The jwgkvsq.vmx is a worm-type virus, which spreads via USB/portable drives and through the network. It also makes autorun.inf file on your USB device as well as a hidden system folder called RECYCLER which contains the jwgkvsq.vmx file. I’m not sure if this is an old virus, but it seems it’s been spreading a lot lately. And most anti-virus doesn’t detect this, but for those who does, it can’t remove it.
It is also known as:
- W32/Confi
- W32/Conficker.worm!inf
- Win32/Conficker.B – CA
It exploits Microsoft Windows vulnerability:
Microsoft Security Bulletin MS08-067 – Critical
Vulnerability in Server Service Could Allow Remote Code Execution (958644)
Published: October 23, 2008
Symptoms:
- ‘Show hidden files and folders’ doesn’t work. You can check this by going to a folder, then click Tools, then Folder Options, then View tab. Select the ‘Show hidden files and folders’ then click Apply, then Ok. Open Folder Options again, if it reverted back to ‘Do not show hidden files and folders’ then you have this virus.
- Evey time you plug in a USB device on your computer, it creates an autorun.inf file, and a RECYCLER folder with the jwgkvsq.vmx virus file.
- You can’t access anti-virus websites an other popular websites like microsoft.com or yahoo.com
- Windows won’t boot into Safe Mode. This happens on extreme cases. When you try to boot into Safe Mode, your computer restarts/shuts down
Side-effects
- Since this is a worm, system slowdown may (or may not) happen.
- Quickly spreads through networked computers and USB devices. Which includes flash drives, portable external hard drives, mobile phones, mp3 players, and anything that can be plugged into a USB port.
- Won’t let you access some websites.
Now let’s go back to the topic. Remember that this guide will only help you remove the jwgkvsq.vmx virus.
Click through the link to continue…
Here is a quick step to remove this virus from your computer, and from your USB devices.
Preparation:
- Download FixDownadup.exe from Symantec.com
- Download anti-Downadup-EN.zip from BitDefender.com (just in case the first one doesn’t work).
- Download Process Explorer and AutoRuns from Sysinternals (we may or may not use this).
- Download MoSo Force Delete (just in case we need to delete something that can’t be deleted).
Now let’s start…
Removing the jwgkvsq.vmx virus from your computer
- Disconnect your computer from the network, if it is connected. Removing the network cable from your PC should do the trick.
- Just run the FixDownadup.exe we downloaded from Symantec. It should clean the virus of the PC. This works if the infection is in a low-level state. Meaning you have anti-virus software already running and the infection is isolated.
- After scanning you should see a report popup, and an option to go to Microsoft website to patch your computer with a critical security update.
- Restart your computer. When you’re back on the desktop, check your programs/softwares if it is still running.
- Turn of System Restore to delete all entries, which sometimes contains remnants of the virus. To do this:
- Right-click My Computer, select Properties.
- Click System Restore tab.
- Check ‘Turn off System Restore on all drives’. Click Apply, then Ok.
- Restart your computer.
- Then, uncheck ‘Turn off System Restore on all drives’ to enable it again.
Removing the jwgkvsq.vmx virus from your USB device
- First. Start your computer on Safe Mode
- Shut down your computer
- Turn it back on, before the Windows loading screen comes up, press F8. Or just press it repeatedly after starting your computer
- Select Safe Mode on the menu by pressing the arrow keys and hitting Enter.
- Plug your USB device. Notice that the autorun.inf won’t run in safe mode.
- Enable the ‘Show hidden files and folders’. Instructions are listed on the Symptoms section above.
- Delete autorun.inf file. It is usually located on the root of the USB drive.
- Delete the hidden/system folder RECYCLER.
- If you can’t delete it, you have to disable it’s function (for external/portable hard drives). Right-click on the Recycle Bin icon on your desktop, then select Properties. Select ‘Configure drives independently’. Then tab to the external drive, and check ‘Do not move files to the Recycle Bin.’ Hit Apply, then Ok’
- If it is a flash drive or other USB device, use MoSo Force Delete, we’ve downloaded earlier on this guide.
Just in case the virus registered itself on the registry. Open the Run dialog box from the start menu, then type regedit. Then search for the file name jwgkvsq.vmx. If you found an entry, just press DEL to delete it.
If your computer is in a network, better check all the other computers connected to it. Also download and install the automatic update (Microsoft vulnerability) which I’ve posted at the beginning of this post.
In extreme cases, your computer won’t initiate Safe Mode and after using the removal tool above, your system may report a missing .dll file or something.
Credits (and for reference refer) to these two sites:
http://tuxvoid.blogspot.com/
http://arpeex.blogspot.com/
For any additional support or inquiry regarding this problem, just leave a comment here, and I’ll reply as soon as I can.
