Wierd Startup File

Discussion in 'Security and Anti-Virus Software' started by xTank Jones16x, Mar 1, 2010.

Thread Status:
Not open for further replies.
  1. xTank Jones16x

    xTank Jones16x PC Elitist

    Reputations:
    848
    Messages:
    1,276
    Likes Received:
    2
    Trophy Points:
    56
    Edit: I assume I got rid of the problem.

    I ran Dr. Web Cure It and ran a scan. The scan did not show up anything, so I did a custom scan and went to the file path as specified below. The "winupdate.exe.exe" showed up, and I selected it and scanned it. It was said to have a Trojan, so I deleted it.

    After doing so, I booted back into normal Windows, and tried to run the .exe as I did before, and Windows said it could not find the file. So hopefully I fixed it....



    Ok, was browsing in my System Configuration, and under Startup I found a very strange file.

    Startup Item:
    eCUuUgasbyis


    Manufacturer:
    hglWckAbaqgjbAdH


    Command:
    C:\Users\xTank Jones16x\AppData\Roaming\WindowsUpdate\winupdate.exe.exe


    Location:
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run


    Scanned the Roaming folder, but found nothing.

    Tried going to the directory in Roaming "\Roaming\WindowsUpdate" but it said the folder was empty.

    No idea what this could be. Windows 7 by the way.

    I entered the "C:\Users\xTank Jones16x\AppData\Roaming\WindowsUpdate\winupdate.exe.exe" into my file path, and ran it.

    Windows said it was an unidentified program.

    As soon as I ran it, it crashed my computer giving me a BSOD.
     
  2. jeremysdad

    jeremysdad Notebook Evangelist

    Reputations:
    216
    Messages:
    398
    Likes Received:
    0
    Trophy Points:
    30
  3. xTank Jones16x

    xTank Jones16x PC Elitist

    Reputations:
    848
    Messages:
    1,276
    Likes Received:
    2
    Trophy Points:
    56
    I figured as much.

    Running the Malware right now, with a full scan. Waiting for it to be finished.

    Hope this picks it up.

    Well the Malware has seem to have zipped right by the file.

    I was watching the "Currently Scanning", and it go to where the .exe was at, and it scanned the Roaming folder and nothing has popped up in the "Objects Infected".

    Ran SUPERAntiSpyware, found absolutely nothing.

    Ran Malwarebyte's Anti-Malware, found nothing.

    Anyone have suggestions...?
     
  4. OldMX

    OldMX Newbie

    Reputations:
    0
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    5
    Boot windows into safe mode and manually delete it?

    Also grab a copy of microsoft autoruns, see what else us your computer loading on startup.
     
Thread Status:
Not open for further replies.

Share This Page