Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Wednesday 22.1.2025 / 09:06
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > mysterious "update.exe" running as a process
Show topics
 
Forums
Forums
Mysterious "Update.exe" running as a process
  Jump to:
 
Posted Message
Phange
Newbie
_ 		9. August 2006 @ 12:43 _ Link to this message    Send private message to this user   
Every time I start my computer, Update.exe is a process that will not turn off unless I manually deactivate it.

My computer is basically spyware/adware free, but I'm not sure about this one program.

Note that my HijackThis log is perfectly clean, from what I can tell.
[ + quote]
Advertisement
_ 		__
Niobis
Senior Member
_ 		9. August 2006 @ 14:07 _ Link to this message    Send private message to this user   
Update.exe can be either safe or spyware, depending on its location. If you have Spyware Doctor or Spy Sweeper it belongs to them.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
Phange
Newbie
_ 		9. August 2006 @ 15:23 _ Link to this message    Send private message to this user   
Well unfortunately I have neither of them, and I doubt it's windows update.

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\Extra Files\Emulation\Genesis\gens.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Update.exe was running but I shut it off. Don't know how to prevent it from launching, though.
[ + quote]
Phange
Newbie
_ 		9. August 2006 @ 15:27 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 6:26:35 PM, on 8/9/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINNT\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\CTHELPER.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Common <b>Files\{DC06894C-0AE9-1033-0123-040518050001}\Update.exe</b>
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
O20 - Winlogon Notify: WgaLogon - C:\WINNT\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe

Gotta be spyware... any idea on how I remove it?
[ + quote]
Phange
Newbie
_ 		9. August 2006 @ 15:32 _ Link to this message    Send private message to this user   
UPDATE: I went to the folder's root and deleted both the DLL and the executable, and then deleted the folder itself.

It did not launch on restart.
[ + quote]
Niobis
Senior Member
_ 		9. August 2006 @ 15:35 _ Link to this message    Send private message to this user   
If you do not like it running. Remove it from startup.

I use Ccleaner to do this, plus it's a terrific "crap" cleaning tool. http://www.ccleaner.com

Open Ccleaner.
Click Tools.
Click Startup.
Find and delete entry.

The file will still be on your system but, it won't run on startup. Try searching for it in Common Files. Delete it manually.
[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
Phange
Newbie
_ 		9. August 2006 @ 15:42 _ Link to this message    Send private message to this user   
Nice program, I'll try it out right now.
[ + quote]
Advertisement
_ 		__
 
_
Phange
Newbie
_ 		9. August 2006 @ 15:51 _ Link to this message    Send private message to this user   
Well, Crap Cleaner only showed 2 non-essential programs launching at startup and I'm fine with both of them. Looks like I got it.

It did a GREAT job of cleaning up my PC, though. My PC was already clean as it is, but it sure is good to find a program to take the hell out of DLLs and the like.
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > mysterious "update.exe" running as a process
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork