Antivirus Caught Virus That Isn't A Virus - I'm Confused!

**koolx** · January 28th, 2010, 01:28 PM

Hi guys! I got XP Pro SP3. Two of my anitvirus programs detected a trojan named, WMdriver.sys. But, I feel this isn't a virus because one day I had removed it and my printer stopped working. I had to re-install my o/s as a result. Should I repair WMdriver.sys or replace it? If so, how? Thanks.

**CCT** · January 28th, 2010, 02:34 PM

WMdrivers.sys is (usually) part of Logitech Wingman - WMdrive.sys is a (suspected) Worm.

WMdriver.aya iant well covered - still checking.

edit: that WMdriver either .sys or .dll is only Googling under some foreign language and Kaspersky is in the url - usually I look there and fight nasties, so it just depends on whee you are and what you downloaded I guess.

**koolx** · January 28th, 2010, 02:44 PM

Originally Posted by CCT

WMdrivers.sys is (usually) part of Logitech Wingman - WMdrive.sys is a (suspected) Worm.

WMdriver.aya iant well covered - still checking.

edit: that WMdriver either .sys or .dll is only Googling under some foreign language and Kaspersky is in the url - usually I look there and fight nasties, so it just depends on whee you are and what you downloaded I guess.

Hi, CCT. To answer your question, I'm in the USA and I don't know exactly what I downloaded to get WMdriver.sys. What do I do now?

.

**Niclo Iste** · January 28th, 2010, 03:10 PM

Originally Posted by koolx

Hi guys! I got XP Pro SP3. Two of my anitvirus programs detected a trojan named, WMdriver.sys. But, I feel this isn't a virus because one day I had removed it and my printer stopped working. I had to re-install my o/s as a result. Should I repair WMdriver.sys or replace it? If so, how? Thanks.

Using more than one antivirus compromises your system. Choose one that works best and remove the other. Of course you can tell me how great your pc works with two and keep both but I'm sure I'll be answering more of your viral and performance issues over time if you choose to keep both.
Now on to answer your WMdriver.sys issue. I would suggest a cleaning of the file. IF YOU CAN'T, Find a clean xp pro SP3 system and copy the file and replace it in your current pc if you want a working replacement. However I can't promise that the system will work as I am not totally sure that is a system specific file.

**CCT** · January 28th, 2010, 03:32 PM

I found this; http://www.greatis.com/appdata/a/w/wmdrive.sys.htm

http://www.winmount.com/

Do you use/have that?

edit: IT is vital that you get the name copied right.

**koolx** · January 28th, 2010, 04:41 PM

Originally Posted by Niclo Iste

Using more than one antivirus compromises your system. Choose one that works best and remove the other. Of course you can tell me how great your pc works with two and keep both but I'm sure I'll be answering more of your viral and performance issues over time if you choose to keep both.
Now on to answer your WMdriver.sys issue. I would suggest a cleaning of the file. IF YOU CAN'T, Find a clean xp pro SP3 system and copy the file and replace it in your current pc if you want a working replacement. However I can't promise that the system will work as I am not totally sure that is a system specific file.

Niclos Iste, I appreciate the reply. I strongly think that this is a system needed file. Otherwise, my printer would have worked when I had deleted it, thinking it was a virus.

**koolx** · January 28th, 2010, 05:04 PM

Originally Posted by CCT

I found this; http://www.greatis.com/appdata/a/w/wmdrive.sys.htm

http://www.winmount.com/

Do you use/have that?

edit: IT is vital that you get the name copied right.

CCT, from the links that you provided, are you suggesting that this particular virus is legitimate?

.

**CCT** · January 28th, 2010, 05:37 PM

1 - since there are variations of that name with different results, you need to verify it EXACTLY

2 - since various AV can detect False Positives, you need to make sure yours is up-to-date AND tell what the heck it is (IT being one AV - also name any anti-malware)

3 - than we'll continue

**Ferrit** · January 28th, 2010, 06:07 PM

Just exactly what antivirus are you using?

Pretty sure you are looking at a virus from the information at the link below.

http://www.prevx.com/filenames/X2314...DRIVE.SYS.html

**koolx** · January 28th, 2010, 11:19 PM

Originally Posted by CCT

1 - since there are variations of that name with different results, you need to verify it EXACTLY

2 - since various AV can detect False Positives, you need to make sure yours is up-to-date AND tell what the heck it is (IT being one AV - also name any anti-malware)

3 - than we'll continue

First, I got avast anitvirus (free edition) and malwarebytes. They both detected the same virus in question. How can I verify this "virus" exactly? What should I do?

**koolx** · January 28th, 2010, 11:29 PM

Originally Posted by Ferrit

Just exactly what antivirus are you using?

Pretty sure you are looking at a virus from the information at the link below.

http://www.prevx.com/filenames/X2314...DRIVE.SYS.html

Hi, ferrit. I got avast and malwarebytes (which is more of a spybot). When Avast detects it, it gives me options like, renaming, deleting, or moving it. If I move this thing, can I later put it back when I discover for sure that it's a needed component? This is a question for all you guys.

Also, I checked the link you provided and read the info on WMdrive.sys.

.

**CCT** · January 29th, 2010, 07:43 AM

koolx, you said "But, I feel this isn't a virus because one day I had removed it and my printer stopped working. I had to re-install my o/s as a result."

So, after a re-install you still have that showing up? Or did it re-appear after you downloaded something?

And Ferrit is talking "WMDRIVE.SYS" BUT you said "WMdriver.sys" and I asked you to clarify the exact name, and you haven't.

If it IS the one Ferrit (and I) noted that is classed as a nasty, then removal is the proper course. BUT, until you provide some definite and accurate info, you may want to be cautious.

**Ferrit** · January 29th, 2010, 11:40 AM

I would also do some type of online scan.
Avast and Malwarebytes even though they have both detected it,are different programs.
Avast is mainly a virus program
Malwarebytes is mainly a spyware program.
The fact that both find it tends to make it lean strongly towards it being a virus.
I would find an online scanner and try that.

http://www.google.ca/#hl=en&source=h...9d2af751073a3a

**koolx** · January 29th, 2010, 02:36 PM

Originally Posted by CCT

koolx, you said "But, I feel this isn't a virus because one day I had removed it and my printer stopped working. I had to re-install my o/s as a result."

So, after a re-install you still have that showing up? Or did it re-appear after you downloaded something?

And Ferrit is talking "WMDRIVE.SYS" BUT you said "WMdriver.sys" and I asked you to clarify the exact name, and you haven't.

If it IS the one Ferrit (and I) noted that is classed as a nasty, then removal is the proper course. BUT, until you provide some definite and accurate info, you may want to be cautious.

CCT, thanks for the reply and your help. To answer the question as to the EXACT name of this "virus", it is WMdrive.sys for sure. I've also quarantined it in Malwarebytes. So far, no problems with my printer, thank god! Lets see if this holds up from now on. Thanks guys!

**CCT** · January 29th, 2010, 02:56 PM

Good!

So, after a couple days, delete your Malwarebytes quarantine file and if you have Syetem Restore enabled, turn it off and reboot. This will ensure that the virus doesn't hide there.

Then re-enable System Restore.