Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Harry Bloomfield
January 6, 2008, 5:53 pm
rate this thread
I'm no expert on virii and recently my system was badly infected. By default
I have Avira AV running, so I have no idea how it got past that - but it
managed to disable Avira. In fact it was my attempts to get that back into
operation which led me to suspect a possible virus.
I could not get that going again, so I tried a fresh download and the
install failed with errors, I downloaded numerous other free AV software and
all failed to install. I then used one of the online scanners which
confirmed the problem - I could not even manage a safe boot into XP, it just
blue screened. Checking what processes were running I found Wudfhost.exe
which was one I didn't recognise, plus a file with what seemed to be a
random number.exe - I could stop the processes, but they would reappear
I could not find any information about solving it on the Internet so in
desperation I ran a search for Wudfhost in my registry, finding it in a
section called Wudf. I deleted the complete section, after which I could
once again install AV software and check for anything else which might be
lurking on my system - it found lots more and managed to clear it all.
Sounds very familiar, look here:
Did you by chance recently buy anything that counts as a "drive" (USB
stick, M3 player, photo frame, whatever), that hosts ab "autorun.inf"?
If everybody started to do what they think should be done for the
good, democracy would not exist anymore.
Guillermito in alt.comp.virus
On Sun, 6 Jan 2008 17:53:33 -0000, "Harry Bloomfield"
When this happens, close down the first process (wudfhost.exe) and
when it restarts it will be as a child of the process which restarted
it (strange number.exe) so you then need to kill the process *tree* of
the second process. This is a right click option of the windows task
manager or preferably use process explorer which shows the parent
child relationship more clearly.