A few days ago, my brother installed a bunch of programs on my laptop and downloaded some stuff. After that, my computer was running slowly during startup and programs would take minutes to initialize. I ran Malwarebyte's and found Adware.MyWebSearch, which I deleted. I also ran Spybot:S&D, which found nothing. I restarted the computer and it seemed to be working at normal speed again.
At the same time that my computer started running slowly, I also began getting a popup from my system tray saying something like "Some programs have been blocked at startup" and said to click to view them. Clicking did nothing so I right clicked the "Blocked startup programs" icon in my system tray and went to "Run blocked program". The only program listed there is "UpdateUtil Application".
When I go to "Show or remove blocked startup programs", I see that there's a program called "UpdateUtil Application" under the heading "Microsoft". It lists Microsoft as the publisher; however, it is not signed. There are no other programs under the "Microsoft" heading. All of the other Microsoft programs are under the "Microsoft Corporation" heading and are signed by "Microsoft Windows Verification PCA". It also says that it's "Permitted" even though it's claiming to be blocked.
Here's some additional information that is listed:
File name: netfxupdate.exe
Startup value: C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
File path: C:\Windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
File size: 106496
Date installed: 8/10/2004 4:20:00 PM
Startup type: Registry - Local machine
The date installed is very suspicious since I've only had this laptop since 2008. I don't think Vista even existed in 2004. The time, "4:20:00 PM", seems a bit too comical to be normal.
I have never seen this popup before and it's only started appearing since my brother messed with it. It seems suspicious so I tried googling it. It seems like a lot of other people have had this problem but no one has provided a solution. Some people have said it's safe, others have said it's malware that tries to trick you into running it. The ones who claimed netfxupdate.exe was a normal process also said that the file size was around 70000. The version on my laptop is well over 100000.
I don't think it's related to Adware.MyWebSearch since I deleted the adware and the popup still appears. I have only run MBAM and Spybot so far and neither program can find any problems.
Should I run it, ignore it, or try to delete it? I plan on running SUPERAntiSpyware later tonight.
Edited by VonLauder, 29 April 2010 - 08:32 PM.
Moved from Vista ~BP