Comprolive.com offers free remote tech support using Google Chrome Remote Desktop. Please contact sanjayrajure(at)gmail.com by GMail/ GTalk/ Audio/ Video.

wmrtph.dll, wmrtph.sys

Harmful - Files

Last Updated on Tuesday, 14 August 2012 14:17 Monday, 04 January 2010 18:08

Files by the names wmrtph.dll, wmrtph.sys are created by a computer virus program that affects the computers running on the Microsoft windows operating systems. It's analysis report is given below

Files found - view
C:\Windows\System32\drivers\wmrtph.sys
C:\Windows\System32\wmrtph.dll
C:\Windows\System32\00054849.ini 

 It is identified as a backdoor Formador or PcClient.
It creates a new windows service named "yxlmhs"
Installs the file wmrtph.sys as a kernel mode driver

There may be more files created by this virus program. You can find them out. First locate and note down the "date of creation" of wmrtph.dll, wmrtph.sys, or any of the files mentioned above, and after that, search the hard disk for other files created on that date or onward. See image

Necessary steps required to remove this virus program

  • To remove processes created by the virus program from the Task Manager
  • To search and delete files created by the virus program from the hard disk. Enable to view "hidden files and folders" before you search. Otherwise files created by the virus program inside the hidden folders will not be found
  • To remove obsolete registry keys using CCleaner

Detailed instructions and free Tools

Preventive steps to avoid virus programs

Reprinted with permission from Threatexpert.com

Disclaimer

 Vocabulary of the technical terms used in this article

 

files created by Daprosy virus

Harmful - EXE

Last Updated on Wednesday, 27 June 2012 16:12 Monday, 04 January 2010 17:44

Analysis report of Daprosy worm is given below.

Found files and folders found: view

Files

C:\autorun.inf
C:\do not open - secrets!\Do not open - secrets!.exe
C:\Do not open - secrets!.exe
%CommonAppData%\Microsoft\Keyboard\kbdsys.exe
%CommonAppData%\www.zilch�infinisoft.biz.de\winzip.exe
%CommonDocuments%\do not open - secrets!\Do not open -secrets!.exe
%CommonDocuments%\Do not open - secrets!.exe
%CommonDocuments%\My Music\Do not open - secrets!.exe
C:\Windows\system.exe
C:\Windows\shutdown.dll


Folders
C:\do not open - secrets!
%CommonAppData%\Microsoft\Keyboard
%CommonDocuments%\do not open - secrets!

This virus creates a lot of files and folders. Please see the analysis report above for a full list of files. 

(Full path for the short folder names can be found on this link

The removal process may require using the System Restore, enabling to view hidden files and folders, removing entries from the Windows Startup, booting in the Safe Mode, using the System File Checker application etc. These steps vary slightly in different versions of Microsoft Windows.

Some steps are essential

To remove virus processes from the Task Manager
To search and delete virus files from the hard disk. Enable to view "hidden files and folders" before you search.  Otherwise virus files inside the hidden folders will not be found.
To remove obsolete registry keys using CCleaner

Detailed instructions and a number of free Tools are listed on this link

Different ways to prevent malicious files from entering the computer on this link.

 

Reprinted with permission from Threatexpert.com

Please see the Disclaimer  

stmsecs

Harmful - Services

Last Updated on Tuesday, 18 September 2012 13:09 Monday, 04 January 2010 13:22

stmsecs is a misleading or a fake windows service. It is created by a trojan virus. In order to stop this service from running, open the system configuration utility. 

Press Start > Run, then type msconfig in the box. Press Ok .

That will open the system configuration utility, now select the Services Tab. That will list all the currently running services. You can hide all Microsoft's services by checking in the box that says "Hide all Microsoft Services", that will make it easier. Now look in the list of services. If you find a serice of this name  "stmsecs" , see if it is currently running. If it is running, then uncheck it to stop it. The press Apply, press Ok/Close, and select "restart the computer" at the next prompt. That will restart the computer.

 After restarting the computer , search and delete the following files from the hard disk as listed in this article

You can also use a free tool called Sysinternal's Autoruns to find out the file associated with a service. See details of Sysinternal's Autoruns on this link 

 

More Articles...

Page 1508 of 1674

«StartPrev1501150215031504150515061507150815091510NextEnd»

Main Menu

Home
----Sections----
Harmful Files
Virus Removal
Trojan Removal
Worms Removal
Rogues Removal
Unwanted Apps
Removal Tools
Current News
----Articles----
Warning/ Disclaimer
Common Folders
Preventive Measures
Removal Instructions
Video Tutorials
----Site Info----
Sitemap
About/Contact
Privacy Policy
Search this site
FAQ

Subscribe to me on YouTube