Tom's Guide | Tom's Hardware | Tom's Games

Computing.Net > Forums > Security and Virus > hjmwavd.exe virus/trojan horse

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

hjmwavd.exe virus/trojan horse

Reply to Message Icon

Name: Peter_Lakov
Date: August 10, 2004 at 20:26:59 Pacific
OS: XP
CPU/Ram: PIII/512MB
Comment:

Hi all,

I suspect my computer somehow got a Trojan horse or some type of virus. The symptoms are: when trying to follow links off from the main pages of major sites like yahoo.com or google.com, the Web pages cannot not be loaded. After rebooting the machine, I could follow a few links and then the hassle started all over.

I had to download the Opera browser to see that the connection was being closed from the server -unlike IE or Netscape, Opera shows an error message "Server www.yahoo.com closed the connection".

Rebooting the machine and killing hjmwavd.exe from TaskMgr took care of the problems.

Any ideas how this executable could have spread, what it is doing, and how to prevent such infections in the future are gladly accepted.

If you send an email address, I can email you the file as an attachment. Below are the reg keys I found on my computer related to this file.

Thanks,
Peter


[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update Machine"="hjmwavd.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Krypton\"C:-WINDOWS-System32-hjmwavd.exe" ]
"K-Key"=hex:96,ec,60,6a,72,07,5e,d2

[HKEY_LOCAL_MACHINE\SOFTWARE\Krypton\C:-WINDOWS-System32-hjmwavd.exe 1720 "C:-WINDOWS-system32-wuamgrd.exe"]
"K-Key"=hex:b0,f6,ea,5d,9a,80,b3,c5

[HKEY_LOCAL_MACHINE\SOFTWARE\Krypton\wuamgrd.exe]
"K-Key"=hex:03,51,f0,e7,d4,ea,1f,76

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update Machine"="hjmwavd.exe"

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update Machine"="hjmwavd.exe"
"won update"="wapdate.exe"

[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update Machine"="hjmwavd.exe"
"won update"="wapdate.exe"

[HKEY_USERS\S-1-5-21-2052111302-1580436667-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Update Machine"="hjmwavd.exe"




Sponsored Link
Ads by Google

Response Number 1
Name: RobbieDickon
Date: August 10, 2004 at 21:23:42 Pacific
Reply:

you need to delete all of those.

To prevent this happening again get a good firewall like zone alarm. The personal edition is free.


www.download.com


0

Response Number 2
Name: kinghe
Date: August 10, 2004 at 21:44:37 Pacific
Reply:

hjmwavd.exe and wapdate.exe,these look like Worm.agobot or Worm.sdbot.Can you send two files with compressed files to me?my email:virus@shanguo.com


0

Sponsored Link
Ads by Google
Reply to Message Icon

Related Posts

See More



Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.


Go to Security and Virus Forum Home


Sponsored links
Ads by Google


Results for: hjmwavd.exe virus/trojan horse
MSN Virus - Trojan Horse www.computing.net/answers/security/msn-virus-trojan-horse-/19755.html

Remove iexplore.exe virus/trojan www.computing.net/answers/security/remove-iexploreexe-virustrojan/23780.html

Virus (Trojan Horse) notified www.computing.net/answers/security/virus-trojan-horse-notified/17763.html