|
|
|
re: Question about 'How do get the taskbar and desktop back if Explorer crashes'
Tuesday, April 13, 2004 at 9:54 am
Windows XP Annoyances Discussion Forum
Posted by krash1201
(3 messages posted)
i am having similar trouble with the winupd.exe file that carries the download.trojan.
this particular file sucks becasue it constantly runs, so you can't delete the file
directly, and norton antivirus can't delete it either. frustrating to begin with
especially because symatech says this has only infected something like 50 machines,
yeah, can we say corporate bs?
i found the file in the registry 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run,
listed as winupd.exe. past that i don't know what to do, but i imagine if i can
go about stopping it from running i may be able to delete it, or alter the registry
so that it won't open on start up.
hopefully by deleting it from the registry that will happen. other then that i don't
know.
Any other ideas??
On Tuesday, January 13, 2004 at 7:29 pm, Nick wrote:
>Hi, the 'random process' you mention closing - winupd.exe - is itself a trojan.
>I'm currently searching for info on it cuz i was infected half an hour ago, that's
>how i arrived at this post. I noticed it when my firewall suddently asked if i wanted
>to let winupd.exe access the net.
>
>As far as i know, in my case, it was delivered by malicious java script called js_exception.t
>[two instances of which are still sitting in my temp internet folder] after a winhelp
>box appeared in my taskbar like a stubborn popup, which caused 'winupd.exe'
>and 'regcpm32.exe' to end up residing in my C:\Windows\System\. folder [they
>appear as hidden files, so be sure to have the 'show all files' option selected
in
>windows explorer view/folder options/view to see them. you'll notice regcpm32.exe
>at the bottom being updated/modified/refreshed every five seconds with it's modified
>date altering to a random day each time] It seems this exe and winupd.exe are installed
>together.
>
>i've managed to determine two regkeys which they create and recreate if the exe
files
>aren't removed, they are MsStartOptimizer & Regcompress in both 'HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run'
>and ''HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Runservices'.
>
>There may be more reg entries associated and/or exe's, and more means of delivery,
>but this is all i know at present. Hopefully it's helpful. I'll now clean my machine
>of the exe's and then the reg entries, in that order, and if anything weird happens
>i'll post it here.
>
>Nick
>
|
All messages in this thread [show all]
 | |  | re: Question about 'How do get the taskbar and desktop back if Explorer crashes' (krash1201: Tue, Apr 13, 2004, 9:54 am) |
| |
| |
Return to the Windows XP Discussion Forum
|
|
|
|
