PDA

View Full Version : possible virus? update.exe


K007
07-26-10, 07:59 AM
hey guys seems like i picked something nasty up..

at first i saw it on my taskmanager updater.exe

so i went to msconfig found the entry located to C:\Users\user\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup

next i also so another entry Systemupdate pointing to users/documents/system32/update.exe

now none of these should be there, and the system32 is bogus.

strangely my NIS didn't pick up anything, and everytime i untick it...and apply...it ticks back in...

i deleted the files...

but i am surprised NIS is not picking it up...

i think the system is compromised.

K007
07-26-10, 08:09 AM
hmm seems to have gone away....just to be safe ill run a full scan tonight.


got rid of it all from everywhere.

Albo
07-26-10, 08:59 AM
Have you tried scanning it with Malewarebytes?

six_storm
07-26-10, 11:44 AM
Have you tried scanning it with Malewarebytes?

+1. Run that bad boy and see what the results are.

kristain
12-06-10, 04:42 AM
Step 1: Use Windows File Search Tool to Find update.exe (http://antivirus.iyogi.net/virus-removal/protect-pcs-from-exe-viruses.html)Path

1. Go to Start > Search > All Files or Folders.
2. In the "All or part of the the file name" section, type in "update.exe" file name(s).
3. To get better results, select "Look in: Local Hard Drives" or "Look in: My Computer" and then click "Search" button.
4. When Windows finishes your search, hover over the "In Folder" of "update.exe", highlight the file and copy/paste the path into the address bar. Save the file's path on your clipboard because you'll need the file path to delete update.exe in the following manual removal steps.


Step 2: Use Windows Task Manager to Remove update.exe Processes

1. To open the Windows Task Manager, use the combination of CTRL+ALT+DEL or CTRL+SHIFT+ESC.
2. Click on the "Image Name" button to search for "update.exe" process by name.
3. Select the "update.exe" process and click on the "End Process" button to kill it.

Step 3: Detect and Delete Other update.exe Files

1. To open the Windows Command Prompt, go to Start > Run > cmd and then press the "OK" button.
2. Type in "dir /A name_of_the_folder" (for example, C:\Spyware-folder), which will display the folder's content even the hidden files.
3. To change directory, type in "cd name_of_the_folder".
4. Once you have the file you're looking for type in del "name_of_the_file".
5. To delete a file in folder, type in "del name_of_the_file".
6. To delete the entire folder, type in "rmdir /S name_of_the_folder".
7. Select the "update.exe" process and click on the "End Process" button to kill it.

SofiaBrown
02-24-11, 02:26 AM
Remove update.exe virus. Remember that although many files are always in default file locations, some files can easily be moved to different locations or change names like many spyware, adware, or popup programs do. If you suspect you have spyware or adware, check to see if you see a similiar names stored elsewhere. It always helps to check your tasklist also to see what is currently running on your computer. You can always view the tasklist on your computer by pressing ctrl-alt-del to view your "task manager", and then click the "processes" tab. This will show you all tasks running on your computer. Dll files will NOT show on your computer tasklist, as dll files are actually part of other processes. You may see similiar program names running if spyware or adware is on your computer, for example, ati2evxx.exe may be slightly misspelled to keep you from finding it, or spyware and adware may be named very similiar to a system file. Make sure always check the location of tasks or processes if you are concerned.Remove update.exe virus

xaviers67
04-08-11, 09:11 AM
Hey, If you are feeling like your system have been afffectd by the virus then you can connect it though the network and scan that computer thoroughly network, by sharing that drive on the network. else you can use some process killer software and kill all the porcess except the process required for running the computer.