Go Back   Tech Support Forum > Security Center > General Computer Security

[SOLVED] What launches dwm.exe virus

This is a discussion on [SOLVED] What launches dwm.exe virus within the General Computer Security forums, part of the Tech Support Forum category. When I boot my system (Windows XP), I get two messages that documents and settings\.....\temp\dwm.exe cannot be found. I believe


Reply
 
Thread Tools Search this Thread
Old 04-04-2011, 02:54 PM   #1
Registered Member
 
Join Date: Apr 2011
Posts: 6
OS: XP Service Pack 3



When I boot my system (Windows XP), I get two messages that documents and settings\.....\temp\dwm.exe cannot be found. I believe Norton caught the dwm virus, but something is still trying to find it during bootup. Does this analysis seem correct? Any ideas how to disable this? The bootup process freezes until I manually hit OK for both messages. Very irritating.

__________________
corvus7 is offline   Reply With Quote
Old 04-04-2011, 02:57 PM   #2
Administrator
Micosoft MVP

Team Manager
- Networking
- Microsoft Support
- Hardware
 
Old Rich's Avatar

Microsoft Most Valuable Professional
 
Join Date: May 2007
Location: Houston, Texas
Posts: 47,063
OS: XP, Win 7



and welcome to the Forum

For Starters . . Look in msconfig Startup tab to see if a line for dwm.exe exists

Old Rich is offline   Reply With Quote
Old 04-05-2011, 08:53 AM   #3
Registered Member
 
Join Date: Apr 2011
Posts: 6
OS: XP Service Pack 3



Rich,

Yes, dwm.exe is in the msconfig startup tag, but ...

Probably doing something wrong here. I tried to uncheck that entry, but it indicates that I don't have permission. I tried to log on as Administrator (change logons, cntrl alt delete at Welcome page), but nothing happens. It still logs me on with my standard user name. I checked my logons in the Control Panel. There is only one entry, my standard user name, and it is listed as the computer administrator.

BTW, the message I get when I try to exit msconfig after unchecking the dwm.exe entry is "An Access Denial error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes".

Any additional help would be greatly appreciated. Not very MS-fluent, obviously. Just an old UNIX programmer, long out of the industry.

Thanks.
__________________
corvus7 is offline   Reply With Quote
Old 04-05-2011, 09:30 AM   #4
Administrator
Micosoft MVP

Team Manager
- Networking
- Microsoft Support
- Hardware
 
Old Rich's Avatar

Microsoft Most Valuable Professional
 
Join Date: May 2007
Location: Houston, Texas
Posts: 47,063
OS: XP, Win 7



What antivirus and other real time protection are you using?

Are you comfortable editing the registry?
Old Rich is offline   Reply With Quote
Old 04-05-2011, 09:38 AM   #5
Registered Member
 
Join Date: Apr 2011
Posts: 6
OS: XP Service Pack 3



Using Norton 360. I haven't edited the registry before, but I can certainly follow instructions.

Any idea what's up with the Administrator account or lack of ability for my account to allow for making the changes in msconfig?
__________________
corvus7 is offline   Reply With Quote
Old 04-05-2011, 11:23 AM   #6
Administrator
Micosoft MVP

Team Manager
- Networking
- Microsoft Support
- Hardware
 
Old Rich's Avatar

Microsoft Most Valuable Professional
 
Join Date: May 2007
Location: Houston, Texas
Posts: 47,063
OS: XP, Win 7



Norton may be blocing it . . try disableing Norton and then make the changes
Old Rich is offline   Reply With Quote
Old 04-05-2011, 11:30 AM   #7
Team Manager, Articles
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 38,490
OS: Win XP Pro SP3 / Win 7 Pro

My System


There might be a case for using HijackThis here - something we rarely use these days, but it should show the offending Registry item. And it would save you manually editing the Registry.


Please download HijackThis. Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis.

After installation, HijackThis should open for you.

If it does not, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe.

1. If it gives you an introduction screen, just choose 'Do a system scan and save a logfile'.
2. If you don't see the introduction screen, click 'Scan' and then click on Save log.
3. Post the HijackThis log file here. Do not fix anything in HijackThis as many entries are harmless.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Photographers Corner
Glaswegian is offline   Reply With Quote
Old 04-05-2011, 12:22 PM   #8
Registered Member
 
Join Date: Apr 2011
Posts: 6
OS: XP Service Pack 3



I am attaching the Hijack This log file. Hope this helps. Turning off Norton did not seem to help at all.

