?
Solved

Windowsup.exe ????

Posted on 2004-09-21
6
Medium Priority
?
430 Views
Last Modified: 2007-12-19
I scanned my PC with Norton Anti-Virus with the latest virus definition and it found the file windowsup.exe, in c:\winnt\system32, infected with w32.spubot.worm. But it failed to repair or to delete it. When I browse the folder, I cannot see the file. What can I do to remove it
0
Comment
Question by:chriska
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
6 Comments
 
LVL 29

Expert Comment

by:blue_zee
ID: 12111991

Try running NAV in Safe Mode.

Zee
0
 
LVL 1

Expert Comment

by:jonathan6587
ID: 12112850
chriska,

try doing an "attrib -h -s -r c:\winnt\system32\windowup.exe"

then,

del c:\winnt\system32\windowup.exe

if you can't delete it then... boot to safe mode and try to delete it there.

If that doesn't work - let us know.

-Jonathan

0
 
LVL 1

Expert Comment

by:jonathan6587
ID: 12112906

whoops.  

From the command prompt.

attrib -h -s -r c:\winnt\system32\windowsup.exe

-h = remove hidden flag
-s = remove system flag
-r = remove readonly flag

del c:\winnt\system32\windowsup.exe <-- you will probably get an access denied message

boot to safe mode

del c:\winnt\system32\windowsup.exe <-- should work, but be aware that even if you delete this file that it may come back.

Sorry for the repost I don't like making errors or throwing just anything on the page without an explanation.

-Jonathan  

0
 
LVL 1

Accepted Solution

by:
sevie earned 120 total points
ID: 12114564
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

What's worse than having your data encrypted by ransomware? Getting attacked by a so-called "wiper," which simply destroys the data and offers you no hope of ever seeing it again.
IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question