Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Appdata/Temp: Winupd.exe and attempted registry changes


  • Please log in to reply
3 replies to this topic

#1 volmercincy

volmercincy

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 05 January 2012 - 10:32 PM

Good day all,

I appreciate any help I can get.

System Specs:
Windows 7 Ultimate 32 bit
4 gb ram
Intel Core 2 Duo @2.4 GHz

A few weeks ago I got infected with the notorious Win 7 Antispyware 2012. I followed the instructions on this website (http://www.bleepingcomputer.com/virus-removal/remove-win-7-antispyware-2012) to remove the issue. After I ran Malwarebytes and Microsoft Security Essentials, around 14 or 15 other viruses were found and removed. I thought ok I should be good now. Started the infected computer the other day and ran Malwarebytes and MSE again just to make sure and they both came up with nothing. Started the computer up today and kept recieving pop ups from spybot that Temp: winupd.exe wanted to make changes to my registry (denied changes) and now I keep getting pop ups from spybot with action of DisablingRegistry tool (new data 0) and other disable actions... I have denied them. Currently I am backing up my important files now. I am somewhat out of options right now, the only other thing I can think of to do would be to reinstall my os (I just did this with my sisters computer and it took a good 10 hours worth of updating and installing to get back to normal operating) and I would like to try and avoid that situation again.

Open to all suggestions! Really appreciate any and all help I can get. Please let me know if you need any other information or if I left anything out!

Thank you so much!

Have a great day.

Derek

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 AM

Posted 05 January 2012 - 10:37 PM

Try this:

http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 volmercincy

volmercincy
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:05 PM

Posted 06 January 2012 - 10:03 PM

Budapest, I appreciate the quick response. I turned on my computer today and the waters seemed calm. I received no warnings about registry changes from winupd.exe or anything else from spybot. An initial boot my scanner (McAfee) did pick up a random file labeled with just numbers as a virus and removed it. After the I finished booting, I ran KDSKiller like you suggested and it came up with nothing.

Everything seems to be running fine now (like I mentioned I am not receiving warnings about registry changes any longer) but is there anyway I can really be sure? I am currenrtly running MS Essentials, then I plan on running MBS again but it just seems odd that I was having all of these issues yesterday and after shutting down and logging back on today that they are gone you know?

Thank you so much again! I really appreciate what you guys are doing and am looking at trying to do the Malware Removal Training Program. I love the power of communitties like you guys just helping people counter/defend themselves against the malintentions of others.

Have a great day!

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:05 AM

Posted 07 January 2012 - 04:33 PM

If you want to be sure follow the instructions here:

http://www.bleepingcomputer.com/forums/topic34773.html

To create a new topic here:

http://www.bleepingcomputer.com/forums/forum22.html

Then one of our trained experts will take a look. Please note that due to a large backlog of topics in that forum it will probably take about 5 days before you get a reply. If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users