wgsdgsdgdsgsd.exe removal & Repair Safe Mode Operation

I got hit by the virus wgsdgsdgdsgsd.exe three times in the last 3 weeks. It came from XXX sites, but since I am unafraid of viruses, I keep going back for more challenges. So I finally learned the easy way to get rid of this virus. If I had no Norton backups I would never have been able to figure it out.

First off, my firewall caught the file, asked permission, and I prevented it from running. But the file was still present in Windows\system32 on my disk. I tried to delete it...I couldnt. I tried to end a possible linked process with WINDOWS TASK MANAGER (Ctrl-alt- del), but Task Manager wouldnt run. Humm...I also knew from past experience with this virus, that SAFE MODE would NOT run (Blue Screen of Death)- even after the virus was deleted.

RogueKiller[/url"][/url] available here on MajorGeeks came to mind...Always have that file on your hard disk! IT FOUND THE VIRUS chain and deleted the process.

BUT, the file wgsdgsdgdsgsd.exe was still in Windows\system32. BUT this time I could easily delete it! And double check check that it's not in your RecycleBin.
Now, the trickiest part...SAFE MODE will still not work...even though the virus chain is gone. Previously I had to reformat and load my hours old backup, and once I swear even a long reformat didnt work - I couldnt get into SAFE MODE...just that blue screen after rebooting. I had to write zero's to the drive and reinstall my backup - which worked. Except I got that virus again twice more.

Here is how to restore SAFE MODE operation again:
Run regedit and scroll to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot
When you try booting into safe mode on the machine that has this key deleted, you will receive the BSOD.

Go to THIS[/url] page and see how easy it is to repair the registry with a simple registry download fix...Make a backup of your registry key after your computer is repaired, so you will always have it available.

ALSO, perhaps as a result of the virus, remnants was found in the JAVA cache with AVIRA
To manually delete them go to:
C:\documents and settings/user/local settings/Application Data/Sun/java/deployment/cache/6.0/
either delete ALL the cache files - or scan that location with AVIRA from within Windows Explorer
Voila...and that's it!!

Here's a summary:
SUMMARY:
1. Dont allow wgsdgsdgdsgsd.exe with ZoneAlarm or your firewall
2. Run RogueKiller
3. Run ccleaner
4. Navigate to c:\Windows\system32 -- SHIFT-DELETE wgsdgsdgdsgsd.exe
5. Run AVIRA through IE on
C:\documents and settings/user/local settings/Application Data/Sun/java/deployment/cache/6.0/
6. Run SAFE BOOT...XP PRO from HERE[/url]

 

The links in my post above didnt translate properly, so here they are again:

RogueKiller is available here at MajorGeeks.
The SAFE MODE repair information is available here

I am not attaching any logs since I have successfully removed this virus. My post was to help another user in trouble.