What are these files

cubix

Manager32.exe/Winupdt.exe--they both seem to be sitting in my c:\windows\system32 folder
Just wondering if they are Xp files or 3rd party ones, I am running zonealarm and it tags them saying they are trying to access the trusted zone and the internet. The winupdt.exe one is trying to act as a server is well. I am running the zyxel modem from iol with usb&ethernet connections and these two files seem to be playing havoc when I try to connect to the net with my usb connection,any ideas

Thanks

Creamy Goodness

Winupdt.exe

don't quote me on this but this loooks like it might have something to do with windows update?

aidan_walsh

Winupdt.exe is a worm, unable to find much about Manager32. Update or download a virus scanner.

cubix

By searching for file names with that ext and deleting them would that be enough? or would I need to do more

aidan_walsh

Just download or update your virus scanner. That will take care of everything. Chances are if you have one, you have more. Better safe than sorry, right?

cubix

Just updated my nortons and did a full scan but nothing showed? strange :rolleyes:

daggeredge

http://vil.nai.com/vil/stinger/

Mcafee stinger.exe you run it and it gets rid of the nasties....it won't protect your computer though as it's just a search and remove program, if you think norton isn't working for you ,try www.grisoft.com and get AVG free anti virus and this will protect your system in much the same way as norton (it also has an easy update button)

cubix

Thks for the tip daggeredge

jessy

cubix wrote:

By searching for file names with that ext and deleting them would that be enough? or would I need to do more

You can’t just search your self.

Worms replicate,

Infection
Injection
Encryption
Polymorphic

Are just a few ways they infect files and try to hide themselves?
You’d be a better man than anyone here if you could find a polymorphic worm by just searching your self (not to say that the worm above is polymorphic, its just not an option to search yourself).

Virus scanners will detect different types of virus, worm’s etc but all the big vendors will detect major virus. Panda and BitDefender are two of the better ones.

hulhi

cubix wrote:

Manager32.exe/Winupdt.exe--they both seem to be sitting in my c:\windows\system32 folder
Just wondering if they are Xp files or 3rd party ones, I am running zonealarm and it tags them saying they are trying to access the trusted zone and the internet. The winupdt.exe one is trying to act as a server is well. I am running the zyxel modem from iol with usb&ethernet connections and these two files seem to be playing havoc when I try to connect to the net with my usb connection,any ideas

Thanks

Winupdt.exe is a worm W32/Rbot-FP.
start registry editor (start->run->regedit) and delete all instances of winupt.exe by doing search on it.
(HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Machine=winupdt.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Update Machine=winupdt.exe
and delete them if they exist.
For each user locate the entry:
HKCU\[SID number]\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Update Machine=winupdt.exe
and delete it if it exists.)
then run antivirus scan, [you should install firewall software or at least enable windows firewall if you have XP]

Manager32.exe is spyware/adware.
start registry editor (start->run->regedit) and delete all instances of winupt.exe by doing search on it. (same as above)
then use Ad-Aware (http://www.lavasoftusa.com) or some similar program.
(you can delete manager32.exe from your %systemroot% folder in safe mode)

if you could run HijackThis (http://www.spychecker.com/program/hijackthis.html) then post the log we'll be able to tell you more

Mac daddy

cubix wrote:

Just updated my nortons and did a full scan but nothing showed? strange :rolleyes:

Doesn't matter i did it on saturday and found a services that was hogging memory- googled it was worm replicated 453 times in one day - had to switch off system restore delete most of them manual from safemode

muffen

heh, maybe you shouldn't guess what it is based on filename...

You know, if you are using norton you can submit the file for analysis.. put it in quarantine and then submit it (go in the quarantine and you will see how its done)...
no-one is going to knock down your door because you used a keygen instead of the serial on your CD... and its probably a good thing to find out what it is for sure instead of guessing based on filename...

cubix

But this is the thing Muffen when I updated my Norton AV and did a complete scan it could not find it, Zonealarm was what let me know it was there as it keep trying to connect to the net. ITs only when I d/l a freeware version of antispy that it gave me run down of all the potential dodgey progs.

dabhal

Norton is crap, I pay for macafee it picks up much more than norton.
AVg is free and so is the macafee stinger tool but be careful with stinger its not very forgiving and can delete files from legite apps if your not careful.
install adaware and spybot etc run them all and get a virus scaner update it(not norton) let us know how far you get

Dabhal

cubix

Will do Thks

Pataman

cubix wrote:

But this is the thing Muffen when I updated my Norton AV and did a complete scan it could not find it, Zonealarm was what let me know it was there as it keep trying to connect to the net. ITs only when I d/l a freeware version of antispy that it gave me run down of all the potential dodgey progs.

It sometimes helps if afer you have updated your antivirus, you do a reboot and then scan. Clears the memory.