Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Look out for sysupd.exe

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spyware/Adware in the News
View previous topic :: View next topic  
Author Message
CalamityKen
Warrior Addict


Joined: 06 Mar 2004
Last Visit: 26 Aug 2004
Posts: 611
Location: Ont. Canada
PostPosted: Fri May 21, 2004 8:07 am    Post subject: Look out for sysupd.exe Reply with quote
This is a new nasty and tricky to remove.

A system gets infected because the user has not installed ALL Windows Critical Updates.

The sysupd.exe will restart itself in about 5 seconds if terminated. The trick is to boot into Safe Mode then go to the folder where it is located (usually C:\WINDOWS\sysupd.exe) then end the process and quickly rename it to sysupd.old. This works in Win98/ME but not Win2K/XP.

The process is restarted because it is in the prefetch folder and makes it hard to delete in Win2K/XP.

I am watching how to remove it in Win2K/XP.

References:
http://computercops.biz/postt36896.html (there is no taskkill in XP Home)
http://www.dslreports.com/forum/remark,10091594
_________________
Install IE-SPYAD and SpywareBlaster updated regularly available in the following links .
How did I get infected? http://boards.cexx.org/viewtopic.php?t=957
Calendar Of Updates http://www.dozleng.com/updates/index.php?&act=calendar
member
Back to top
View user's profile Send private message
Nick
Site Admin


Joined: 27 Feb 2004
Last Visit: 28 Aug 2012
Posts: 3913
Location: California
PostPosted: Tue May 25, 2004 8:51 pm    Post subject: Reply with quote
Any updates?
_________________
Nick's Security Ticker

Back to top
View user's profile Send private message Visit poster's website
CalamityKen
Warrior Addict


Joined: 06 Mar 2004
Last Visit: 26 Aug 2004
Posts: 611
Location: Ont. Canada
PostPosted: Wed May 26, 2004 4:30 am    Post subject: Reply with quote
I haven't seen any updates and I haven't noticed any new infections either.
_________________
Install IE-SPYAD and SpywareBlaster updated regularly available in the following links .
How did I get infected? http://boards.cexx.org/viewtopic.php?t=957
Calendar Of Updates http://www.dozleng.com/updates/index.php?&act=calendar
member
Back to top
View user's profile Send private message
CalamityKen
Warrior Addict


Joined: 06 Mar 2004
Last Visit: 26 Aug 2004
Posts: 611
Location: Ont. Canada
PostPosted: Sun May 30, 2004 9:36 am    Post subject: Reply with quote
I believe the latest Ad-aware reference file targets this infection.
_________________
Install IE-SPYAD and SpywareBlaster updated regularly available in the following links .
How did I get infected? http://boards.cexx.org/viewtopic.php?t=957
Calendar Of Updates http://www.dozleng.com/updates/index.php?&act=calendar
member
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spyware/Adware in the News All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group