Results 1 to 10 of 10

Thread: File cwjv.wmo

  1. #1
    New Lounger
    Join Date
    Dec 2009
    Location
    Sagada, Mountain Province, Philippines
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Some time ago I wound up with the file cwjv.wmo in my C:\Windows\system32 directory. I found that it was a malware file of some kind and I deleted it. Now whenever I boot some program is trying to find it and I can't figure out what that something is. I get the message "file cwjv.wmo not found". I would really like to get rid of whatever is looking for the file if someone can help.

    Thanks,
    Kent Sinkey

  2. #2
    Plutonium Lounger Leif's Avatar
    Join Date
    Dec 2000
    Location
    U.K.
    Posts
    14,010
    Thanks
    0
    Thanked 0 Times in 0 Posts
    What anti-virus and/or anti-malware are you running?

    Start > Run
    msconfig
    and click on the Startup tab. Can you see anything you don't recognise there?

  3. #3
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts
    SuperAntiSpyware claims to be able to remove this and there is a free version of the program.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  4. #4
    New Lounger
    Join Date
    Dec 2009
    Location
    Sagada, Mountain Province, Philippines
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have tried Panda Cloud, Microsoft Security Essentials, Avira, AVG, SuperAntiSpyware as well as the Pro version. I've looked in Process Explorer and my start up programs. Actually I've done everything I can think of with no good result. I even tried Trend Online scan which left a lot to be desired. Nothing seems to find the program which wants to load cwjv.wmo. However, I don't know everything and that's why I'm asking for help.

    Cheers!!! Kent

  5. #5
    New Lounger
    Join Date
    Dec 2009
    Location
    Lexington, South Carolina, USA
    Posts
    13
    Thanks
    0
    Thanked 0 Times in 0 Posts
    The cannot find message is probably because the registry still points to the deleted file and is trying to run the cwjv.wmo file.

    I'd suggest running Ccleaner to scan the registry and to remove the orphaned entries. This should solve your problem, especially since none of the programs you mentioned (SuperAntiSpyware etc.) find the virus any longer.
    You can&#39;t get something for nothing
    You can&#39;t have freedom for free
    You won&#39;t get wise with the sleep still in your eyes
    no matter what your dreams might be

  6. #6
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts
    Agreed. CCleaner's registry cleaner has a backup utility to backup the registry before scanning or changing anything and you can selectively remove the items it finds. I would give it a try and see if it clears the orphan from the registry or .dll that is calling that file.
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  7. #7
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,577
    Thanks
    5
    Thanked 1,057 Times in 926 Posts
    Quote Originally Posted by Kent Sinkey View Post
    I have tried Panda Cloud, Microsoft Security Essentials, Avira, AVG, SuperAntiSpyware as well as the Pro version. I've looked in Process Explorer and my start up programs. Actually I've done everything I can think of with no good result. I even tried Trend Online scan which left a lot to be desired. Nothing seems to find the program which wants to load cwjv.wmo. However, I don't know everything and that's why I'm asking for help.
    Try using Autoruns for Windows. See the Logon tab. If you're not sure of what you see there post a screenshot.

    Joe
    Joe

  8. #8
    New Lounger
    Join Date
    Dec 2009
    Location
    Sagada, Mountain Province, Philippines
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by JoeP View Post
    Try using Autoruns for Windows. See the Logon tab. If you're not sure of what you see there post a screenshot.

    Joe
    Dear JoeP,
    I downloaded and ran Autoruns as you suggested. I found two entries that showed "file not found" so I unchecked both of those and rebooted. The error message did not show up. Is that all I have to do? I have attached a screen shot.

    Thanks, Kent
    Attached Images Attached Images

  9. #9
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Kent Sinkey View Post
    Dear JoeP,
    I downloaded and ran Autoruns as you suggested. I found two entries that showed "file not found" so I unchecked both of those and rebooted. The error message did not show up. Is that all I have to do? I have attached a screen shot.
    Hello,
    I'm not Joe, but have some comments.
    Autoruns is a good tool, in cases like this; I was going to suggest it earlier, but I thought that Leif's first suggestion was a good start, something to check (since the System Configuration Utility, msconfig, is there on all PCs, if only meant as a simple troubleshooting tool. However, it only shows some run entries in the registry and the files).

