wdfmgr.exe" good or bad???

Donny Hinson · Post by **Donny Hinson** » 29 Jun 2006 2:50 pm

I've been to many online sites, and some say this is a necessary program, and some say it dangerous spyware added by a worm.

Does anyone know the truth? (See below)

One site says...

Name of the thread: MS_Update Check

Command or file name: wdfmgr.exe

Hazard index: 5. Dangerous threat! Virus, trojan or spyware. You must get rid of it as soon as possible.

Description

Added by the AGOBOT-TB WORM!

While another says...

 Description:
wdfmgr.exe is part of Microsoft Windows media player 10 and above. This process decreases compatibility problems whilst the product is in use. This program is non-essential process to the running of the system, but should not be terminated unless suspected to be causing problems.

Dave Potter · Post by **Dave Potter** » 29 Jun 2006 3:42 pm

http://www.auditmypc.com/process/wdfmgr.asp

I guess I'd say, in response to your rhetorical question, "does it pose a risk", if your anti-malware apps don't flag it, that should be an answer you can live with.

On the "does anyone know" part of the question, we're all going to get the same "google" hits you've got, so, caveat emptor.[This message was edited by Dave Potter on 29 June 2006 at 04:43 PM.]

Wiz Feinberg · Post by **Wiz Feinberg** » 29 Jun 2006 7:16 pm

Donny;
Search for wdfmgr.exe using Windows Search. I have three instances under XP Pro, one of which is: C:\Windows\System32\wdfmgr.exe.
Reading it's properties the exact filesize is 38,912 bytes.
The "Modified" date is "Friday, January 28, 2005, 2:44:28 PM."
The version number is 5.2.3790.1230.
The Description is: "Windows User Mode Driver Manager"
The Copyright is: "© Microsoft Corporation. All rights reserved."

Compare your version to the above details, then run a virus scan on that file, with up-to-date definitions.

It could be the real deal, or the W32/Agobot-TB

------------------
Bob "Wiz" Feinberg
Moderator of the SGF Computers Forum
Visit my Wiztunes Steel Guitar website at: http://www.wiztunes.com/
or my computer troubleshooting website: Wizcrafts Computer Services,
or my Webmaster Services webpage.
Learn about current computer virus and security threats here.
Read Wiz's Blog for security news and update notices

Donny Hinson · Post by **Donny Hinson** » 30 Jun 2006 4:20 pm

Thanks Wiz! My files are the same size, but different dates. Just figured I'd check up on it since it just popped up in 4 different folders.

Compswerkin, so we can close this one up!