[SOLVED] What launches dwm.exe virus

Re: What launches dwm.exe virus

and welcome to the Forum

For Starters . . Look in msconfig Startup tab to see if a line for dwm.exe exists

Re: What launches dwm.exe virus

Rich,

Yes, dwm.exe is in the msconfig startup tag, but ...

Probably doing something wrong here. I tried to uncheck that entry, but it indicates that I don't have permission. I tried to log on as Administrator (change logons, cntrl alt delete at Welcome page), but nothing happens. It still logs me on with my standard user name. I checked my logons in the Control Panel. There is only one entry, my standard user name, and it is listed as the computer administrator.

BTW, the message I get when I try to exit msconfig after unchecking the dwm.exe entry is "An Access Denial error was returned while attempting to change a service. You may need to log on using an Administrator account to make the specified changes".

Any additional help would be greatly appreciated. Not very MS-fluent, obviously. Just an old UNIX programmer, long out of the industry.

Thanks.

Re: What launches dwm.exe virus

There might be a case for using HijackThis here - something we rarely use these days, but it should show the offending Registry item. And it would save you manually editing the Registry.


Please download HijackThis. Double-click on the file you just downloaded. Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis.

After installation, HijackThis should open for you.

If it does not, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe.

1. If it gives you an introduction screen, just choose 'Do a system scan and save a logfile'.
2. If you don't see the introduction screen, click 'Scan' and then click on Save log.
3. Post the HijackThis log file here. Do not fix anything in HijackThis as many entries are harmless.

Re: What launches dwm.exe virus

Hi again

Restart your computer and boot into Safe Mode by tapping the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

Open HijackThis and click on 'Do a System Scan Only'. Check the following entry

F3 - REG:win.ini: load=C:\DOCUME~1\DALEHO~1\LOCALS~1\Temp\dwm.exe

Please remember to close all other windows, including browsers then click Fix checked.

Close HijackThis now.


Then run this cleaner

Please download ATF Cleaner by Atribune.

This program is for XP and Windows 2000 only

• Double-click ATF-Cleaner.exe to run the program.
• Under Main choose: Select All
• Click the Empty Selected button.

If you use Firefox browser

• Click Firefox at the top and choose: Select All
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

• Click Opera at the top and choose: Select All
• Click the Empty Selected button.
  NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.