    You have found a "cwjv.wmo" entry in the Shell key; it should be removed/disabled. The bad entry probably looked something like this: rundll32.exe cwjv.wmo htvss.

    The rundll32.exe entry is also a bit odd in the Winlogon shell key, I think. It is a valid system file. It's used to execute a DLL, so nothing wrong with that, but it may have been used by malware.

    NOTE: Please note that "Explorer.exe (Windows Explorer) C:\windows\explorer.exe" should be there, and must be there. I think you know this, just be careful if you remove or disable something from the shell key.

    If you uncheck a registry entry in Autoruns, the entry is moved to a sub key in the registry, and thus it will not be executed at logon. Autoruns can restore it, if you check the box again. To remove the entry from the registry, check the box, right-click and select Delete.

    As usual, when working with the registry, it is good to have a back up of the registry key, before doing changes. One should not change things there, unless one knows what the result will be.

    The logon tab in Autoruns is the most commonly used. Usually it's a good idea to hide Microsoft and/or Windows entries (Options menu + a refresh) to filter, zoom in, on the other entries.

    Some sections on the Logon tab are very important for the PC and should generally speaking never be touched: Userinit (never touch that one) and Shell. Changes in the run keys and the startup folder, on the other hand, can affect installed software (or the OS in a minor way). In your case you have some extra entries in the shell key that I think can be disabled/removed (I would just keep the important "Explorer.exe".). You can wait and see if there are other opinions.

    Malwarebytes' Anti-Malware is also known to be good with such malware. But now it seems like you have most, or all, removed.

    BTW: not all "File not found" entries in Autoruns are bad or leftovers from some software uninstalls. In the case of some driver entries, they are there in the registry in case they are needed by the OS and the software.

  10. #10
    New Lounger
    Join Date
    Dec 2009
    Location
    Sagada, Mountain Province, Philippines
    Posts
    4
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thank you. I have deleted the entry. It was a bit strange, when I would open Autoruns, Avira whould show a virus until I either unchecked or removed the entry. Anyway, I've learned some new stuff and I appreciate your assistance. Have a Merry Christmas, everyone.
    Kent

    Quote Originally Posted by Argus View Post
    Hello,
    I'm not Joe, but have some comments.
    Autoruns is a good tool, in cases like this; I was going to suggest it earlier, but I thought that Leif's first suggestion was a good start, something to check (since the System Configuration Utility, msconfig, is there on all PCs, if only meant as a simple troubleshooting tool. However, it only shows some run entries in the registry and the files).

    You have found a "cwjv.wmo" entry in the Shell key; it should be removed/disabled. The bad entry probably looked something like this: rundll32.exe cwjv.wmo htvss.

    The rundll32.exe entry is also a bit odd in the Winlogon shell key, I think. It is a valid system file. It's used to execute a DLL, so nothing wrong with that, but it may have been used by malware.

    NOTE: Please note that "Explorer.exe (Windows Explorer) C:\windows\explorer.exe" should be there, and must be there. I think you know this, just be careful if you remove or disable something from the shell key.

    If you uncheck a registry entry in Autoruns, the entry is moved to a sub key in the registry, and thus it will not be executed at logon. Autoruns can restore it, if you check the box again. To remove the entry from the registry, check the box, right-click and select Delete.

    As usual, when working with the registry, it is good to have a back up of the registry key, before doing changes. One should not change things there, unless one knows what the result will be.

    The logon tab in Autoruns is the most commonly used. Usually it's a good idea to hide Microsoft and/or Windows entries (Options menu + a refresh) to filter, zoom in, on the other entries.

    Some sections on the Logon tab are very important for the PC and should generally speaking never be touched: Userinit (never touch that one) and Shell. Changes in the run keys and the startup folder, on the other hand, can affect installed software (or the OS in a minor way). In your case you have some extra entries in the shell key that I think can be disabled/removed (I would just keep the important "Explorer.exe".). You can wait and see if there are other opinions.

    Malwarebytes' Anti-Malware is also known to be good with such malware. But now it seems like you have most, or all, removed.

    BTW: not all "File not found" entries in Autoruns are bad or leftovers from some software uninstalls. In the case of some driver entries, they are there in the registry in case they are needed by the OS and the software.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •