windowsupdate.exe
Last Updated on Tuesday, 25 October 2011 12:09 Sunday, 07 February 2010 08:18
Virus makers strive to excel in the art of deception, they use names that resemble to some windows tool, utility to create viruses. If one is not acquainted with the actual names of the different names of windows system processes/ files, then one may mistake a virus as a legitimate file.
Windows Update is one such name that is widely used by virus makers. This name is used as a folder, as an executable file, ans also used in windows registry to hide virus files.
The actual Windows Update is the name of a windows process
Windows Update in Windows XP
c:\windows\system32\wupdmgr.exe
Windows Update in Windows Vista and Windows7
c:\windows\system32\wuapp.exe
It Offers the latest critical and security updates, device drivers, and other features that are available for your Windows computer.
Apart from this there is NO Legitimate folder or an exe file named "Windows Update" in Microsoft Windows, either from Microsoft or from any third party software vendor. Virus writers have used this name in different ways. see the list below
%AppData%\WindowsUpdate\testbuild.exe - see report
%AppData%\WindowsUpdate\windowsupdate.exe - see report
%CommonPrograms%\Startup\windowsupdate.exe - see report
%Programs%\Startup\windowsupdate.exe - see report
%ProgramFiles%\WindowsUpdate\WindowsUpdate.exe - see report
In one case this name is used in windows registry in order to hide another fake/malicious process - see report
Just because a virus writer decides to give a name to a virus file, that does not make the name itself outlawed. So you need to take necessary precautions while deciding whether a file on your computer is legitimate or not. Read this Disclaimer
- The location of folders can be found on this link
Can Antivirus programs detect it?
As these are several viruses using this name, in some cases your antivirus may be able to identify the virus file.
How do I get infected? Can it be avoided?
Small files can enter a computer unnoticed while browsing on the net. It is called a drive by download. And there are ways to prevent it from happening. You can read them on this link here
So what should I do now?
You need to delete this or any other suspicious files that could be seen running in Task manager. Also do not forget to run a scheduled boot scan using the antivirus program on your computer. A good firewall can prevent and help you to block or detect if there is any hidden communication between a file on your computer and someone else on the internet. So keep a close eye on these activities through your Firewall.
Don't you write detailed Step by step instructions?
Yes, I do. But in order to avoid looking cumbersome, I have grouped all the commonly followed steps that can be applied to any or all of the viruses in a separate page. In case you need them they are here on this link.
The above information is based on Automated virus analysis report from Threatexpert.com.
(copyright attribution statement: "Reprinted with permission from ThreatExpert.")
Search within this site
Read in your language
Main Menu
| Home |
| ----Sections---- |
| Harmful Files |
| Virus Removal |
| Trojan Removal |
| Worms Removal |
| Rogues Removal |
| Unwanted Apps |
| Removal Tools |
| Current News |
| ----Articles---- |
| Warning/ Disclaimer |
| Common Folders |
| Preventive Measures |
| Removal Instructions |
| Video Tutorials |
| ----Site Info---- |
| Sitemap |
| About/Contact |
Sanjay C Rajure