Is Wsgnagvc.dll A Virus?

BitDefender keeps popping up telling me that a "wsgnagvc.dll" wants to be added to my Windows Registry. I keep blocking it, but that only works for about 1 second. Does anyone know if I should allow this?

Also, a few minutes before this, it said that a "Mircorsoft operating.. etc." wanted to be added, and I clicked allow, was that the beginning of the end?

Any help is appreciated.

-- Dan

Find more posts tagged with

Comments

Sm3K3R

BitDefender keeps popping up telling me that a "wsgnagvc.dll" wants to be added to my Windows Registry. I keep blocking it, but that only works for about 1 second. Does anyone know if I should allow this?

Also, a few minutes before this, it said that a "Mircorsoft operating.. etc." wanted to be added, and I clicked allow, was that the beginning of the end?

Any help is appreciated.

-- Dan

Search the file you are talkintg about ,add it to an archive with the pass "infected" (without the " ).After you have archived the file atach it to this thread ,for the labs to look into it, using the Upload file function and Manage Current Atachments option.Good luck!

Have you installed something new, when you got the pop up, or it just came from nowhere?

DanKeys

Search the file you are talkintg about ,add it to an archive with the pass "infected" (without the " ).After you have archived the file atach it to this thread ,for the labs to look into it, using the Upload file function and Manage Current Atachments option.Good luck!

Have you installed something new, when you got the pop up, or it just came from nowhere?

Yes, I did install a small program, that's why I'm suspicious. Ok, I'll try to send the file, thanks.

DanKeys

Search the file you are talkintg about ,add it to an archive with the pass "infected" (without the " ).After you have archived the file atach it to this thread ,for the labs to look into it, using the Upload file function and Manage Current Atachments option.Good luck!

Have you installed something new, when you got the pop up, or it just came from nowhere?

Ok, here's the file./applications/core/interface/file/attachment.php?id=3081" data-fileid="3081" rel="">wsgnagvc.rar

wsgnagvc.rar

DanKeys

Here is the first BitDefender PopUp that I got. The second jpg is another popup I got during this time.

The 3rd and 4th jpgs are after doing a deep scan. They show 1 Trojan, but that's from a while ago. If you have any advise on getting rid of that, thanks. (I just emptied the recycle bin, so maybe the Trojan one is gone)

-- Dan

(Thanks again for your help)

rootkit

I've send the file to the lab.

Virus Submission : http://forum.bitdefender.com/index.php?showtopic=84

DanKeys

I've send the file to the lab.

Virus Submission : http://forum.bitdefender.com/index.php?showtopic=84

Thanks. Ok, here's some more info: I renamed the above .dll file that was in my system32 directory. It would rename but not delete. Immediately the original message popped up saying that "Microsoft Operation... etc" wants to be added to my registry. I clicked to block it a bunch of times, and then it gave me a new name that wanted to be added called "smaxsoqc.dll" So I renamed that, then received the Microsoft message again, so this time I permanently blocked it. No more messages. I look in BitDefender under "Settings" and Privacy control, and it's blocking (to the registry) something every second. It's up to about 7000 now!!! HELP!!! I think I'll run Hijackthis and send it in.

P.S. here's the files that were created just today in my System32 directory:

- Dan

rootkit

Ooo yeah...

Put all the files in a archive with the pasword infected and upload it on a server.

http://forum.bitdefender.com/index.php?sho...post&p=1223

Leave the download link here.

I think is a vundo infection.

DanKeys

Ok, I have finally killed the virus. It was the Trojan Vundo. It made a total of 9 different .dlls in my System32 foldler. I had to use the program "Unlocker" to delete them. Then I used "Spybot" to clean my drive, along with BitDefender. I also had to make sure to disable those Trojan made files in the msconfig startup. After cleaning and re-booting, vista asked me to re-enter my activation key. Everything is working good now. One good thing about BitDefender is that it keep letting me know and decide about programs wanting to be added to the registry. The bad thing about this virus is that it was masked under the name "Microsoft Operating systems".

My conclusion to this Trojan Vundo is: Use BitDefender, along with Spybot and Unlocker. Don't always allow a file to be added to the registry even if it says it's from "Microsoft".

Thanks to all for your advice and help.

-- Dan

P.S. Any more comments on this subject is appreciated, I'll be checking this thread a few more times.