• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1119
  • Last Modified:

Startup Program

Hi,
I am using windows Defender.
On using Tools->Software Explorer, it shows a list of programs that opens on Start Up

There are two categories in the list which are strange to me. I have given the details below as shown by the defender.
First
--------------------------------------------------------------------------------------
File Name: 1
Startup Value: 1
File Path: 1
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Classification: Not yet classified
SpyNet Voting: Not Available
----------------------------------------------------------------------------------------
Second
----------------------------------------------------------------------------------------
File Name: vupdman32.exe
Startup Value: C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe
File Path: C:\Program Files\Common Files\Microsoft Shared\Web Components\vupdman32.exe
Startup Type: Registry: Local Machine
Location: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Classification: Not yet classified
SpyNet Voting: Not Available
----------------------------------------------------------------------------------------

What are they ?
Whether I should disable them or remove them ?

Regards
Kanwaljit
0
Kanwaljit Dhunna
Asked:
Kanwaljit Dhunna
  • 6
  • 5
  • 2
  • +1
2 Solutions
 
Kanwaljit DhunnaCAAuthor Commented:
I should have used the line
There are two entries in the list which are strange to me. I have given the details below as shown by the defender.
0
 
David-HowardCommented:
Remove both of these entries from your Startup.
Click Start
Select Run
Type MSCONFIG
Locate the Startup tab
Locate and remove the entries you have listed.
Reboot.
I suggest that you perform a system scan in Safe Mode with updated anti-virus software.
http://www.greatis.com/appdata/d/v/vupdman32.exe.htm
0
 
Kanwaljit DhunnaCAAuthor Commented:
Hi David,
I recently encountered a problem and found the solution at EEE. Here is the link. Check the accepted and assisted answers.
They pinpointed the exact problems.
http://www.experts-exchange.com/Operating_Systems/WinXP/Q_22061717.html

Can the above entries be a garbage / left over of the that spyware ?
0
Cloud Class® Course: Python 3 Fundamentals

This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.

 
neutron7Commented:
vupdman32.exe Is Trojan program disabling/removing it may not work.

that file "1" may be part of it as well.
0
 
rpggamergirlCommented:
You need to remove it, not just disable it.
Ewido can clean that trojan too.
It's possible that you have others there, can we look at your hijackthis log?
If you had smitfraud and you removed it using smitfraudfix(as what was in the link), it is important to check the rapport.txt for new variants(if smitfraudfix finds a new variant it will be listed in the rapport.txt.


Please download HijackThis 1.99.1
http://www.cyberanswers.org/forum/uploads/HijackThis1991.exe
Open Hijackthis, click "Do a system scan and save a logfile" don't fix anything yet.

Then upload the logs to any hosting sites,
or go to the below link and login using your Experts-Exchange username and password.
http://www.ee-stuff.com
Click on "Expert Area" tab
type or paste the link to your Question
"Browse" your pc to the location of your Hijackthis log and click "Upload"
Copy the resulting "url" and post it back here.

OR: paste the log to either of these sites:
1. http://www.rafb.net/paste/
then at the bottom left corner click "paste"
Copy the address/url and post it here.

2. or at --> http://www.hijackthis.de/ 
and click "Analyse", click "Save".  Then post the link to the saved list here.
0
 
David-HowardCommented:
Kanwal,
They could be. (The entries that you inquired about).
I would get in to Safe Mode and then access Startup. Uncheck those entries and then perform an anti-virus scan.
You'll need to make sure that your anti-virus is up to date prior to the scans.
:-)
0
 
Kanwaljit DhunnaCAAuthor Commented:
Hi,
Following is the link to the saved analysis file
http://www.hijackthis.de/logfiles/f4267460e3454b3c913e38e86c8f3de6.html

Please tell what to do now ?

Kanwaljit
0
 
rpggamergirlCommented:
Did you uncheck any startup entries in msconfig?
Only enabled startup entries will show up in hijackthis 04 lines, and that startup nasty you're talking about is not showing in the log.
Hijackthis is not helpful if startup entries a disabled. Also not all malware\viruses show up there.


You can just delete it manually and also the registry entry, or use Ewido.

Please, download AVG anti-spyware.
http://www.ewido.net/en/download/
and save that file to your desktop. This is a 30 day trial of the program
Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
Once the setup is complete you will need run ewido and update the definition files.
On the main screen select the icon "Update" then select the "Update now" link.
    *Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
Under "Reports"
    *Select "Automatically generate report after every scan"
    *Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet.
 
 
Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

 
IMPORTANT: Do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning proccess:
* Launch ewido-anti-spyware by double-clicking the icon on your desktop.
* Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
* Ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all actions"
* Next select the "Reports" icon at the top.
* Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
* Close ewido.
0
 
Kanwaljit DhunnaCAAuthor Commented:
Hi,
I couldn't locate these two entries in the startup option. I have deleted these two entries through defender. Would that suffice ? Whether the defender also deletes registry settings of these entries also ?
Do I need to install the above antivirus, even if these entries are not showing in the defender list ?
Whether these entries are still on my computer (after deletion) or are they gone forever ?
I opened the AVG link and it talks about some compatibiltiy check. I am using Norton Anti Virus 2002. Does that effect in anyway ?
Regards
Kanwaljit
0
 
rpggamergirlCommented:
>>I couldn't locate these two entries in the startup option. I have deleted these two entries through defender. Would that suffice ? <<
If Defender no longer alerts about the entry then maybe it took care of it, it should've, I don't have Windows Defender so i can't say how good that program is.



>>Whether the defender also deletes registry settings of these entries also ?<<
It was exactly the registry entries(values in the run key) that Defender was talking about, whether the exact file is gone or not --> vupdman32.exe
normally if the registry entry is present but the file is gone you would get an error, so check to make sure "vupdman32.exe" is also gone.
so the registry entry and the file are both gone.



>>Do I need to install the above antivirus, even if these entries are not showing in the defender list ?<<
No, if problem is gone you don't need it.



>>I opened the AVG link and it talks about some compatibiltiy check. I am using Norton Anti Virus 2002. Does that effect in anyway ?<<
I only suggest AVG to help clean up a system because when a system is infected usually the resident antivirus fails to remove the nasties. AVG is not known to have conflict with other programs, I don't mean for you to keep it with your resident antivirus but just another tool to clean the system and uninstall afterwards.

I have tried running both AVG and Avast together with no conflicts but it is NOT recommended to have 2 antivirus with real-time protection on(no point in having 2), you only need one updated antivirus that protects you at all time.
0
 
Kanwaljit DhunnaCAAuthor Commented:
Hi,
Thanks Everyone. I deleted the above entries from the list with defender and they no londer appears in the list shown by defender. I feel I don't need to do anything now. Advise me If I need ? I am closing the question now. Thanks to all of you.

Regards
Kanwaljit
0
 
rpggamergirlCommented:
No, you don't have to do anything else.

Incase you like to read helpful advice from Tony Klein's article:
http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html


Thanks!
0
 
Kanwaljit DhunnaCAAuthor Commented:
Hi rpggamergirl,
I just saw yours photo. Are you from India ?
Kanwaljit
0
 
rpggamergirlCommented:
Hi kanwal_no1,
No, I'm from Australia,  (a Filipina)


Thanks for the points!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

  • 6
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now