winupdate.exe is added to the system as a result of the WORM_FALSU.A virus. It is a backdoor Trojan horse and gives remote access to your computer. This process is a security risk and should be removed from your system. If found on your system make sure that you have downloaded the latest update for your antivirus application.
Spybot.Eas Worm is likely a virus and as such, presents a serious vulnerability which should be fixed immediately! Delaying the removal of winupdate.exe may cause serious harm to your system and will likely cause a number of problems, such as slow performance, loss of data or leaking private information to websites.
Damage Level : High
Distribution Level: Unknown
There is NO Auto Removal Tool for Winupdate.exe (WORM_FALSU.A/Spybot.Eas worm)
Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
- %\system32\winupdate.exe
- %\Documents and Settings\All Users\Documents\winupdate.exe
- %\shared\winupdate.exe
- %\windows\system32\winupdate.exe
- %\winnt\system32\winupdate.exe
- %\winupdate.exe
- IPC%\winupdate.exe
- PRINT%\winupdate.exe
- %Windir%\WinExec.exe
- %\system32\con.exe
Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
Killbox
KillBox is a tool to delete in-use files, if the file is running, KillBox will attempt to end the process (close the running file) and delete it.
Download KillBox
Download KillBox Beta
Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Download and run this UnHookExec.inf, and then continue with the removal.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
In the right pane, delete the value:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
In the right pane, delete the value:
"winupdate.reg" = "winupdate.exe"
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\con.exe
In the left hand pane, delete the key
con.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\con.exe
In the left hand pane, delete the key
con.exe
In the right pane, delete the value:
"WinExec" = "%Windir%\WinExec.exe"
HKEY_CURRENT_USER\Software\Kazaa\LocalContent
In the right pane, restore the values to their original value, if applicable:
"DisableSharing" = "0"
"dir0" = "012345:%Windir%\shared"
"dir1" = "012345:%Windir%\shared"
"dir2" = "012345:%Windir%\shared"
"dir3" = "012345:%Windir%\shared"
"dir4" = "012345:%Windir%\shared"
"dir5" = "012345:C:\"
HKEY_CURRENT_USER\Software\KAZAA\ResultsFilter
In the right pane, restore the values to their original value, if applicable:
"virus_filter" = "0"
"firewall_filter" = "0"
Exit the Registry Editor,
Restart your Computer.
Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.
Recommended Removal Tools:Edit Menu - Find, enter Keyword and remove all value that find in search.
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)
No comments :
Post a Comment
Comment on this Post!!