Results 1 to 4 of 4

Thread: MSUPD.EXE (All)

  1. #1
    Star Lounger
    Join Date
    Mar 2002
    Location
    Sherbrooke, Qc, Canada, Quebec, Canada
    Posts
    58
    Thanks
    0
    Thanked 0 Times in 0 Posts

    MSUPD.EXE (All)

    Hello,

    I rencently encountered the spybot W32.SPYBOT.WORM spybot. I followed the cleaning instructions from symantecs web site but norton keeps popping up with the same spybot on the MSUPD.EXE file wich is a hidden/system file located in windowssystem32 directory.

    I was wondering if MSUPD.EXE is really a windows file or if I could just delete it.

    Temporarily I put that particular file in the EXCLUDE list but I would still like to know about it before doing something drastic with it.

    Oh and btw, I scanned the computer with McAfee's online scanner and it didn't find the spybot even if it's listed as a known "virus" to them.

    Thanks in advance for any information about that

  2. #2
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,336
    Thanks
    5
    Thanked 1,014 Times in 889 Posts

    Re: MSUPD.EXE (All)

    See this page at TrendMicro: BKDR_DARKIRC.QZ - Description and solution. You may want to try their online scanner also. Have you looked at the file properties? There was another page when I Googled for msupd.exe that was: Special Services Archive Page.

    Joe
    Joe

  3. #3
    Uranium Lounger viking33's Avatar
    Join Date
    Jun 2002
    Location
    Cape Cod, Massachusetts, USA
    Posts
    6,308
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: MSUPD.EXE (All)

    Nicolas,
    If you followed the instructions from Symantec ( and also used the most recent definitions ) it SHOULD have removed this virus.

    I did a search for that msupd.exe file on my system and did NOT find it at all, even if it sounds like an update file.

    If you feel comfortable in editing the registry, you can look for any instance of that filename and delete it.

    On the Windows taskbar, click Start > Run.
    Type the following:

    regedit

    Click OK.

    In the Registry Editor, navigate to the following key:

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionRun


    In the right pane, <font color=yellow>delete any values that refer to the file name that was detected as infected with W32.Spybot.Worm</font color=yellow> .


    Navigate to the following keys and, in the right pane, delete any values that reference the file name

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersionRunOnce
    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentV ersion
    RunServices
    HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVe rsionRun
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVe rsion
    RunServices
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVe rsionRunOnce
    HKEY_CURRENT_USERSoftwareMicrosoftOLE


    Exit the Registry Editor
    ReBoot
    BOB
    http://lounge.windowssecrets.com/S/flags/USA.gif http://lounge.windowssecrets.com/S/f...sachusetts.gif


    Long ago, there was a time when men cursed and beat on the ground with sticks. It was called witchcraft.
    Today it is called golf!

  4. #4
    Star Lounger
    Join Date
    Mar 2002
    Location
    Sherbrooke, Qc, Canada, Quebec, Canada
    Posts
    58
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: MSUPD.EXE (All)

    Thanks guys, I'll look at the links and I deleted everything having to do with the worm itself from the registry but it still pops up from norton... Weird...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •