Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

wgsdgsdgdsgsd.exe Removal & Repair Safe Mode Operation


  • Please log in to reply
No replies to this topic

#1 joliett

joliett

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:34 PM

Posted 29 December 2012 - 08:05 PM

I got hit by the virus wgsdgsdgdsgsd.exe three times in the last 3 weeks. It came from "questionable sites," but since I am unafraid of viruses, I keep going back for more challenges. So I finally learned the easy way to get rid of this virus. If I had no Norton backups (dont worry, not needed now) I would never have been able to figure it out.

First off, my firewall caught the file wgsdgsdgdsgsd.exe asking permission to run, and I prevented it from running. But the file was still present in Windows\system32 on my disk. I tried to delete it...I couldnt. I tried to end a possible linked process with WINDOWS TASK MANAGER (Ctrl-alt- del), but Task Manager wouldnt run. Humm...I also knew from past experience with this virus, that SAFE MODE would NOT run (Blue Screen of Death)- even after the virus was deleted.

RogueKiller available here on Bleeping Computer came to mind...Always have that file on your hard disk! IT FOUND THE VIRUS chain and deleted the process.

BUT, the file wgsdgsdgdsgsd.exe was still in Windows\system32. BUT this time I could easily delete it! And double check check that it's not in your RecycleBin.

Now, the trickiest part...SAFE MODE will still not work...even though the virus chain is gone. Previously I had to reformat and load my hours old backup, and once I swear even a long reformat didnt work - I couldnt get into SAFE MODE...just that blue screen after rebooting. I had to write zero's to the drive and reinstall my backup - which worked. Except I got that virus again twice more.

Here is how to restore SAFE MODE operation again:
Run regedit and scroll to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
When you try booting into safe mode on the machine that has this key deleted, you will receive the BSOD.

Go to THIS page and see how easy it is to repair the registry with a simple registry download fix...Make a backup of your registry key after your computer is repaired, so you will always have it available.

ALSO, perhaps as a result of the virus, remnants was found in the JAVA cache with AVIRA
To manually delete them go to:
C:\documents and settings/user/local settings/Application Data/Sun/java/deployment/cache/6.0/
either delete ALL the cache files - or scan that location with AVIRA from within Windows Explorer

Voila...and that's it!!

Here's a summary:
SUMMARY:
1. Dont allow wgsdgsdgdsgsd.exe with ZoneAlarm or your firewall
2. Run RogueKiller
3. Run ccleaner
4. Navigate to c:\Windows\system32 -- SHIFT-DELETE wgsdgsdgdsgsd.exe
5. Run AVIRA through IE on
C:\documents and settings/user/local settings/Application Data/Sun/java/deployment/cache/6.0/
6. Run SAFE BOOT...XP PRO from HERE

BIGGEST TIP...if after cleaning this nasty virus wgsdgsdgdsgsd.exe, TRY TO BOOT TO SAFE MODE...if you cant, follow directions above.

Edited by joliett, 30 December 2012 - 12:57 AM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users