Wdc.exe ??

[GhostDebt]

I have the executable file WDC.EXE running on my pc.

Looking on google this is coming up as being a keylogger related to

spyware watchdog but I think it may have something to do with ASUS.

 

Any thoughts or suggestions on if this is a keylogger and how to remove it welcome.

 

Many thanks

[havinastella]

Have a look here Ghost

 

World of Warcraft (en) Forums -> Keylogger removal - WDC.exe

 

Jogs

[dx100uk]

download and install

microsoft security essentials

then do a full scan.

 

once done, you dont need anyother anti-virus/spyware etc etc running, uninstall the others you have.

 

dx

[Tezcatlipoca]

I have the executable file WDC.EXE running on my pc.

Looking on google this is coming up as being a keylogger related to

spyware watchdog but I think it may have something to do with ASUS.

 

Any thoughts or suggestions on if this is a keylogger and how to remove it welcome.

 

Many thanks

 

It might be a pain, but I'd give some consideration to changing some or all of your passwords as well...

[GhostDebt]

Thanks for the input.

 

A trial version of trend micro is running on the pc which hasn't picked it up and the lappy is new running windows 7.

Looking at the WoW thread posted above it could be associated with parental controls, so will look into that further and also look into what dx posted above and since not been on anything much on here yet only have a couple of passwords to change. (Just to be on the safe side)

 

Many thanks

[Conniff]

If you have a keylogger, then changing passwords will have no effect. The keylogger does exactly as it's name suggest and 'logs keystrokes', so if it is in fact a keylogger, it will also know exactly what you new password is.

[GhostDebt]

thanks conniff,

 

I am looking into getting rid of it if it is, before changing anything

just waiting for the microsoft security essentials scan to finish and will go from there.

 

Cheers

[Conniff]

In it's normal form it isn't supposed to be a danger, but it opens up a port so other computers can access it if they want.

Type wdc.exe into the search box and if it comes up then right click and click on 'Open File Location'. Delete it from there.

 

Download Ccleaner - Download CCleaner 2.27.1070 - FileHippo.com - (top right, latest version). Run Ccleaner and tick all the boxes except the bottom one (Wipe Free Space) and click on 'Run cleaner'.

When done, go into the Registry cleaner on the left and run that. I have never had cause to backup the registry so just delete.

 

Now go into 'Start' and type 'msconfig' and see if the program is in the startup list, if so then untick the run and click apply. Next click on the 'Services' tab and down the bottom tick 'Hide all Microsoft Services' and see if it is still there.

 

If you can still see it, have a look in the C:\Windows\Wdc\Wdc.exe and delete from there if it is still there.

 

If you don't already have Spybot Search and Destroy - http://www.safer-networking.org/en/ownmirrors1/index.html

(left box, you don't have to donate)

or Adaware - http://www.lavasoft.com/products/ad_aware_free.php

get them both and update and then run. Only download from the links I have shown.

 

Ccleaner and Spybot can both be run from Safe Mode but Adaware cannot. It is best done in safe mode as lots of software cannot be deleted while it is running.

Edited January 2, 2010 by Conniff

[GhostDebt]

Evening conniff,

 

Microsoft security essentials didn't pick it up either.

Normally run ccleaner, atf cleaner, malware bytes and avg but not installed them yet as new.

In normal mode it wont let me end the process wdc.exe.

Have disabled the ATK hotkey in startup which appears to be a common related theme with wdc.exe and will reboot and see if it has any effect then look into downloading and running programmes in safe mode as suggested by yourself to see what comes up.

 

Many thanks

[kiptower]

you could try Ctr Alt Del , then look for wdc.exe as running service , right click and stop it , you should then be able to delete it

 

search for startup.cpl on the net or pm me I can send it to ya ( its a freebie anyway ) , that allows you to stop things that start up when you start PC

 

another good freebie hijackthis free on the net

[Tezcatlipoca]

If you have a keylogger, then changing passwords will have no effect. The keylogger does exactly as it's name suggest and 'logs keystrokes', so if it is in fact a keylogger, it will also know exactly what you new password is.

 

Obviously you should remove the keylogger before any password changes!

 

Spybot (see conniff's link above) should pick it up, but if not let us know and we'll show you how to disable it from ever running.

[GhostDebt]

Quick update.

 

Ran CCleaner and Spybot S&D in safe mode.

Spybot didn't pick it up so just deleted the file in safe mode from the ATK Hotkey directory.

 

Re-booted and does not appear in task manager as a running process so hopefully ok at the moment.

 

Many thanks

[kiptower]

another usefull util ATF-Cleaner.exe it's free on the net,

 

clears all the history and temp files out the machine,

 

use it once a week etc

[cazzajay]

Tip - if you suspect a keylogger, and want to change passwords before removal (I can't see why but in case you did) you can use the Character Map - double click characters in it to form the string then copy to the clipboard and paste where you want it. some password fields won't accept pasting though. just a possibility

[Tezcatlipoca]

Tip - if you suspect a keylogger, and want to change passwords before removal (I can't see why but in case you did) you can use the Character Map - double click characters in it to form the string then copy to the clipboard and paste where you want it. some password fields won't accept pasting though. just a possibility

 

There's an easier trick. Let's say your password is pass.

 

Click the password box to enter your password, but enter only the p.

Click somewhere else, then enter a few more characters, let's say y, 4, j and b.

Click back into the password box and enter the next letter, a.

Back out side, enter a few more characters, such as f, r, i and 2.

Back in the password box, finish your password with ss.

 

Keyloggers essentially are unable to distinguish between which screen element has focus at any one time, so by doing this trick (I use it all the time in internet cafes), the password box sees pass, but any keylogger running gets py4jbafri2ss, which is utterly useless.

 

In general, the most secure passwords are those that appear to be - or are - random character strings, rather than actual words

[pin1onu]

In general, the most secure passwords are those that appear to be - or are - random character strings, rather than actual words

Absolutely. The number of possible passwords increases exponentially with the addition of symbols and punctuations marks in passwords.

 

You can download a number of random password generators if you can't be bothered to think them up yourself. Try typing password generator into a search engine.

[Tezcatlipoca]

You can download a number of random password generators if you can't be bothered to think them up yourself. Try typing password generator into a search engine.

 

An excellent page for testing password strengths, and one I've - with the author's permission - converted to a page on my company's intranet to educate users about strong passwords, is THIS PAGE.

 

There are a lot of password checkers out there, but I especially favour this one as it neatly shows you why your password is particularly strong or weak.