Author Topic: Win32:Wmit-C [Trj]  (Read 5327 times)

0 Members and 1 Guest are viewing this topic.

alexyeoh_leo85

  • Guest
Win32:Wmit-C [Trj]
« on: February 23, 2010, 03:01:03 AM »
How to solve this virus?
Last week 20th Feb 2010, i updated avast definition. then i used Avast Scanning my pc, i found my pc treated a trojan.
this virus name is "Win32: Wmit-c [Trj]
how to solve this matter, when i avast detecting, i try use delete it. then i try restart my pc again. then i try scanning virus again i still found this matter.
can i know how to solve?

Offline Rednose

  • Pirate Party Member
  • Avast Überevangelist
  • Massive Poster
  • *****
  • Posts: 3739
  • Bits of Freedom : https://www.bof.nl
    • Nederlandstalig Avast! forum
Re: Win32:Wmit-C [Trj]
« Reply #1 on: February 23, 2010, 04:06:33 AM »
Hi alexyeoh_leo85 :)

Did you try a boot-time scan ??? Btw it is better to quarantine a file instead of deleting it, in case of a false positive ;)

Greetz, Red.
« Last Edit: February 23, 2010, 04:22:19 AM by Rednose »
OS: Win 10 / iOS 17 / Debian 12 / Tails 5
Real Time: Avast Premium Security
On Demand: Malwarebytes
VPN: NordVPN ( NordLynx ) with Threat Protection ( Lite )

alexyeoh_leo85

  • Guest
Re: Win32:Wmit-C [Trj]
« Reply #2 on: February 23, 2010, 06:50:57 AM »
Rednose

i already try boot-time scan. but still have virus cannot killed.
my avast have detect a virus name as "wmiptsd.exe"
this virus is come from c:\windows\system32\
then i found this virus running on task manager. running many times. then it also make cmd.exe running many times at task manager, until my pc slower. then it also can link to my other pc. so now i have 7 pc is got this virus.

 :'( :'( :'(

Offline Milos

  • Avast team
  • Super Poster
  • *
  • Posts: 2293
Re: Win32:Wmit-C [Trj]
« Reply #3 on: February 23, 2010, 11:15:55 AM »
Hello,
try to check start menu -> programs -> startup if there si only what you know, or find the "wmiptsd.exe" (the name from taskmanager -- maybe it changes the names) in registry keys (run regedit and from menu Edit -> Find) containing this name, maybe it will be stored somewhere in key "Run" or somewhere else which is used to run after startup.

Milos

Offline mkis

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1618
Re: Win32:Wmit-C [Trj]
« Reply #4 on: February 23, 2010, 11:25:37 AM »
Yes update 20th Feb enabled detection of Win32:Wmit-C [Trj  - so that is where that came from.

detection was enabled for these viruses 20-2-2010
JS:Prontexi-Q [Trj], Win32:Bredolab-CF [Trj], Win32:Crypt-FWH [Trj], Win32:Crypt-FWI [Trj], Win32:Delf-NFM [Trj], Win32:Jifas-DZ [Trj], Win32:Kates-AC [Trj], Win32:Kates-AD [Trj], Win32:Kates-AE [Trj], Win32:OnLineGames-FPY [Trj], Win32:Small-NGZ [Trj], Win32:VB-OMR [Trj], Win32:Wmit-C [Trj]

The infected files should have been sent to the chest. If not please scan again and this time send to the chest.
It would appear that the virus has mutated.

You should also check your computer with

Malwarebytes Antimalware http://filehippo.com/download_malwarebytes_anti_malware/
install, update and run a quick scan, and quarantine anything that is found

reply post scan log
We should have a good idea how clean is your computer after that.
Avast7 Free, MBAM (on demand), MVPS Hosts

Intel DG41TY, Windows 7 Ultimate, IE9, Google Chrome, 4 GB ram, Secunia PSI, ccleaner, Foxit Reader, Faststone Image viewer, MWSnap.

doremifasolasi

  • Guest
Re: Win32:Wmit-C [Trj]
« Reply #5 on: March 04, 2010, 09:19:34 AM »
I've got a same problem with you..
And this is how i cleaned this trojan.
- Update ur avast
- Do boot-scan
- After that, make sure tht there'r not QXZV.exe at ur WINDOWS/system32
- Usually, this trojan made ur host file become 5MB (with some random data), so correct ur file host..
- Look at ur registry (run-regedit), FIND wmiptsd, then delete it, or modify binary first (delete all the binary data)
Find wmiptsd again till there's no more wmiptsd at ur registry.
- Finish. our computer hv cleaned from that trojan.

NB: usually, this trjn damaged some file at ur system, so u cant go to safe mode. Then u have to repair ur operating system after cleaned the trojan