jwgkvsq.vmx is component of Conficker worm
This is a harmful program.
 |
It is a component of malware or spyware, you should immediately remove it using an antivirus and antispyware program. If that does not help, then ask us for help in the Spyware removal forum. |
Name: jwgkvsq
Filename: jwgkvsq.vmx
Registry key:
HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adaa1c54-332e-11de-bf44-001c25045ca7}
Command: F:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
CLSID: {adaa1c54-332e-11de-bf44-001c25045ca7}
Startup Type: autorun.inf
Combofix/RSIT Line:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{adaa1c54-332e-11de-bf44-001c25045ca7}]
shell\AutoRun\command – C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
Description: component of Conficker worm also known as Kido worm
How to remove: use these Conficker removal instructions
December 3rd, 2009 at 10:55 am
We have developed a removal tool for the virus (Recycler\…jwgkvsq.vmx).
Please use following link to download the tool.
it.web44.net/VirusDetails/jwgkvsq.vmx.Recover.report.php
Please give your comments on our web site.
Thank you.
Imago Labs®(Sri Lanka)
December 12th, 2009 at 6:26 am
The jwgkvsq.vmx is a worm-type virus, which spreads via USB/portable drives and through the network. It also makes autorun.inf file on your USB device as well as a hidden system folder called RECYCLER which contains the jwgkvsq.vmx file. I’m not sure if this is an old virus, but it seems it’s been spreading a lot lately. And most anti-virus doesn’t detect this, but for those who does, it can’t remove it.