Windows Malware found W.F.D.exe

Discussion in 'Lounge' started by Pure Energy, Aug 14, 2020.

  1. Pure Energy

    Pure Energy Producer

    Joined:
    Apr 10, 2020
    Messages:
    380
    Likes Received:
    101
    Looking into problems with Latest Melodyne freezing in Cubase Pro and say massive CPU usage 70 - 90 percent

    it a program called WFD.exe
    WFD.exe bitcoin malware uses your computer to collect stuff for them C:\windows\appsdata reboot dont open anything and remove

    I hope this helps please check your systems noticed this slow down last week
     
    • Interesting Interesting x 3
    • Useful Useful x 1
    • List
  2.  
  3. jhagen

    jhagen Platinum Record

    Joined:
    Apr 9, 2013
    Messages:
    504
    Likes Received:
    183
    If it only was so simple...
     
    • Agree Agree x 1
    • Interesting Interesting x 1
    • List
  4. Daskeladden

    Daskeladden Rock Star

    Joined:
    Jan 7, 2018
    Messages:
    1,010
    Likes Received:
    388
    • Agree Agree x 1
    • Useful Useful x 1
    • List
  5. jhagen

    jhagen Platinum Record

    Joined:
    Apr 9, 2013
    Messages:
    504
    Likes Received:
    183
    Clone, then clone and when you have 2 clones make another clone.
     
    • Funny Funny x 2
    • Useful Useful x 1
    • List
  6. Pure Energy

    Pure Energy Producer

    Joined:
    Apr 10, 2020
    Messages:
    380
    Likes Received:
    101
    it was and it worked for me now im back up to speed again :)
     
    • Like Like x 1
    • Funny Funny x 1
    • Interesting Interesting x 1
    • List
  7. Thuncke

    Thuncke Kapellmeister

    Joined:
    Apr 3, 2020
    Messages:
    32
    Likes Received:
    45
    Location:
    North
    I was under the impression for previous posts over the years that malware NEVER makes it on to sister site. Is that where you got it from? I dont know if they can be bothered to go through it all again, but could any of the mods, olly, pirate etc confirm my thinking?
     
  8. Smoove Grooves

    Smoove Grooves Audiosexual

    Joined:
    Jan 26, 2019
    Messages:
    5,184
    Likes Received:
    1,962
    You mean mods at the sister site?
    The Pirate is not a mod here or at the sister site; pirat is a different person.
    Just saying.
     
    • Like Like x 1
    • Agree Agree x 1
    • List
  9. Thuncke

    Thuncke Kapellmeister

    Joined:
    Apr 3, 2020
    Messages:
    32
    Likes Received:
    45
    Location:
    North
    I was refering to this site. Discussions have taken place here re the sister site no? I was sure I had seen people state that the releases on sister site were almost always clean. Thats all.

    Cool, no problem. I understand they are different people, i now realise they are not a mod, just knowladgeable and helpful. Sorry. Have a nice one.
     
    Last edited: Aug 15, 2020
  10. audiozuser76

    audiozuser76 Producer

    Joined:
    Jun 22, 2013
    Messages:
    344
    Likes Received:
    147
    Watch out! If you clone the spinning cone, you may get a cyclone!
     
    • Funny Funny x 5
    • Like Like x 1
    • List
  11. The Pirate

    The Pirate Audiosexual

    Joined:
    Dec 20, 2018
    Messages:
    5,172
    Likes Received:
    4,398
    Location:
    NOYMFB
    @Pure Energy do you still have the original file you downloaded? If you do, and it came from sister site check your PM. I want a copy of it to run some tests because the ramifications go beyond the wfd.exe. Indeed, it will open a whole can of worms. I really doubt that it came from Team RET but if it did.... If you downloaded it from elsewhere, I am not interested.
     
    • Like Like x 3
    • Useful Useful x 1
    • List
  12. Thuncke

    Thuncke Kapellmeister

    Joined:
    Apr 3, 2020
    Messages:
    32
    Likes Received:
    45
    Location:
    North
    That response basically answers my original question. Thanks The Pirate for all of your knowledge and input on this forum (and I dont mean just regarding the sister site and scene, just in general). Peace
     
  13. TaxiDriver

    TaxiDriver Platinum Record

    Joined:
    Jun 22, 2018
    Messages:
    226
    Likes Received:
    210
    Location:
    Europa
    @The Pirate, did you have a chance to check the one that is currently up on the sister? Does it behave as the OP stated? ATM I can't check it myself.. the only (sort of) helpful thing I can say is that the file is now exactly the same, as it was on 11th, when posted.
    Any info much appreciated :bow:

    P.S. Sorry, but I'm a bit confused - If anything that OP says is true, it should have been removed days ago..
     
  14. The Pirate

    The Pirate Audiosexual

    Joined:
    Dec 20, 2018
    Messages:
    5,172
    Likes Received:
    4,398
    Location:
    NOYMFB
    I have not but will do it shortly. Whether it is true, it is not as important as if it actually came from AZ.
     
  15. The Pirate

    The Pirate Audiosexual

    Joined:
    Dec 20, 2018
    Messages:
    5,172
    Likes Received:
    4,398
    Location:
    NOYMFB
    @TaxiDriver and @Pure Energy There is NOTHING wrong with the latest Melodyne as long as it is the one from AZ. NOTHING. Therefore, @Pure Energy downloaded it from elsewhere or his computer got infected from a totally different program or reason.
     
  16. Smoove Grooves

    Smoove Grooves Audiosexual

    Joined:
    Jan 26, 2019
    Messages:
    5,184
    Likes Received:
    1,962
    I don't think you need to mention the private sexual proclivity of a fellow member, but I concur with the rest of your statement.
     
  17. orbitbooster

    orbitbooster Audiosexual

    Joined:
    Jan 8, 2018
    Messages:
    1,123
    Likes Received:
    626
    Well, I don't know if it's right or wrong, but here my experience:

    standalone asks to modify
    "C:\Users\username\AppData\Roaming\Microsoft\Crypto\RSA"
    and
    "C:\Users\username\AppData\Roaming\Microsoft\Crypto\Keys"
    folders, detected and access blocked by Avast Ransomware shield.

    Same with .VST3 in host and this time Reaper.exe triggers the same above.
    I renamed .VST3 in .ODD :))), Reaper.exe triggers no more.
    Renamed back in .VST3, Reaper again triggers and folder access blocked again.

    Malwarebytes, nothing found.
    USB boot in Kaspersky Rescue, nothing found.

    Having said that, I didn't find W.F.D. and no strange behaviour so far.

    DUH?
     
Loading...
Loading...