"wgsdgsdgdsgsd.dll" file in user home (%userprofile%) folder, activated in the above shortcut with the conspicuously named flag "H1N1".
No Windows registry instances of "wgsdgsdgdsgsd" or "runctf" were found with RegEdit32.
Full-screen message with legal jargon alleging illegal computer use, threatening with legal action / imprisonment and claiming the ability to disable access to data on hard drives.
Webcam light sensor is activated.
Geolocation data (e.g. IP address, domain name, country) is displayed on screen and the language of the message is set accordingly.
A payment form with a specified amount of money is displayed.
A timer countdown for payment is started.
It's not possible to break out of this full-screen message using Alt+Tab or any other mouse/keyboard shortcut (only the power-button works).
During every normal Windows startup, the "runctf" shortcut launches the DLL file containing the virus/trojan which activates the above described fullscreen message.
Logging onto Windows in Safe Mode deactivates the Startup shortcut.
Removing the shortcut and the DLL file in Safe Mode makes it possible to again log on to Windows normally.
Both the startup shortcut and the DLL file activated by it are included in the below attached Virus.rar file...
This seems to be a rather new virus/trojan. Googling the dll name and the shortcut name gives a limited number of hits, primarily German ones. From what little I've been able to understand from those German forum posts, there seems to be a few hints that this virus/trojan uses a Java code exploit. This may well be the case, because I haven't run or installed anything remotely suspicious on my computer for the last few months at the very least. This leaves as the main suspect all those Internet banners and popups, which sometime indeed can activate Java and other web browser extensions.
OK antiviralguy, No probs.. No AV product is capable of providing you with 100% protection although AVG are always working 24/7. This is the standard forum Announcement post link How To Handle Infection Suspicion? which actually covers this type of issue.
AVG Forums Volunteer ModeratorAVG Forum member since - Nov. 27, 2004My total posts on the Old AVG Free Forum - 27,063 AlanHow-To Articles | FAQ | Free Support
I got infected with this also. Because of your posting I was able to drop into msconfig and disabled the shortcut in the Startup menu. But I could not find the .dll file with all the w's d's g's and s' so I went back into the startup menu and the dll file had changed it's name to "I think" wpt0.dll
I was able to find this dll and delete it
Thank you for your help.
PS For me the symptom was " My desktop icons were all hidden behind the desktop screen and could not be accesses "
Hey guys just thought I'd share the experience I literally JUST had.
This same virus got my sixth form laptop, a week earlier another got my personal laptop so I've had previous experience when deleting it.
So a quick rundown on how I managed to fix it; I ran safe mode with command prompt, typed "explorer" and entered, went onto "Computer" from the start menu, went through my local drive to "Users" and onto my account name, as soon as the files loaded up after clicking my account name the dsgsgsgdgs(blahblah) file was there, I deleted that but when I went onto normal mode something still tried to open that file, so back to safe mode, I went onto "all programs" then to "Startup", this runctf.dll file was there so I deleted that.
BLAM it's fixed. Sorry for throwing it all there I just wanted to get it out of my head :P
When you sent the report to AVG virus team, did you also zip up the infected file in a passworded zip file so that they could add it to AVG. It better if they got it as then they can figure out what they really are dealing with.
* While AVG now can protect your computer against this specific version of the virus, in order to stop annoying repeated infection alerts and the very real possibility of future undetected infections of new versions of the virus, you need to update (or even better: disable) your Java!