Wudfhost.exe

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Hi,

I'm no expert on virii and recently my system was badly infected. By default
I have Avira AV running, so I have no idea how it got past that - but it
managed to disable Avira. In fact it was my attempts to get that back into
operation which led me to suspect a possible virus.

I could not get that going again, so I tried a fresh download and the
install failed with errors, I downloaded numerous other free AV software and
all failed to install. I then used one of the online scanners which
confirmed the problem - I could not even manage a safe boot into XP, it just
blue screened. Checking what processes were running I found Wudfhost.exe
which was one I didn't recognise, plus a file with what seemed to be a
random number.exe - I could stop the processes, but they would reappear
within seconds.

I could not find any information about solving it on the Internet so in
desperation I ran a search for Wudfhost in my registry, finding it in a
section called Wudf. I deleted the complete section, after which I could
once again install AV software and check for anything else which might be
lurking on my system - it found lots more and managed to clear it all.

--
Regards,
                Harry (M1BYT)



Re: Wudfhost.exe

On this special day, Harry Bloomfield wrote:

Quoted text here. Click to load it

Sounds very familiar, look here:

http://isc.sans.org/diary.html?storyid=3807
http://isc.sans.org/diary.html?storyid=3817

Did you by chance recently buy anything that counts as a "drive" (USB
stick, M3 player, photo frame, whatever), that hosts ab "autorun.inf"?


Gabriele Neukam

Gabriele.Spamfighter.Neukam@t-online.de

--
If everybody started to do what they think should be done for the
common
good, democracy would not exist anymore.
-
Guillermito in alt.comp.virus



Re: Wudfhost.exe


Quoted text here. Click to load it

The symptoms were very similar, but no I have not bought or added any new
devices recently. I don't remember whether msconfig was disabled or not and
rather than not be able to browse AV sites - I was able to download them,
but nothing I downloaded would successfully install.



Re: Wudfhost.exe


On Sun, 6 Jan 2008 17:53:33 -0000, "Harry Bloomfield"

Quoted text here. Click to load it

When this happens, close down the first process (wudfhost.exe) and
when it restarts it will be as a child of the process which restarted
it (strange number.exe) so you then need to kill the process *tree* of
the second process. This is a right click option of the windows task
manager or preferably use process explorer which shows the parent
child relationship more clearly.

http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx



Jim.


Site Timeline