 260KB in size.

Through trial and error I found that ending the process “wscvc32.exe” within the task manager will remove all the popups, however, within just a few minutes it will reappear again. I then found that ending the process “settdebugx.exe” will prevent it from reappear every few minutes but the computer is still running unstable.

Whatever I caught is now preventing me from running antivirus programs:
SuperAntiSpyware Free Edition, Malwarebytes Anti-Malware, AVG Free 9.0, and Spybot Search & Destory all would not run under normal mode, and only AVG would run in safemode and ended up locking up in the middle of the scan. Also I have had no luck trying a system restore, at the very last step before the restore when clicking NEXT nothing happens and the computer doesn’t restart.

Any ideas what I could try to do to get this nasty infection off?

Thanks for your time in hearing my concern.
Impala096

BC AdBot (Login to Remove)

 


#2 impala096

impala096
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 10 January 2010 - 04:31 AM

Alright, i stumbled across a forum talking about the same issue i was having above about your anti-virus software being blocked by whatever malicious spyware/virus that has infected your computer. Their suggestion was to rename the application .exe file within Malwarebytes' Anti-Malware to richv.exe (the standard file name is mbam.exe i believe).

For whatever reason after renaming the .exe file i was able to open Malwarebytes' and the scan caught 13 infections including 4 or 5 relating to the wscvc32.exe file. I'll keep my fingers crossed but for right now those popups have disappeared for me! :thumbsup: Hope this helps anyone else that experiences this cuz this was a real PITA.

Any suggestions how to keep my computer safe from now on? I have updated versions of Search and Destroy and AVG running in the background as of now.


EDIT: This topic was moved to a more appropriate forum ~ Elise

Edited by elise025, 10 January 2010 - 06:39 AM.


#3 impala096

impala096
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 10 January 2010 - 06:09 PM

Hi there,

The problems returned after restarting my computer this morning... computer was running unstable and my internet explorer and firefox would crash shortly after starting the application (i'd be able to maybe surf 2 or 3 pages before it would crash and come up with an error). Also, i was unable to use my anti-virus software apart from Malwarebytes' with the .exe file renamed to richv.exe as described in my above post.

I rectified it this time by running Malwarebytes' Anti-Malware in safe mode where it again detected some malware present on my computer. After the scan, i restarted my computer where i was able to run ComboFix (previous attempts the virus on my computer had hijacked the computer and nothing would happen when trying to run the ComboFix.exe file). So far it appears to be running cleanly again but i was hoping someone could diagnose the log file ComboFix generated to make sure everything is really OK.

Let me know if anyone can help me and look at the log file.

Thank you very much
Impala096

#4 impala096

impala096
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 10 January 2010 - 07:35 PM

Alright, one more quick question. In the process of running ComboFix, a message appeared saying that a virtual drive was running on my computer and that it must be temperarily disabled, at which point i clicked on OK and the computer then was rebooted with apparently the virtual drive disabled to complete the scans.

After several restarts the computer is running just fine now, except for one popup i keep getting at startup. It says:
"Daemon Tools Pro. This program requires at least Windows 2000 with SPTD 1.60 or higher. Kernel debugger must be deactivated."

I then tried to uninstall Daemon tools but it only gets halfway uninstalled and then progress bar freezes and unable to complete the uninstall. Any suggestions?

#5 impala096

impala096
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:04:40 AM

Posted 11 January 2010 - 02:24 PM

Hey there, still just hoping for a reply about that Daemon tools message i'm receiving at startup still. I apologize for rambling a little in each post i just wanted to keep everyone updated on my progress.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users