Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Virus Winmgd.win Still Causing Computer Failure

  • Please log in to reply
4 replies to this topic

#1 holdrend


  • Members
  • 2 posts
  • Local time:12:46 PM

Posted 05 November 2005 - 07:34 PM

Please help me. Everytime I turn my computer on I get a message that my system can't find "c:\\windows\system\winmgd.win". It asks me to retype or search. I have been getting past it by hitting "ok". My computer freezes everytime I enter any site and I have to restart it. It is now the slowest computer in history even though I have a digital link.
I downloaded the Autorun program but I couldn't find the winmgdwin.win virus in any of my programs. Could I have deleted part of the virus but the remainder is looking for it's mate? What steps can I take to get rid of ALL the virus. I can't even use my own computer to type this. It is truly a nightmare.
I there anyone out there that can help me???

BC AdBot (Login to Remove)


#2 tg1911


    Lord Spam Magnet

  • Members
  • 19,274 posts
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:46 AM

Posted 05 November 2005 - 08:37 PM

VBS_GEDZA.A (aka:VBS.Gaggle.D) - a mass-mailing worm that overwrites several files.
Symantec Removal Instructions
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 IsMe


  • Members
  • 87 posts
  • Location:Tampa, Florida
  • Local time:12:46 PM

Posted 07 November 2005 - 02:51 PM

You might have to remove the hard drive, install it as a slave in another system that has an uptodate virus program and scan your drive.

#4 Rimmer


  • Members
  • 2,159 posts
  • Location:near Sydney, Australia
  • Local time:02:46 AM

Posted 07 November 2005 - 08:37 PM

Restart your PC in Safe Mode and run what anti-virus and anti-spyware programs you have there.

I recommend you use AdAwareSE, Sybot S&D, A-squared and Ewido Security Suite.
Ad-Aware SE[/b] from http://www.lavasoft.de/
Spybot Search & Destroy[/b] from http://www.safer-networking.org/index.php?page=download
Ewido download
When installing Ewido untick 'Install Background Guard' and 'Install Scan via Context Menu'.

Ewido manual update link:

Download the installers and any manual updates you can find on another PC and copy them to your problem system. Then reboot in Safe Mode again and install and run the scans.

hth :thumbsup:

Soltek QBIC, Pentium 4 3.0GHz, 512MB RAM, 200GB SATA HDD, ATI Radeon 9600XT 256MB, Netgear 54Mb/s WAP, ridiculously expensive Satellite Broadband
Windows XP Home SP2, Trend Micro Internet Security, Firefox, Thunderbird, AdAwareSE, Spybot S&D, SpywareBlaster, A-squared Free, Ewido Security Suite.

#5 stidyup


  • Members
  • 641 posts
  • Gender:Male
  • Local time:11:46 AM

Posted 08 November 2005 - 03:24 AM

Try running the following from safe mode (Getting to safe-mode) Sysclean you'll also need the virus template file from here lpt***.zip remember to extract the contents of the zip file into the same folder as Sysclean.com


DrWeb CureIT


KASFX which is powered by the Kaspersky AV engine, you will need internet access to update it. If you haven't got net access in safe mode, update it before you use it.

If your good with the command line also try Sophos Command Line scanner this command will scan all of your hdd's SAV32CLI.EXE -F -di -remove -dn -mbr -all -zip -p=avscanlog.txt and give you a log file to review afterwards.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users