Kindly be advised we cannot cancel subscriptions or issue refunds on the forum.
You may cancel your Bitdefender subscription from Bitdefender Central or by contacting Customer Support at: https://www.bitdefender.com/consumer/support/help/

Thank you for your understanding.

Is Wsgnagvc.dll A Virus?

Options
DanKeys
DanKeys
in Malware talk

BitDefender keeps popping up telling me that a "wsgnagvc.dll" wants to be added to my Windows Registry. I keep blocking it, but that only works for about 1 second. Does anyone know if I should allow this?


Also, a few minutes before this, it said that a "Mircorsoft operating.. etc." wanted to be added, and I clicked allow, was that the beginning of the end?


Any help is appreciated.


-- Dan

Comments

  • Sm3K3R
    Sm3K3R ✭✭✭
    Options
    BitDefender keeps popping up telling me that a "wsgnagvc.dll" wants to be added to my Windows Registry. I keep blocking it, but that only works for about 1 second. Does anyone know if I should allow this?


    Also, a few minutes before this, it said that a "Mircorsoft operating.. etc." wanted to be added, and I clicked allow, was that the beginning of the end?


    Any help is appreciated.


    -- Dan


    Search the file you are talkintg about ,add it to an archive with the pass "infected" (without the " ).After you have archived the file atach it to this thread ,for the labs to look into it, using the Upload file function and Manage Current Atachments option.Good luck!


    Have you installed something new, when you got the pop up, or it just came from nowhere?

  • DanKeys
    DanKeys
    Options
    Search the file you are talkintg about ,add it to an archive with the pass "infected" (without the " ).After you have archived the file atach it to this thread ,for the labs to look into it, using the Upload file function and Manage Current Atachments option.Good luck!


    Have you installed something new, when you got the pop up, or it just came from nowhere?


    Yes, I did install a small program, that's why I'm suspicious. Ok, I'll try to send the file, thanks.

  • DanKeys
    DanKeys
    Options
    Search the file you are talkintg about ,add it to an archive with the pass "infected" (without the " ).After you have archived the file atach it to this thread ,for the labs to look into it, using the Upload file function and Manage Current Atachments option.Good luck!


    Have you installed something new, when you got the pop up, or it just came from nowhere?


    Ok, here's the file./applications/core/interface/file/attachment.php?id=3081" data-fileid="3081" rel="">wsgnagvc.rar

  • DanKeys
    DanKeys
    Options

    Here is the first BitDefender PopUp that I got. post-16617-1221220260_thumb.jpg The second jpg is another popup I got during this time. post-16617-1221220275_thumb.jpg


    The 3rd and 4th jpgs are after doing a deep scan. They show 1 Trojan, but that's from a while ago. If you have any advise on getting rid of that, thanks. (I just emptied the recycle bin, so maybe the Trojan one is gone)


    post-16617-1221220573_thumb.jpg post-16617-1221220583_thumb.jpg


    -- Dan


    (Thanks again for your help)

  • rootkit
    rootkit ✭✭✭
    edited September 2008
    Options

    I've send the file to the lab. :)


    Virus Submission : http://forum.bitdefender.com/index.php?showtopic=84

  • DanKeys
    DanKeys
    Options
    I've send the file to the lab. :)


    Virus Submission : http://forum.bitdefender.com/index.php?showtopic=84


    Thanks. Ok, here's some more info: I renamed the above .dll file that was in my system32 directory. It would rename but not delete. Immediately the original message popped up saying that "Microsoft Operation... etc" wants to be added to my registry. I clicked to block it a bunch of times, and then it gave me a new name that wanted to be added called "smaxsoqc.dll" So I renamed that, then received the Microsoft message again, so this time I permanently blocked it. No more messages. I look in BitDefender under "Settings" and Privacy control, and it's blocking (to the registry) something every second. It's up to about 7000 now!!! HELP!!! I think I'll run Hijackthis and send it in.


    P.S. here's the files that were created just today in my System32 directory: post-16617-1221237757_thumb.jpg


    - Dan

  • rootkit
    rootkit ✭✭✭
    edited September 2008
    Options

    Ooo yeah...


    Put all the files in a archive with the pasword infected and upload it on a server.


    http://forum.bitdefender.com/index.php?sho...post&p=1223


    Leave the download link here.


    I think is a vundo infection. :)

  • DanKeys
    DanKeys
    Options

    Ok, I have finally killed the virus. It was the Trojan Vundo. It made a total of 9 different .dlls in my System32 foldler. I had to use the program "Unlocker" to delete them. Then I used "Spybot" to clean my drive, along with BitDefender. I also had to make sure to disable those Trojan made files in the msconfig startup. After cleaning and re-booting, vista asked me to re-enter my activation key. Everything is working good now. One good thing about BitDefender is that it keep letting me know and decide about programs wanting to be added to the registry. The bad thing about this virus is that it was masked under the name "Microsoft Operating systems".


    My conclusion to this Trojan Vundo is: Use BitDefender, along with Spybot and Unlocker. Don't always allow a file to be added to the registry even if it says it's from "Microsoft".


    Thanks to all for your advice and help.


    -- Dan


    P.S. Any more comments on this subject is appreciated, I'll be checking this thread a few more times.

All Time Leaders

Categories

Defenders of the month