Avast WEBforum

Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: alexyeoh_leo85 on February 23, 2010, 03:01:03 AM

Title: Win32:Wmit-C [Trj]
Post by: alexyeoh_leo85 on February 23, 2010, 03:01:03 AM

How to solve this virus?
Last week 20th Feb 2010, i updated avast definition. then i used Avast Scanning my pc, i found my pc treated a trojan.
this virus name is "Win32: Wmit-c [Trj]
how to solve this matter, when i avast detecting, i try use delete it. then i try restart my pc again. then i try scanning virus again i still found this matter.
can i know how to solve?

Title: Re: Win32:Wmit-C [Trj]
Post by: Rednose on February 23, 2010, 04:06:33 AM

Hi alexyeoh_leo85 :)

Did you try a boot-time scan ??? Btw it is better to quarantine a file instead of deleting it, in case of a false positive ;)

Greetz, Red.

Title: Re: Win32:Wmit-C [Trj]
Post by: alexyeoh_leo85 on February 23, 2010, 06:50:57 AM

Rednose

i already try boot-time scan. but still have virus cannot killed.
my avast have detect a virus name as "wmiptsd.exe"
this virus is come from c:\windows\system32\
then i found this virus running on task manager. running many times. then it also make cmd.exe running many times at task manager, until my pc slower. then it also can link to my other pc. so now i have 7 pc is got this virus.

 :'( :'( :'(

Title: Re: Win32:Wmit-C [Trj]
Post by: Milos on February 23, 2010, 11:15:55 AM

Hello,
try to check start menu -> programs -> startup if there si only what you know, or find the "wmiptsd.exe" (the name from taskmanager -- maybe it changes the names) in registry keys (run regedit and from menu Edit -> Find) containing this name, maybe it will be stored somewhere in key "Run" or somewhere else which is used to run after startup.

Milos

Title: Re: Win32:Wmit-C [Trj]
Post by: mkis on February 23, 2010, 11:25:37 AM

Yes update 20th Feb enabled detection of Win32:Wmit-C [Trj  - so that is where that came from.

detection was enabled for these viruses 20-2-2010
JS:Prontexi-Q [Trj], Win32:Bredolab-CF [Trj], Win32:Crypt-FWH [Trj], Win32:Crypt-FWI [Trj], Win32:Delf-NFM [Trj], Win32:Jifas-DZ [Trj], Win32:Kates-AC [Trj], Win32:Kates-AD [Trj], Win32:Kates-AE [Trj], Win32:OnLineGames-FPY [Trj], Win32:Small-NGZ [Trj], Win32:VB-OMR [Trj], Win32:Wmit-C [Trj]

The infected files should have been sent to the chest. If not please scan again and this time send to the chest.
It would appear that the virus has mutated.

You should also check your computer with

Malwarebytes Antimalware http://filehippo.com/download_malwarebytes_anti_malware/
install, update and run a quick scan, and quarantine anything that is found

reply post scan log
We should have a good idea how clean is your computer after that.

Title: Re: Win32:Wmit-C [Trj]
Post by: doremifasolasi on March 04, 2010, 09:19:34 AM

I've got a same problem with you..
And this is how i cleaned this trojan.
- Update ur avast
- Do boot-scan
- After that, make sure tht there'r not QXZV.exe at ur WINDOWS/system32
- Usually, this trojan made ur host file become 5MB (with some random data), so correct ur file host..
- Look at ur registry (run-regedit), FIND wmiptsd, then delete it, or modify binary first (delete all the binary data)
Find wmiptsd again till there's no more wmiptsd at ur registry.
- Finish. our computer hv cleaned from that trojan.

NB: usually, this trjn damaged some file at ur system, so u cant go to safe mode. Then u have to repair ur operating system after cleaned the trojan