jana
asked on
Is update.exe a virus or Microsoft?
I use Comodo firewall and since yesterday it has displayed a continuous pop-ups regarding giving access to a program called "update.exe".
I have google the problem and have found "update.exe" and "Update.exe"; the one that keeps poping up is "update.exe. The google results comes down to its either a trojan or a Microsoft updater.
I have included images of the 3 typoes of pop-ups: SoftwareDistribution\Downl oad, modify a dberr.txt file and modify a HKLM regisrty entry.
Is this a virus or Microsoft?
If it's a virus, how do I remove it (I have ad-aware, spy-bot and avg, and ranned, no detection)
Please advice
EE.update-exe.01.jpg
EE.update-exe.02.jpg
EE.update-exe.03.jpg
I have google the problem and have found "update.exe" and "Update.exe"; the one that keeps poping up is "update.exe. The google results comes down to its either a trojan or a Microsoft updater.
I have included images of the 3 typoes of pop-ups: SoftwareDistribution\Downl
Is this a virus or Microsoft?
If it's a virus, how do I remove it (I have ad-aware, spy-bot and avg, and ranned, no detection)
Please advice
EE.update-exe.01.jpg
EE.update-exe.02.jpg
EE.update-exe.03.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
update.exe is not Microsoft. Nor is winupdates.exe. Winupdates.exe is most assuradly a virus. I'm not sure about the other one. Malwarebytes should fix it up. also, check your system32 directory for any .dil files and remove them.
ASKER
Hi all,
I kept giving permission to "update.exe" do whatever it needed to do and it finally stop. I have rebooted a couple of times and also permitted the periodic update of Windows to download and install and I haven't seen any problem. Nevertheless, I will run your recommendation and let you kno.
------------------------
ping_it:
------------------------
I could find the update.exe file to upload. I did download the Norton Security Scan for testing, I'll try it
------------------------
skywalker39:
------------------------
The link indicates that the file is found in Windows\system, but its not there in my PC. I have downloaded the file you recommnended.
I usually use Spy-Bot, Ad-Aware/Lavasoft and AVG. The links you recommended are they in the same categories of performance?
One more question. I also downloaded "sophos" product, whats a rootkit?
------------------------
Thickman:
------------------------
I thought it could be Microsoft because I did find a link referring to that. Why you mention "winupdates.exe", you think I have that in my PC?
I kept giving permission to "update.exe" do whatever it needed to do and it finally stop. I have rebooted a couple of times and also permitted the periodic update of Windows to download and install and I haven't seen any problem. Nevertheless, I will run your recommendation and let you kno.
------------------------
ping_it:
------------------------
I could find the update.exe file to upload. I did download the Norton Security Scan for testing, I'll try it
------------------------
skywalker39:
------------------------
The link indicates that the file is found in Windows\system, but its not there in my PC. I have downloaded the file you recommnended.
I usually use Spy-Bot, Ad-Aware/Lavasoft and AVG. The links you recommended are they in the same categories of performance?
One more question. I also downloaded "sophos" product, whats a rootkit?
------------------------
Thickman:
------------------------
I thought it could be Microsoft because I did find a link referring to that. Why you mention "winupdates.exe", you think I have that in my PC?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanx skywalker39, so the rootkit is like a Trojan bu had its initial via Unix system. Ok. So the apps I downloaed I just run it like any other antispyware/viruas and thats that?
Correct Ramante.
Ramante,
I was just mentioning Winupdates.exe as a side note. I've seen it on several of my computers here at work. Its a worm by the name of RBOT.DIL.
I was just mentioning Winupdates.exe as a side note. I've seen it on several of my computers here at work. Its a worm by the name of RBOT.DIL.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanx all...we'll try all of the recommendation after hours. I'll keep u posted.
ASKER
Hi sorry for delay. I ran Spy-Bot, Ad-aware and RootKit and all clean. I did notice when I get update from Microsoft I do get this message and the only time I see the update.exe (i don't see this file anytime else). So I am assuming its Microsoft.
Before closing this question, maybe you guys have any last suggestions?
Before closing this question, maybe you guys have any last suggestions?
Upload the file here: https://submit.symantec.com/websubmit/retail.cgi
They will reply to you with the status of the analysis, after that you can run this tool and yuu will have the confirmation whether it is or not a "dangerous" file: http://security.symantec.com/sscv6/WelcomePage.asp