W32/Wecorl.a Virus Produces Dcom Server Process Launcher Terminated Unexpectedly Error

Another computer virus is on the look out right now in the name of W32/Wecorl.a virus which produces Dcom Server Process Launcher Terminated Unexpectedly Error. According to famous antivirus company McAfee, W32/Wecorl is a computer worm which multiplies itself by exploiting a Vulnerability in Server Service (ms08-067). In addition, this computer virus is also designed to silently download and execute malicious content from a remote server.

Let this be a warning in installing unknown executable files in your computer since upon running this file on the victim’s computer, this computer virus copies itself to the location %Temp%\Install.2008.dat, deletes this file in your system %WINDIR%\system32\dllcache\svchost.exe, and modifies your svchost.exe.

After the initial actions of this computer virus as stated above, it then creates the following files in your computer:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Google
    00:00:00:00:00:00 = [Hexadecimal Data]
  • HKEY_LOCAL_MACHINE\SOFTWARE\Licenses
    00:00:00:00:00:00 =  [Hexadecimal Data]

W32/Wecorl.a virus then creates a mutex “Ceproxy-_____-” to signify its presence in your computer and then automatically connects to several domains to download additional malwares to put your system down.

Currently, we’re still looking on how to resolve this W32/Wecorl.a computer virus. Others find a solution by installing antivirus softwares. Meanwhile, if you’ve experienced a Dcom Server Process Launcher Terminated Unexpectedly Error caused by this Wecorl.a virus, some forums we’ve visited advise to try reinstalling your new operating system if installing an antivirus software does not work.

11 thoughts on “W32/Wecorl.a Virus Produces Dcom Server Process Launcher Terminated Unexpectedly Error

  1. We are experiencing a campus wide problem with PCs booting up and users logging in, and no Taskbar, theme services are not starting, along with not network connection. We Are running McAfee 8.7i Enterprise Edition and it is slowly affecting more PCs throughout our College District. Does anyone have any ideas how to disinfect this virus?

  2. This has been confirmed by McAfee (source at bottom of comment) as a false positive with the 5958 SDAT, causing the svchost.exe to be ‘cleaned’, breaking the PC in the process.

    McAfee have released an extra.dat to prevent this from occuring, but anyone with an ePO is advised to roll back to a previous version.

    As yet I don’t know if grafting in a working svchost.exe from an unaffected machine will fix the issue.

    http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=265240

  3. This is bullsh$t. Mcafee’s own forum reports that it is a false positive and that it is Mcafee’s AV software itself (in the form of a bad .DAT file, version 5958) causing the issues.

    REPEAT: NOT a virus, but the software you pay to keep them away.

    I.T.

  4. This is being reported elsewhere as a problem with McAfee virus definition files. McAfee have a note to this effect in their threat database if you search for the Wecorl.a virus.

Leave a Reply

Your email address will not be published. Required fields are marked *