Startup Program
Hi,
I am using windows Defender.
On using Tools->Software Explorer, it shows a list of programs that opens on Start Up
There are two categories in the list which are strange to me. I have given the details below as shown by the defender.
First
--------------------------
File Name: 1
Startup Value: 1
File Path: 1
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows
Classification: Not yet classified
SpyNet Voting: Not Available
--------------------------
Second
--------------------------
File Name: vupdman32.exe
Startup Value: C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe
File Path: C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows
Classification: Not yet classified
SpyNet Voting: Not Available
--------------------------
What are they ?
Whether I should disable them or remove them ?
Regards
Kanwaljit
I am using windows Defender.
On using Tools->Software Explorer, it shows a list of programs that opens on Start Up
There are two categories in the list which are strange to me. I have given the details below as shown by the defender.
First
--------------------------
File Name: 1
Startup Value: 1
File Path: 1
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows
Classification: Not yet classified
SpyNet Voting: Not Available
--------------------------
Second
--------------------------
File Name: vupdman32.exe
Startup Value: C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe
File Path: C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows
Classification: Not yet classified
SpyNet Voting: Not Available
--------------------------
What are they ?
Whether I should disable them or remove them ?
Regards
Kanwaljit
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi David,
I recently encountered a problem and found the solution at EEE. Here is the link. Check the accepted and assisted answers.
They pinpointed the exact problems.
https://www.experts-exchange.com/questions/22061717/Strange-Message.html
Can the above entries be a garbage / left over of the that spyware ?
I recently encountered a problem and found the solution at EEE. Here is the link. Check the accepted and assisted answers.
They pinpointed the exact problems.
https://www.experts-exchange.com/questions/22061717/Strange-Message.html
Can the above entries be a garbage / left over of the that spyware ?
vupdman32.exe Is Trojan program disabling/removing it may not work.
that file "1" may be part of it as well.
that file "1" may be part of it as well.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Kanwal,
They could be. (The entries that you inquired about).
I would get in to Safe Mode and then access Startup. Uncheck those entries and then perform an anti-virus scan.
You'll need to make sure that your anti-virus is up to date prior to the scans.
:-)
They could be. (The entries that you inquired about).
I would get in to Safe Mode and then access Startup. Uncheck those entries and then perform an anti-virus scan.
You'll need to make sure that your anti-virus is up to date prior to the scans.
:-)
ASKER
Hi,
Following is the link to the saved analysis file
http://www.hijackthis.de/logfiles/f4267460e3454b3c913e38e86c8f3de6.html
Please tell what to do now ?
Kanwaljit
Following is the link to the saved analysis file
http://www.hijackthis.de/logfiles/f4267460e3454b3c913e38e86c8f3de6.html
Please tell what to do now ?
Kanwaljit
Did you uncheck any startup entries in msconfig?
Only enabled startup entries will show up in hijackthis 04 lines, and that startup nasty you're talking about is not showing in the log.
Hijackthis is not helpful if startup entries a disabled. Also not all malware\viruses show up there.
You can just delete it manually and also the registry entry, or use Ewido.
Please, download AVG anti-spyware.
http://www.ewido.net/en/download/
and save that file to your desktop. This is a 30 day trial of the program
Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
*Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
*Select "Automatically generate report after every scan"
*Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet.
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
IMPORTANT: Do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning proccess:
* Launch ewido-anti-spyware by double-clicking the icon on your desktop.
* Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
* Ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Next select the "Reports" icon at the top.
* Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
* Close ewido.
Only enabled startup entries will show up in hijackthis 04 lines, and that startup nasty you're talking about is not showing in the log.
Hijackthis is not helpful if startup entries a disabled. Also not all malware\viruses show up there.
You can just delete it manually and also the registry entry, or use Ewido.
Please, download AVG anti-spyware.
http://www.ewido.net/en/download/
and save that file to your desktop. This is a 30 day trial of the program
Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
*Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
*Select "Automatically generate report after every scan"
*Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet.
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.
IMPORTANT: Do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning proccess:
* Launch ewido-anti-spyware by double-clicking the icon on your desktop.
* Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
* Ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Next select the "Reports" icon at the top.
* Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
* Close ewido.
ASKER
Hi,
I couldn't locate these two entries in the startup option. I have deleted these two entries through defender. Would that suffice ? Whether the defender also deletes registry settings of these entries also ?
Do I need to install the above antivirus, even if these entries are not showing in the defender list ?
Whether these entries are still on my computer (after deletion) or are they gone forever ?
I opened the AVG link and it talks about some compatibiltiy check. I am using Norton Anti Virus 2002. Does that effect in anyway ?
Regards
Kanwaljit
I couldn't locate these two entries in the startup option. I have deleted these two entries through defender. Would that suffice ? Whether the defender also deletes registry settings of these entries also ?
Do I need to install the above antivirus, even if these entries are not showing in the defender list ?
Whether these entries are still on my computer (after deletion) or are they gone forever ?
I opened the AVG link and it talks about some compatibiltiy check. I am using Norton Anti Virus 2002. Does that effect in anyway ?
Regards
Kanwaljit
>>I couldn't locate these two entries in the startup option. I have deleted these two entries through defender. Would that suffice ? <<
If Defender no longer alerts about the entry then maybe it took care of it, it should've, I don't have Windows Defender so i can't say how good that program is.
>>Whether the defender also deletes registry settings of these entries also ?<<
It was exactly the registry entries(values in the run key) that Defender was talking about, whether the exact file is gone or not --> vupdman32.exe
normally if the registry entry is present but the file is gone you would get an error, so check to make sure "vupdman32.exe" is also gone.
so the registry entry and the file are both gone.
>>Do I need to install the above antivirus, even if these entries are not showing in the defender list ?<<
No, if problem is gone you don't need it.
>>I opened the AVG link and it talks about some compatibiltiy check. I am using Norton Anti Virus 2002. Does that effect in anyway ?<<
I only suggest AVG to help clean up a system because when a system is infected usually the resident antivirus fails to remove the nasties. AVG is not known to have conflict with other programs, I don't mean for you to keep it with your resident antivirus but just another tool to clean the system and uninstall afterwards.
I have tried running both AVG and Avast together with no conflicts but it is NOT recommended to have 2 antivirus with real-time protection on(no point in having 2), you only need one updated antivirus that protects you at all time.
If Defender no longer alerts about the entry then maybe it took care of it, it should've, I don't have Windows Defender so i can't say how good that program is.
>>Whether the defender also deletes registry settings of these entries also ?<<
It was exactly the registry entries(values in the run key) that Defender was talking about, whether the exact file is gone or not --> vupdman32.exe
normally if the registry entry is present but the file is gone you would get an error, so check to make sure "vupdman32.exe" is also gone.
so the registry entry and the file are both gone.
>>Do I need to install the above antivirus, even if these entries are not showing in the defender list ?<<
No, if problem is gone you don't need it.
>>I opened the AVG link and it talks about some compatibiltiy check. I am using Norton Anti Virus 2002. Does that effect in anyway ?<<
I only suggest AVG to help clean up a system because when a system is infected usually the resident antivirus fails to remove the nasties. AVG is not known to have conflict with other programs, I don't mean for you to keep it with your resident antivirus but just another tool to clean the system and uninstall afterwards.
I have tried running both AVG and Avast together with no conflicts but it is NOT recommended to have 2 antivirus with real-time protection on(no point in having 2), you only need one updated antivirus that protects you at all time.
ASKER
Hi,
Thanks Everyone. I deleted the above entries from the list with defender and they no londer appears in the list shown by defender. I feel I don't need to do anything now. Advise me If I need ? I am closing the question now. Thanks to all of you.
Regards
Kanwaljit
Thanks Everyone. I deleted the above entries from the list with defender and they no londer appears in the list shown by defender. I feel I don't need to do anything now. Advise me If I need ? I am closing the question now. Thanks to all of you.
Regards
Kanwaljit
No, you don't have to do anything else.
Incase you like to read helpful advice from Tony Klein's article:
http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html
Thanks!
Incase you like to read helpful advice from Tony Klein's article:
http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html
Thanks!
ASKER
Hi rpggamergirl,
I just saw yours photo. Are you from India ?
Kanwaljit
I just saw yours photo. Are you from India ?
Kanwaljit
Hi kanwal_no1,
No, I'm from Australia, (a Filipina)
Thanks for the points!
No, I'm from Australia, (a Filipina)
Thanks for the points!
ASKER
There are two entries in the list which are strange to me. I have given the details below as shown by the defender.