wdmi.dll- AMON detected

Discussion in 'NOD32 version 2 Forum' started by kris777, Jun 29, 2005.

Thread Status:
Not open for further replies.
  1. kris777

    kris777 Registered Member

    Joined:
    Jun 21, 2005
    Posts:
    18
    Hi people...got a real headbanger. Everytime I start any of the aplications AMON notifies me "threat detected"..."C:\windows\system32\wdmi.dll is infected and the threat is win32/agent.ac trojan. I can not find file Wdmi.dll anywhere in that specified directory. When scanning, no infiltrations found. Tried reinstall, didn't work. Search for file...not found. Options when AMON detects are delete, rename and copy to quarantine, but when selected...a message appears..."cannot delete file, the file is locked". The same message appears for any of the options selected. Safe mode-did not work...i cannot find the bloody thing...yet it constatly appears as infected...

    Tried googling for the file...came up empty...

    anyoneo_O?!??
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Hi kris777, welcome to Wilders.

    Do you have Windows showing all files including system files?

    Cheers :D
     

    Attached Files:

  3. kris777

    kris777 Registered Member

    Joined:
    Jun 21, 2005
    Posts:
    18
    Hi Blackspear,

    Got number 4, but not 5 and 6. Let's say that i do it...what can i do with it?

    thanks
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    You will probably be able to find that file.

    Also, when you ran a scan with Nod32 in Safe Mode, was your system tweaked as per screenshots in this thread?

    Cheers :D
     
  5. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
  6. kris777

    kris777 Registered Member

    Joined:
    Jun 21, 2005
    Posts:
    18
    actually...it's a client...a presume he followed installation instructions. Will he be able to clean the file in safe mode...i presume deletion is out of the question :)
    do you know which service uses wdmi.dll? i could not find reference on google
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Being it is a clients machine, I certainly wouldn't presume that it is tweaked to the max, quite the opposite, I would presume not (just experience tells me this ;) :D ).

    Can you please follow the instructions posted by Marcos, and we would appreciate it if you would also keep us in the loop as to you/your clients progress, as we all learn this way...

    Cheers :D
     
  8. kris777

    kris777 Registered Member

    Joined:
    Jun 21, 2005
    Posts:
    18
    I'll make an effort as advized guys. Thanks. Doing support in croatia for NOD32...still learning obviously :)
    will report on progress...
    thanks again
     
Thread Status:
Not open for further replies.