Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

023 Hijack this many entries


  • Please log in to reply
9 replies to this topic

#1 xcaler

xcaler

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 02 October 2012 - 11:01 PM

Can anyone help me i have many entries in hijackthis finds many 023 entries but they can not be deleted.
***I am new to this ...so see it like climing a mountain.
Can any one please help. Here is a sample copy entries

023 Service:@%SystemRoot%\system32\vds.exe,-100 (vds)-Unknown owner -C:\Windows\System32\vds.exe (file missing)
023 Service:@%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc)-Unknown owner -C:\Windows\System32\Wat\WatAdminSvc.exe (file missing)

Thank you for any help

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,112 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:08 PM

Posted 02 October 2012 - 11:20 PM

First question: What is your operating system? I suspect you have Windows 7. HijackThis does not parse things properly and it will SAY files are missing when in fact they are not.

In addition, BleepingComputer rarely uses HijackThis any more, and then only in malware removal. There are other tools we use that provide a more accurate read out.

That said, the file vds.exe is essential to the computer and should not be removed, and neither should the registry entry. Please see: http://www.bleepingcomputer.com/startups/vds.exe-17686.html

From the research I have just done, WatUX.exe is also a necessary system file and is connected with Windows Activation, as is WatAdminSvc.exe which you can read about here: http://www.bleepingcomputer.com/startups/WatAdminSvc.exe-26949.html Both these files and registry entries need to be left alone.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif

#3 xcaler

xcaler
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 04 October 2012 - 11:04 PM

Thanks for the info....but I did a malware scan complete and only found 3 viruses...and still i can not delete any of the multiple entries 023 a total of 48 and no way to delete after the malware scan. Any other Ideas.

#4 1972vet

1972vet

  • Malware Response Team
  • 1,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Midwest U.S.A.
  • Local time:09:08 PM

Posted 05 October 2012 - 08:22 AM

Orange Blossom has provided you with facts, not just ideas.

There was also a question put to you which you haven't addressed. Please tell us what operating system you are using.

Windows 7 is a very good guess, but you have neither confirmed nor denied this.

Also, please tell us what program you used to perform the "malware scan", and whether you used the program to quarantine what it found or if you personally are trying to delete something manually.

Lastly, please tell us why it is that you insist on deleting ANY of the "023" entries that appear in your hijackthis scan log. Thanks!

Disabled Veteran, U.S.C.G. 1972 - 1978
mvpsigpic.jpg
2009 - 2013

Member: U.N.I.T.E.
Performance and Maintenance for Windows XP, Windows Vista and Windows Seven


#5 xcaler

xcaler
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 05 October 2012 - 09:19 PM

The computer is a laptop HP Dv7-3063cl running Win7--64bit.

Thank you for the help.

#6 xcaler

xcaler
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 05 October 2012 - 09:21 PM

I used Malware bytes to scan and delete.

#7 xcaler

xcaler
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 05 October 2012 - 09:29 PM

In the report that has over 40 entries of 023 they all say missing file i gather that they are not needed or they are actual virus. I am not 100% sure.

Thanks for the help.

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:08 AM

Posted 06 October 2012 - 04:58 AM

They most likely are 100% needed and are Microsoft services. Not viruses. If you delete all those services, I can guarantee you that your PC will no longer boot, because you have deleted important parts of Windows.

Hijackthis does not work on 64bit PCs. It reports false information and can not see any 64bit files. So that is why it says those files are missing when they really aren't. Hijackthis does not see those files, yes. But that's not because the files are missing, but because it is incompatible with your Windows version. The files are there and the services are running or your Windows wouldn't work.
This is also why none of the malware helpers use Hijackthis anymore and hasn't done so for almost 5 years now. Hijackthis is outdated and hasn't been updated since 2006. I would not recommend using it for any OS that is newer than that. (So not on Vista or Win7 and definitely not on 64bit machines)

If you want your PC checked for malware, I would recommend following this guide: http://www.bleepingcomputer.com/forums/topic34773.html to create a topic in our malware removal section.

regards myrti

Edited by myrti, 06 October 2012 - 04:59 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 xcaler

xcaler
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:08 PM

Posted 08 October 2012 - 11:56 AM

Thank you I did not know that Hijack was limited thank you everyone. :thumbup2:

#10 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,112 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:09:08 PM

Posted 30 October 2012 - 10:31 PM

You're welcome.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Internet Security, NoScript Firefox ext.


animinionsmalltext.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users