Thursday, September 18, 2014

W32/Wecorl.a Virus Produces Dcom Server Process Launcher Terminated Unexpectedly Error

April 21, 2010 by · 11 Comments 

Another computer virus is on the look out right now in the name of W32/Wecorl.a virus which produces Dcom Server Process Launcher Terminated Unexpectedly Error. According to famous antivirus company McAfee, W32/Wecorl is a computer worm which multiplies itself by exploiting a Vulnerability in Server Service (ms08-067). In addition, this computer virus is also designed to silently download and execute malicious content from a remote server.

Let this be a warning in installing unknown executable files in your computer since upon running this file on the victim’s computer, this computer virus copies itself to the location %Temp%Install.2008.dat, deletes this file in your system %WINDIR%system32dllcachesvchost.exe, and modifies your svchost.exe.

After the initial actions of this computer virus as stated above, it then creates the following files in your computer:

  • HKEY_LOCAL_MACHINESOFTWAREGoogle
    00:00:00:00:00:00 = [Hexadecimal Data]
  • HKEY_LOCAL_MACHINESOFTWARELicenses
    00:00:00:00:00:00 =  [Hexadecimal Data]

W32/Wecorl.a virus then creates a mutex “Ceproxy-_____-” to signify its presence in your computer and then automatically connects to several domains to download additional malwares to put your system down.

Currently, we’re still looking on how to resolve this W32/Wecorl.a computer virus. Others find a solution by installing antivirus softwares. Meanwhile, if you’ve experienced a Dcom Server Process Launcher Terminated Unexpectedly Error caused by this Wecorl.a virus, some forums we’ve visited advise to try reinstalling your new operating system if installing an antivirus software does not work.

Incoming search terms:

Follow us on Twitter to get free up-to-date news via tweets from the World Correspondents, or you can subscribe to us by entering your e-mail below. You can confirm your free subscription by clicking the confirmation link that will be sent to your e-mail address. Once you've confirmed, then you're good to go.

Enter your email address:

Comments

11 Responses to “W32/Wecorl.a Virus Produces Dcom Server Process Launcher Terminated Unexpectedly Error”
  1. Gunter says:

    This is a false positive. See McAfee Support 5958 DAT.

    Gunter

  2. Christen says:

    It is a false positive from Mcafee with Dat 5958

  3. fix says:

    You have a problem with w32/wecorl.a? Let`s go here http://w32wecorl.blogspot.com/ and your problems can be solved!!!

  4. Chris Marley says:

    We are experiencing a campus wide problem with PCs booting up and users logging in, and no Taskbar, theme services are not starting, along with not network connection. We Are running McAfee 8.7i Enterprise Edition and it is slowly affecting more PCs throughout our College District. Does anyone have any ideas how to disinfect this virus?

  5. Harrod says:

    This has been confirmed by McAfee (source at bottom of comment) as a false positive with the 5958 SDAT, causing the svchost.exe to be ‘cleaned’, breaking the PC in the process.

    McAfee have released an extra.dat to prevent this from occuring, but anyone with an ePO is advised to roll back to a previous version.

    As yet I don’t know if grafting in a working svchost.exe from an unaffected machine will fix the issue.

    http://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=265240

  6. IT staff says:

    This is bullsh$t. Mcafee’s own forum reports that it is a false positive and that it is Mcafee’s AV software itself (in the form of a bad .DAT file, version 5958) causing the issues.

    REPEAT: NOT a virus, but the software you pay to keep them away.

    I.T.

  7. Justin says:

    Hello,

    It’s not actually a virus but a false positive caused by an update to today’s (4/21/2010) McAfee virus definitions. It flags and quarantines svchost.exe. There are already some workarounds posted, see this forum discussion and others.

    http://community.mcafee.com/thread/24056

  8. foop says:

    This is being reported elsewhere as a problem with McAfee virus definition files. McAfee have a note to this effect in their threat database if you search for the Wecorl.a virus.

  9. Evil Jared says:

    Guys this is a false positive, only happens when you are using a McAfee Virusscan. McAfee already admitted this and there is a workaround.

    for further details see:
    https://kc.mcafee.com/corporate/index?page=content&id=KB68780

Trackbacks

Check out what others are saying about this post...
  1. [...] W32/Wecorl.a Virus Produces Dcom Server Process Launcher … [...]



Speak Your Mind

Tell us what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!
Or sign in with your FB account!

Connect with Facebook

Random Tags: Unemployment Extension, Wikileaks, Kate Middleton, Walmart Black Friday Ads 2014, The Red Market, South Park, Space Travel