Solved

Startup Program

Posted on 2006-11-16
14
1,098 Views
Last Modified: 2008-02-07
Hi,
I am using windows Defender.
On using Tools->Software Explorer, it shows a list of programs that opens on Start Up

There are two categories in the list which are strange to me. I have given the details below as shown by the defender.
First
--------------------------------------------------------------------------------------
File Name: 1
Startup Value: 1
File Path: 1
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Classification: Not yet classified
SpyNet Voting: Not Available
----------------------------------------------------------------------------------------
Second
----------------------------------------------------------------------------------------
File Name: vupdman32.exe
Startup Value: C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe
File Path: C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Classification: Not yet classified
SpyNet Voting: Not Available
----------------------------------------------------------------------------------------

What are they ?
Whether I should disable them or remove them ?

Regards
Kanwaljit
0
Comment
Question by:kanwal_no1
  • 6
  • 5
  • 2
  • +1
14 Comments
 
LVL 9

Author Comment

by:kanwal_no1
ID: 17959159
I should have used the line
There are two entries in the list which are strange to me. I have given the details below as shown by the defender.
0
 
LVL 27

Assisted Solution

by:David-Howard
David-Howard earned 100 total points
ID: 17959162
Remove both of these entries from your Startup.
Click Start
Select Run
Type MSCONFIG
Locate the Startup tab
Locate and remove the entries you have listed.
Reboot.
I suggest that you perform a system scan in Safe Mode with updated anti-virus software.
http://www.greatis.com/appdata/d/v/vupdman32.exe.htm
0
 
LVL 9

Author Comment

by:kanwal_no1
ID: 17959327
Hi David,
I recently encountered a problem and found the solution at EEE. Here is the link. Check the accepted and assisted answers.
They pinpointed the exact problems.
http://www.experts-exchange.com/Operating_Systems/WinXP/Q_22061717.html

Can the above entries be a garbage / left over of the that spyware ?
0
 
LVL 5

Expert Comment

by:neutron7
ID: 17959373
vupdman32.exe Is Trojan program disabling/removing it may not work.

that file "1" may be part of it as well.
0
 
LVL 47

Accepted Solution

by:
rpggamergirl earned 200 total points
ID: 17960109
You need to remove it, not just disable it.
Ewido can clean that trojan too.
It's possible that you have others there, can we look at your hijackthis log?
If you had smitfraud and you removed it using smitfraudfix(as what was in the link), it is important to check the rapport.txt for new variants(if smitfraudfix finds a new variant it will be listed in the rapport.txt.


Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
LVL 27

Expert Comment

by:David-Howard
ID: 17967327
Kanwal,
They could be. (The entries that you inquired about).
I would get in to Safe Mode and then access Startup. Uncheck those entries and then perform an anti-virus scan.
You'll need to make sure that your anti-virus is up to date prior to the scans.
:-)
0
 
LVL 9

Author Comment

by:kanwal_no1
ID: 17970120
Hi,
Following is the link to the saved analysis file
http://www.hijackthis.de/logfiles/f4267460e3454b3c913e38e86c8f3de6.html

Please tell what to do now ?

Kanwaljit
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17970411
Did you uncheck any startup entries in msconfig?
Only enabled startup entries will show up in hijackthis 04 lines, and that startup nasty you're talking about is not showing in the log.
Hijackthis is not helpful if startup entries a disabled. Also not all malware\viruses show up there.


You can just delete it manually and also the registry entry, or use Ewido.

Please, download AVG anti-spyware.
http://www.ewido.net/en/download/
and save that file to your desktop. This is a 30 day trial of the program
Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
    *Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
    *Select "Automatically generate report after every scan"
    *Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet.
 
 
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

 
IMPORTANT: Do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning proccess:
* Launch ewido-anti-spyware by double-clicking the icon on your desktop.
* Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
* Ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Next select the "Reports" icon at the top.
* Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
* Close ewido.
0
 
LVL 9

Author Comment

by:kanwal_no1
ID: 17974479
Hi,
I couldn't locate these two entries in the startup option. I have deleted these two entries through defender. Would that suffice ? Whether the defender also deletes registry settings of these entries also ?
Do I need to install the above antivirus, even if these entries are not showing in the defender list ?
Whether these entries are still on my computer (after deletion) or are they gone forever ?
I opened the AVG link and it talks about some compatibiltiy check. I am using Norton Anti Virus 2002. Does that effect in anyway ?
Regards
Kanwaljit
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17976305
>>I couldn't locate these two entries in the startup option. I have deleted these two entries through defender. Would that suffice ? <<
If Defender no longer alerts about the entry then maybe it took care of it, it should've, I don't have Windows Defender so i can't say how good that program is.



>>Whether the defender also deletes registry settings of these entries also ?<<
It was exactly the registry entries(values in the run key) that Defender was talking about, whether the exact file is gone or not --> vupdman32.exe
normally if the registry entry is present but the file is gone you would get an error, so check to make sure "vupdman32.exe" is also gone.
so the registry entry and the file are both gone.



>>Do I need to install the above antivirus, even if these entries are not showing in the defender list ?<<
No, if problem is gone you don't need it.



>>I opened the AVG link and it talks about some compatibiltiy check. I am using Norton Anti Virus 2002. Does that effect in anyway ?<<
I only suggest AVG to help clean up a system because when a system is infected usually the resident antivirus fails to remove the nasties. AVG is not known to have conflict with other programs, I don't mean for you to keep it with your resident antivirus but just another tool to clean the system and uninstall afterwards.

I have tried running both AVG and Avast together with no conflicts but it is NOT recommended to have 2 antivirus with real-time protection on(no point in having 2), you only need one updated antivirus that protects you at all time.
0
 
LVL 9

Author Comment

by:kanwal_no1
ID: 17989368
Hi,
Thanks Everyone. I deleted the above entries from the list with defender and they no londer appears in the list shown by defender. I feel I don't need to do anything now. Advise me If I need ? I am closing the question now. Thanks to all of you.

Regards
Kanwaljit
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 17991665
No, you don't have to do anything else.

Incase you like to read helpful advice from Tony Klein's article:
http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html


Thanks!
0
 
LVL 9

Author Comment

by:kanwal_no1
ID: 18011277
Hi rpggamergirl,
I just saw yours photo. Are you from India ?
Kanwaljit
0
 
LVL 47

Expert Comment

by:rpggamergirl
ID: 18012583
Hi kanwal_no1,
No, I'm from Australia,  (a Filipina)


Thanks for the points!
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

If you have done a reformat of your hard drive and proceeded to do a successful Windows XP installation, you may notice that a choice between two operating systems when you start up the machine. Here is how to get rid of this: Click Start Clic…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now