I got my first virus (aka Removing jwgkvsq.vmx from my netbook)

Although  I use a computer since 2001 I had not experienced directly the existence of viruses, and also I was feeling that a default installation of the OS could give an almost secure environment. This was because since May 2003 I was using  always and everywhere a GNU/linux based OS and because in the first two years, when I used Windows ME (shipped with the computer), I hadn’t an Internet connection (at that time there were only dial-up, and it was too slow and too expensive), there weren’t usb memory stick and cd-burner were really really expensive, so although my OS could be vulnerable there were no vehicles of transmission.

I got a netbook with Windows XP installed on (and yes, I want to remove it, but I really have no time now) for about two months, and I didn’t exeperienced any problem since yesterday, when I contracted my first virus!

People on TV often say that THE vehicle of trasmission of viruses is the terrible Internet, but my plague spreader is my father: I borrowed him my usb memory stick and when he returned it to me the tragedy went done.

On the memory stick there were the so called “jwgkvsq.vmx” worm, using a unix like system for years I have learned to use a non administrator account for the everyday use, but this didn’t save me: the worm could do his best with a “normal user” grants.

The symptoms of the pestilence was a windows firewall’s popup window warning me that “Explorer” intended to open a closed port, and if I wanted to make “Explorer” use that port I could ask the admin to unlock it.

I wasn’t using any antivirus software, and, as you may have noticed, I have no experience in Windows.

After all the worm wasn’t (I think) doing nasty things, it was just making windows firewall boring me, but of course I wanted to remove it, but how if I didn’t know neither the name of the virus?

To obtain some info on my disease I inserted again the memory stick and I looked for some hidden files, I found a binary autorun.inf and a file called jwgkvsq.vmx in a directory called RECYCLER. I got a name!

So I started searching internet for that name, and how to remove the effect of this worm. I found many strange forum, with people with strange nickname asking and giving helps, and many strange tips and procedures for removing the worm.

When I was thinking to (finally) remove Windows from the netbook (but I needed to make backups first), I found a resonable hint saying to download and install the free (as in beer not as in speach) antivirus, Avast, and schedule it for a scan at computer startup.

I followed the hint and Avast found a worm, calling it “Win32:Confi [Wrm]” in a file, zxeieayk.dll, hidden in my own files, I decided to remove it.

At the next startup there weren’t the Windows Firewall popup dialog meaning that the threat was removed, but it apperead a popup window from Explorer.exe warning that it didn’t load the file zxeieayk.dll, so the last thing to do was to look for “zxeieayk.dll” in regedit, and then drop any of the keys found.

That’s all!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s