BTW, sorry for the on and off replies. I am in and out of the house today. Days off are anything but relaxing.

Thanks, guys.
Attached Files
File Type: txt Copy of hijackthis.txt (13.1 KB, 46 views)
__________________
corvus7 is offline   Reply With Quote
Old 04-05-2011, 12:57 PM   #9
Team Manager, Articles
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 38,490
OS: Win XP Pro SP3 / Win 7 Pro

My System


Hi again

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

Open HijackThis and click on 'Do a System Scan Only'. Check the following entry

F3 - REG:win.ini: load=C:\DOCUME~1\DALEHO~1\LOCALS~1\Temp\dwm.exe

Please remember to close all other windows, including browsers then click Fix checked.

Close HijackThis now.


Then run this cleaner

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Photographers Corner
Glaswegian is offline   Reply With Quote
Old 04-05-2011, 01:46 PM   #10
Registered Member
 
Join Date: Apr 2011
Posts: 6
OS: XP Service Pack 3



I'll be trying that very shortly. Here's hoping. Many thanks.s
__________________
corvus7 is offline   Reply With Quote
Old 04-05-2011, 03:52 PM   #11
Registered Member
 
Join Date: Apr 2011
Posts: 6
OS: XP Service Pack 3



Glaswegian,

That did it!!! I see no more problems with my computer now (hope it stays that way). I immensely appreciate your help (you, too, Rich) in fixing this big irritation. You are a credit to Caledonia. Next time a get around a bottle of Balvenie, I will offer a toast to you.

You guys are godsends.

Best Wishes,
corvus7
__________________
corvus7 is offline   Reply With Quote
Old 04-05-2011, 04:09 PM   #12
Administrator
Micosoft MVP

Team Manager
- Networking
- Microsoft Support
- Hardware
 
Old Rich's Avatar

Microsoft Most Valuable Professional
 
Join Date: May 2007
Location: Houston, Texas
Posts: 47,063
OS: XP, Win 7



Glad you got it fixed!!
Old Rich is offline   Reply With Quote
Old 04-06-2011, 05:13 AM   #13
Team Manager, Articles
Analyst
Rangemaster, TSF Academy
 
Glaswegian's Avatar
 
Join Date: Sep 2005
Location: Glasgow
Posts: 38,490
OS: Win XP Pro SP3 / Win 7 Pro

My System


It was our pleasure!

__________________
Iain - Defender of the Haggis and all things Scottish.
I don't help by PM - post in the Forums.



PC Safety & Security::PC running a bit slow?::Photographers Corner
Glaswegian is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
.dll files missing, browser opens new tabs, google search redirects.
Hello, I'm a complete computer novice, but I know things are not right. At startup I get two pop-ups stating some .dll files are missing. I've googled these files and only got a couple of hits, it seems they're some kind of virus. My browser also opens up new tabs on it's own, and google search...
jtatauburn Resolved HJT Threads 24 04-02-2011 09:38 PM
computer freezes redirects to different sites on google
Please help. My computer has been running slow and many times when I upload a page it says it is not responding. The other issue is that when I do a search on google and click on the correct search,it directs me to another soliciting site. I have tried to run GMER both ways and it just will not...
lubo1 Inactive Malware Help Topics 8 02-21-2011 09:28 PM
Browser Redirect Issue
I have been having an issue with both IE and Firefox redirecting Google search results a majority of the time. I had done a scan with Spybot Search & Destroy prior to posting here and "Fraud.WindowsProtectionSuite" (15 entries) and "Microsoft.Windows.RedirectedHosts" (3 entries) were the only...
bob2881 Resolved HJT Threads 21 02-21-2011 06:48 PM
Troubleshoot! A Virus. OH, NO!
:wave: Hello, This first time I have ever gotten a virus on my labtop since I've gotten it. Ugh, very fustrating, also, I'm the type of person whose a do it herself person, plus I literally have no money to spend on professional help or professional programs. I've spend quite a bit of...
Lishy Inactive Malware Help Topics 0 01-25-2011 11:57 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2


All times are GMT -7. The time now is 09:28 PM.


Copyright 2001 - 2014, Tech Support Forum

Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts