wupdt.exe is added to the system as a result of the IMISERV virus. It is a backdoor Trojan used to control a target computer from a remote location. This process is a security risk and should be removed from your system. If found on your system make sure that you have downloaded the latest update for your antivirus application.
Damage Level : High
Distribution Level: Medium
There is NO Auto Removal Tool for Wupdt.exe (Adware.IEPlugin/Backdoor)
Manual Removal Instructions
Recommend Removal from Safe Mode:
How to Start in Safe mode:
Restart your Computer, Press F8 Repeatedly, when your Screen turns on, Select Safe mode, press enter.
The Infected Files Can be Seen in these folders and names also Running in Tasks
End the Following Active Process Before Removal
- %Windir%\Winobject.dll
- %Windir%\Winserv.exe
- %Windir%\Wupdt.exe
- %Windir%\Systb.dll
- %Windir%\Kw.dat
- %Windir%\Toserver.pst
- %Windir%\Lu.dat
- %Windir%\Extract.exe
- %Windir%\Button0.ico
- %Windir%\Button1.ico
- %Windir%\Button2.ico
- %Windir%\Logo.ico
- %Windir%\pxckdlauninstall.exe
- %Windir%\dsr.dll
- %Windir%\dinst.exe
Note: if task manager is disabled, Download the following file, Click to Download - Enable Registry.reg
To un-register the .dll Files
Click Start, and then click Run.
Type, or copy and paste, the following text:
regsvr32 /u winobject.dll
then click OK.
If a dialog box confirming this action appears, click OK.
regsvr32 /u systb.dll
then click OK.
If a dialog box confirming this action appears, click OK.
Manual Removal From Registry
Click Start, Run,Type regedit,Click OK.
Note: If the registry editor fails to open the threat may have modified the registry to prevent access to the registry editor. Download and run this UnHookExec.inf, and then continue with the removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the following values if found:
"Win Server Updt" = "%WinDir%\[DROPPED ADWARE FILE]"
"Win Server" = "%WinDir%\winserv.exe"
"wdskctl" = "C:\Windows\wdskctl.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
In the right pane, delete the following values if found:
"C:\WINDOWS\wupdt.exe" = ""
"C:\WINNT\wupdt.exe" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SearchAssistant
In the right pane, delete the following value if found:
In the right pane, delete the following values if found:
"Win Server Updt" = "%WinDir%\[DROPPED ADWARE FILE]"
"Win Server" = "%WinDir%\winserv.exe"
"wdskctl" = "C:\Windows\wdskctl.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs
In the right pane, delete the following values if found:
"C:\WINDOWS\wupdt.exe" = ""
"C:\WINNT\wupdt.exe" = ""
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar
HKEY_CURRENT_USER\SOFTWARE\Microsoft\SearchAssistant
In the right pane, delete the following value if found:
"DefaultSearchURL" = "[http://]websearch.drsnsrch.com/[REMOVED]/q.cgi?="
In the right pane, delete the following values if found:
"{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB}" = ""
"{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}" = ""
Delete the following registry subkeys if they are present:
HKEY_CLASSES_ROOT\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
HKEY_CLASSES_ROOT\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}
HKEY_CLASSES_ROOT\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}
HKEY_CLASSES_ROOT\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}
HKEY_CLASSES_ROOT\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}
HKEY_CLASSES_ROOT\CLSID\{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
HKEY_CLASSES_ROOT\CLSID\{00F1D395-4744-40F0-A611-980F61AE2C59}
HKEY_CLASSES_ROOT\CLSID\{8B51FC2F-C687-40A3-B54A-BB9EBF8D407F}
HKEY_CLASSES_ROOT\CLSID\{CE27D4DF-714B-4427-95EB-923FE53ADF8E}
HKEY_CLASSES_ROOT\CLSID\{E2D2FE40-5674-4B77-802B-EC86B6C2C41D}
HKEY_CLASSES_ROOT\CLSID\{E311D3A5-4A3B-4E49-9E0A-B40FAE1F0B28}
HKEY_CLASSES_ROOT\Interface\{F9B9C9A3-9D2D-423D-ABA5-80D83A915023}
HKEY_CLASSES_ROOT\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}
HKEY_CLASSES_ROOT\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}
HKEY_CLASSES_ROOT\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}
HKEY_CLASSES_ROOT\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}
HKEY_CLASSES_ROOT\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}
HKEY_CLASSES_ROOT\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}
HKEY_CLASSES_ROOT\Interface\{0667935E-6350-4BF3-9F97-952363D87C1F}
HKEY_CLASSES_ROOT\Interface\{0F72A081-4DCA-4288-970E-2F7DBBF8B54C}
HKEY_CLASSES_ROOT\Interface\{7092C637-9298-4ACD-8E4D-E7C8157ABDCC}
HKEY_CLASSES_ROOT\Interface\{C43CB2BC-DE30-4FDA-B982-9312ED9940F6}
HKEY_CLASSES_ROOT\Interface\{D2378491-228B-4398-A041-8967952E79EF}
HKEY_CLASSES_ROOT\Interface\{F8084C00-5E03-4B9F-8846-EFE24334C44A}
HKEY_CLASSES_ROOT\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}
HKEY_CLASSES_ROOT\Typelib\{58D419E8-1321-4DD2-A6FC-7B41C14DCD79}
HKEY_CLASSES_ROOT\TypeLib\{8F73AC0F-5769-4282-8762-B396A3BFF377}
HKEY_CLASSES_ROOT\Wbho.Band.1
HKEY_CLASSES_ROOT\Wbho.Band
HKEY_CLASSES_ROOT\IMIToolbar.imiTool
HKEY_CLASSES_ROOT\IMIToolbar.imiTool.1
HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser.1
HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser
HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame.1
HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame
HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame.1
HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame
HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow.1
HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow
HKEY_CLASSES_ROOT\DSrch.Band
HKEY_CLASSES_ROOT\DSrch.Band.1
HKEY_CLASSES_ROOT\DSrch.PopupBrowser.1
HKEY_CLASSES_ROOT\DSrch.PopupBrowser
HKEY_CLASSES_ROOT\DSrch.LeftFrame.1
HKEY_CLASSES_ROOT\DSrch.LeftFrame
HKEY_CLASSES_ROOT\DSrch.BottomFrame.1
HKEY_CLASSES_ROOT\DSrch.BottomFrame
HKEY_CLASSES_ROOT\DSrch.PopupWindow.1
HKEY_CLASSES_ROOT\DSrch.PopupWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Browser Helper Objects\{00F1D395-4744-40F0-A611-980F61AE2C59}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Browser Helper Objects\{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Uninstall\Upspiral Desktop Search
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Uninstall\intexp
HKEY_CURRENT_USER\Software\intexp
HKEY_CURRENT_USER\Software\inst
HKEY_CURRENT_USER\Software\dsktb
HKEY_CURRENT_USER\Software\dsrch
HKEY_CURRENT_USER\Software\Classes\Remove
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{666E4D35-E955-11D0-A707-000000521958}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions
\{A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage
\C:/WINDOWS/wupdt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage
\C:/WINNT/wupdt.exe
HKEY_CLASSES_ROOT\clsid\{f3155057-4c2c-4078-8576-50486693fd49}\inprocserver32 c:\windows\systb.dll"{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB}" = ""
"{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}" = ""
Delete the following registry subkeys if they are present:
HKEY_CLASSES_ROOT\CLSID\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
HKEY_CLASSES_ROOT\CLSID\{1C896551-8B92-4907-8C06-15DB2D1F874A}
HKEY_CLASSES_ROOT\CLSID\{D36F70B1-7DF5-4FD4-A765-70CCC8F72CD7}
HKEY_CLASSES_ROOT\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}
HKEY_CLASSES_ROOT\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}
HKEY_CLASSES_ROOT\CLSID\{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
HKEY_CLASSES_ROOT\CLSID\{00F1D395-4744-40F0-A611-980F61AE2C59}
HKEY_CLASSES_ROOT\CLSID\{8B51FC2F-C687-40A3-B54A-BB9EBF8D407F}
HKEY_CLASSES_ROOT\CLSID\{CE27D4DF-714B-4427-95EB-923FE53ADF8E}
HKEY_CLASSES_ROOT\CLSID\{E2D2FE40-5674-4B77-802B-EC86B6C2C41D}
HKEY_CLASSES_ROOT\CLSID\{E311D3A5-4A3B-4E49-9E0A-B40FAE1F0B28}
HKEY_CLASSES_ROOT\Interface\{F9B9C9A3-9D2D-423D-ABA5-80D83A915023}
HKEY_CLASSES_ROOT\Interface\{220959EA-B54C-4201-8DF2-1CFAC8B59FD7}
HKEY_CLASSES_ROOT\Interface\{3E589169-86AD-44FE-B426-F0BF105D5582}
HKEY_CLASSES_ROOT\Interface\{6A288140-3E1C-4CD9-AAC5-E20FDD4F5D64}
HKEY_CLASSES_ROOT\Interface\{7371AD3F-C419-4DC0-8E8A-E21FAFAD53E0}
HKEY_CLASSES_ROOT\Interface\{98B2DDBA-6DA2-4421-AF2B-814E98F53649}
HKEY_CLASSES_ROOT\Interface\{E4458B4A-6149-4450-84F2-864ADB7E8C52}
HKEY_CLASSES_ROOT\Interface\{0667935E-6350-4BF3-9F97-952363D87C1F}
HKEY_CLASSES_ROOT\Interface\{0F72A081-4DCA-4288-970E-2F7DBBF8B54C}
HKEY_CLASSES_ROOT\Interface\{7092C637-9298-4ACD-8E4D-E7C8157ABDCC}
HKEY_CLASSES_ROOT\Interface\{C43CB2BC-DE30-4FDA-B982-9312ED9940F6}
HKEY_CLASSES_ROOT\Interface\{D2378491-228B-4398-A041-8967952E79EF}
HKEY_CLASSES_ROOT\Interface\{F8084C00-5E03-4B9F-8846-EFE24334C44A}
HKEY_CLASSES_ROOT\TypeLib\{57ADD57B-173E-418A-8F70-17E5C9F2BCC9}
HKEY_CLASSES_ROOT\Typelib\{58D419E8-1321-4DD2-A6FC-7B41C14DCD79}
HKEY_CLASSES_ROOT\TypeLib\{8F73AC0F-5769-4282-8762-B396A3BFF377}
HKEY_CLASSES_ROOT\Wbho.Band.1
HKEY_CLASSES_ROOT\Wbho.Band
HKEY_CLASSES_ROOT\IMIToolbar.imiTool
HKEY_CLASSES_ROOT\IMIToolbar.imiTool.1
HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser.1
HKEY_CLASSES_ROOT\IMIToolbar.PopupBrowser
HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame.1
HKEY_CLASSES_ROOT\IMIToolbar.LeftFrame
HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame.1
HKEY_CLASSES_ROOT\IMIToolbar.BottomFrame
HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow.1
HKEY_CLASSES_ROOT\IMIToolbar.PopupWindow
HKEY_CLASSES_ROOT\DSrch.Band
HKEY_CLASSES_ROOT\DSrch.Band.1
HKEY_CLASSES_ROOT\DSrch.PopupBrowser.1
HKEY_CLASSES_ROOT\DSrch.PopupBrowser
HKEY_CLASSES_ROOT\DSrch.LeftFrame.1
HKEY_CLASSES_ROOT\DSrch.LeftFrame
HKEY_CLASSES_ROOT\DSrch.BottomFrame.1
HKEY_CLASSES_ROOT\DSrch.BottomFrame
HKEY_CLASSES_ROOT\DSrch.PopupWindow.1
HKEY_CLASSES_ROOT\DSrch.PopupWindow
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Browser Helper Objects\{01F44A8A-8C97-4325-A378-76E68DC4AB2E}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Browser Helper Objects\{00F1D395-4744-40F0-A611-980F61AE2C59}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer
\Browser Helper Objects\{69135BDE-5FDC-4B61-98AA-82AD2091BCCC}
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Uninstall\Upspiral Desktop Search
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Uninstall\intexp
HKEY_CURRENT_USER\Software\intexp
HKEY_CURRENT_USER\Software\inst
HKEY_CURRENT_USER\Software\dsktb
HKEY_CURRENT_USER\Software\dsrch
HKEY_CURRENT_USER\Software\Classes\Remove
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{666E4D35-E955-11D0-A707-000000521958}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions
\{A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage
\C:/WINDOWS/wupdt.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage
\C:/WINNT/wupdt.exe
Exit the Registry Editor,
Restart your Computer.
Search Registry For Virus File Names listed above to remove completely,
Edit Menu - Find, enter Keyword and remove all value that find in search.
Recommended Removal Tools:Edit Menu - Find, enter Keyword and remove all value that find in search.
Kaspersky Antivirus or Internet Security (Shareware)
Spyware Doctor (Shareware)
AVG Antivirus (Freeware)
Killbox (Freeware)
No comments :
Post a Comment
Comment on this Post!!