Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Wkssvc32.exe


  • Please log in to reply
2 replies to this topic

#1 kstechgirl2

kstechgirl2

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:03:44 PM

Posted 27 April 2006 - 08:35 PM

Every time I boot Windows XP Home two cmd prompt windows open with wkssvc32.exe in the title bar. I have found references to this in the registry in HKEY_current_User\software\microsoft\windows\currentversion\run and HKEY_current_User\software\microsoft\windows\currentversion\runservices

and

Hkey_local_machine\software\microsoft\windows\currentversion\run and
Hkey_local_machine\software\microsoft\windows\currentversion\runservices.

Is it okay to delete these from the registry.

I have run a virus scan and it doesn't indicate that there are any current viruses in the machine, however a few days ago Norton removed and/or quarantined Backdoor.hackdefender (c:\msdos.exe) and a trojan horse (c:\local.exe)

The machine is a Dell Inspiron 7500 and it is running ever so slow.

BC AdBot (Login to Remove)

 


#2 ThorXP

ThorXP

  • Banned
  • 880 posts
  • OFFLINE
  •  
  • Local time:04:44 PM

Posted 27 April 2006 - 09:02 PM

Process File: wkssvc32 or wkssvc32.exe
Process Name: SDBot variant

Description:
wkssvc32.exe is a process associated with a malware identified as a SDBot variant. This program is a registered security risk and should be removed immediately. If found on your system make sure that you have downloaded the latest update for your antivirus application.

Please read this guide before actually doing the procedure
And it has all of the links for downloads you need.

Preparation Guide for use before posting a HijackThis Log
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/

Go to the following to post your log file and it will be analyzed by a qualified tech

HijackThis Logs and Analysis
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

Also use your Internet Explorter and Windoiws Live Safety Center and do a full Service scan

http://safety.live.com/site/en-US/default.htm

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,605 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:44 PM

Posted 28 April 2006 - 08:35 AM

If you have not already posted a hijackthis log, download and scan with Ewido Anti-Malware v3.5
Ewido Install and Scan Instructions

When done please perform these online Virus scans:
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.]

Trend Micro Housecall Scan
Panda ActiveScan [ActiveScan Panda does not remove adware/spyware but will autoclean for viruses & worms.]
a-squared Web Malware Scanner
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users