Tags: jwgkvsq.vmx, network virus, USB virus, virus, W32/Confi, worm
avast antivirus can remove that worm, just simply schedule a boot scan on doc. & setting-defaultuser-local setting-temporary internet files and on windows folder-system32.
Thanks for the tip Bong
why does the mosoforce delete won’t work on my pc anymore? it only work on the first time i downloded it, then it can’t be used again..if i try to use it says “unknown eror, u can reinstall moso anti-maleware to resolve this problem”
@Ben
You can re-download it again on the official site. It might be that is has been corrupted by a virus.
Rat32 doesn’t work well and it keeps minimizing all the time, btw this worm can’t be deleted if it infected on hard drive. Does anyone know how? As what I’ve heard before, you can delete this through Linux by mount something… anybody know about this and can guide us in details?
@undead.
yes, you can mount your hard drive to a linux running machine then manually delete the file.
also try the guide I posted regarding the conficker virus.
http://download.cnet.com/USB-Disk-Security/3000-2239_4-10708708.html?tag=mncol
and you are done!
you also can use a regedit
how to use regedit to fix this ?
please explain to me.
for me when i wanna delete the jwgkvsq.vmx wif moso, it came out “unknown eror, u can reinstall moso anti-maleware to resolve this problem” too… i tried to download the latest version from the official website but it was still the same. anyone help please ?
if you are trouble with jwgkvsq.vmx then
download Recycler Removal:
download link:http://www.speedyshare.com/798457330.html
how can i restore my file that has been infected by worm virus??
please help me coz that file is very important, thanks!! ^_^
Hello,
I can’t download the tools from symantec, bitdefender… because I don’t have access to these sites because of the virus.
What can I do?
Thank you!
If you want an easy way to get rid of the virus off the USB drive itself, just download a file explorer like snowbird off the internet and use it. Once again though make sure you enable the “show hidden files option” from within the program but this will override the viruses control over that option in Windows. I have also found that McAfee was the best to get it off the computer itself. Hope this helps anyone.
Go to Start>Run and type in – NET STOP DNSCACHE
Now you can access the websites.
Just want to share this tool I made that can delete and remove this too
http://www.fedmich.com/tools/usb-cleaner
Got the worm on Oct 22nd 2009. Able to delete it with Spyware Doctor, BUT, then I searched the registry after reading this artice (thank GOD), and there were 3 placed it had nested itself!!!!!
So my point is: erasing it with a anti-spyware does NOT do the job entirely; the worm is still left in the registry!
Now I am worried about any anti-spyware/anti-virus software….. Is this valid???
I encountered the same worm. Tried to scan it with Kaspersky Internet Security 2009. It said I have to restart the system and it will remove. However, all the time I restarted the same worm existed.
Then, I tried to scan it in Safe Mode. I found out that this jwgkvsq.vmx worm, which is located in my removable hard drive in H:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx, is actually a KIDO Network Worm (Detected: Net-Worm.Win32.Kido.ih), which is not removable via usual means of KIS 2009. There is a special tool on http://www.kaspersky.com called KK (you may search for KIDO in their home page search bar). You just download KK.zip, unzip it, run it (you may want to scan for specific drive like me H:, then you need to run this KK in command prompt like “kk -p H:” where “H:” is your drive). It will automatically remove the Network Worm.
I think, this will definitely help you to remove this worm.
Thank you very much!
I am a chinese. I have removed the worm successfully.
We have developed a removal tool for the virus (Recycler\…jwgkvsq.vmx).
Please use following link to download the tool.
http://it.web44.net/VirusDetails/jwgkvsq.vmx.Recover.report.php
Please give your comments on our web site.
Thank you.
Imago Labs®(Sri Lanka)
I’m getting a virus I believe is similar. It’s called dcjaw.exe Does anyone know anything about it? It seems to be infecting my USB devices and creating shortcut folders for “Documents” “Music” “New folder” “Password (which looks like a file, not a folder)” “Pictures” and “Video”. It also makes autorun.inf apear. Can anyone help me get rid of this?
Sorry to post twice, I entered the wrong email.
My email, if you can help, is alectronancy@gmail.com
@Ian
Try scanning your computer with Malwarebytes Anti-Malware and/or Spybot – Search & Destroy.
It is a worm-type virus if it is creating duplicate files that looks like your folders, and your “real” folders are set to hidden.
Well , Nice tutorial and everything…I respect all the opinions and pains people are taking to clean viruses,,,But why not just use something robust like Linux instead of sticking with Windows and dealing with viruses ? You dont normally get viruses on Linux , Google It!