Exterminate It! Antimalware

malpedia

Known threats:699,742 Last Update:October 27, 11:19

Testimonials

After scanning my computer many times using big name anti-virus and malware programs I still had several problems. Finally Exterminate It found multiple infections from NetSky. I sent Exterminate It a sample and the next day I received an e-mail instructing me to update and rescan. After following the instructions ZAP the worm/trojan was gone. My computer seems to be completly back to normal now. Good Job Exterminate It!

Melvin

File: wcscd.sys

Location of wcscd.sys and Associated Malware

Check whether wcscd.sys is present in the following locations:

wcscd.sys file locations that are Windows version independent:

  • C:\Windows\System32\drivers\wcscd.sys

If you find wcscd.sys file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The wcscd.sys file is associated with malware only if found in the locations listed above.

Notes:

Different Variations of wcscd.sys File^

File SizeFile Md5Last Seen
30560A77DC4D8E3176773551E8E92447710B9Dec 16, 2010
3056067EFD714D43A8CA03F78F1844EBB290EDec 17, 2010
305602F25062D65ACD828225E7EDC979BCB94Dec 19, 2010
305605D1A964E932AED4EBFDE3C531EC050A4Dec 19, 2010
30560BA3F99FDA1C507861FDE7EEDC8ED4FF4Dec 19, 2010
3056050524E333E0774B245684377C139460DDec 21, 2010
305603DB64091F2C88080673CE38D4F39A5F3Dec 23, 2010
30560B5EB4EFAB2FA5FD0714BF73606CA1906Dec 25, 2010
305603E90B33A79B492E6311C174A7ED795E6Jan 17, 2011
305606B4E84F3591F6C09EFC6DC9E659A3FA9Jan 28, 2011
305608C44D42BA968218D55E7C292903FE559Feb 3, 2011
3056037588D5935E3234137A2B19EFBF1A6DCFeb 8, 2011
30560BA2F19F33F1A621AC4968091C5F6CB29Feb 14, 2011
305604CFFD510315FC11A0105EC86142D03BBMar 5, 2011
3056095B0CA3BB75BBBCBD980FD9B3547CA0FMar 6, 2011
30560208AEEDC9FC0EF6B808553DF92C3C4FDMar 10, 2011
30560C65C7720C52CE189ECB8FE8AB9B91F57Mar 10, 2011
3056048FE3C5E183C963B3846E80D8979AF27Mar 10, 2011
305604FC48899E97B9A6100F75A4F7AEEFA33Mar 15, 2011
30560D64E76ACBAA9643CE989F012CBDF8282Mar 25, 2011
305609877890817587D4FAADE8BE7F7970920Mar 28, 2011
305609789D3B542BDE5D3C0F37ADCFB71C8EEMar 30, 2011
3056034E8BF3D21C7FBD6A283DC00A0FD50B8Apr 1, 2011
305605EC3667A470FF6E6576429BE1F984E75Apr 3, 2011
30560EC1AF87AA900DC5736B2D18B5A57CE3BApr 5, 2011
305602B9B9255B2CC3FF7A43E87EF5EFD65BBApr 6, 2011
30560BB3C93AFD61CF0BD65A815E438446C2EApr 6, 2011
30560F9CFD9AFDBFE80627616624FE2199B9BApr 11, 2011
3056055FE8145E2BBD1AF493AC44FBFE52B27Apr 12, 2011
305607F22775C17B1EDF582465F2A94E942FDApr 12, 2011
305603F0883BE9AA21892523C6A7DB1736CCCApr 18, 2011
305606614FD71B1AE831ED2EDBBB396D051FCApr 18, 2011
305604D82D514163CE14C856DB09D0E431619Apr 20, 2011
30560565963EEFD5F96C1215873CBADF0D6F2Apr 27, 2011
30560A827799AF91E4F19FD7E70531CE9E5E7Apr 28, 2011
305601AB5F2DC88D5881EF4A62F68AF8A9E3DMay 3, 2011
30560EE1E6B3190C8CDAF1BAB62A907343BA5May 3, 2011
305605ED76E811B2F8E03FAF3171301C2A878May 9, 2011
30560C5CCB128E29F4A84E2B147C931A97D61May 11, 2011
30560D3EA842744F994979127AFF0A5890313May 11, 2011
3056075E2D5279F0B11FCC06EA02584C8DB3DMay 14, 2011
30560140FB48CB6969038A55C7A27ECEF238DMay 18, 2011
3056090965F57D6CF5F9383CF2BE04C3B27D8May 18, 2011
305601C4DD65568C4CD6D711ACAF4DCC88477May 19, 2011
30560C7FDD2932ECF191C4F0AC43263619773May 28, 2011
3056039AEFCC2666417FF4DCC237648BDCF39May 28, 2011
30560468F1DD294A5C24FC93300B31E23A5E4May 31, 2011
30560D2E008F4B088B6CEF54E32C302725CEBJun 2, 2011
3056058E8898F885D1F7523AD56F91634F400Jun 3, 2011
30560E6312A982899AD33062729193A8839CFJun 11, 2011
305603DA08ADDA88DF443594BE9172A99FB49Jun 21, 2011
30560CF115BAF5548124F4DECD9FF5720C7CCJun 21, 2011
305608364FC1DC7400FD138F0A6AD3F270633Jun 21, 2011
30560FA7D7BEDCCD2E125D0DA08C029D809FEJun 27, 2011
305607846D751358266152795895E18E9EB98Jul 24, 2011
305606D7C093AC3AB07D0D72DA45CCF88CDC0Sep 1, 2011
30560D7BBD109AC634ED6D898E41E22B4A0C1Nov 21, 2011
305603248CB055DE7370216C7F25B9B5BE63EJan 24, 2012
30560C2360D3BCC7744C6939969787EB65F96May 25, 2013

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove wcscd.sys^

  1. To enable deleting the wcscd.sys file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select wcscd.sys and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of wcscd.sys and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of wcscd.sys and Associated Malware.
  6. Notes:

    • The deletion of wcscd.sys will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of wcscd.sys will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a wcscd.sys malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type wcscd.sys. The name of the first found registry value referencing wcscd.sys is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to wcscd.sys, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of wcscd.sys and Associated Malware.