Windows update

  besuk 09:43 24 Feb 2003

I have a problem with an executable file that has “misteriously” appeared in my computer. The file is winupd.exe and is located in the C:\windows\system directory.
I believe I have accidentally downloaded this file from the Microsoft web site some time ago, and I think it’s a program that automatically updates Windows with all the new patches and fixes available on line.
Nothing wrong with that, I trust Microsoft to the extent that I don’t think this file is going to cause any arm or damage to my computer.
The fact is that, in order to carry out the automatic upgrades, this files keeps prompting me with a request of connection through my dial-up networking setting.
In other words, every five minutes, no matter what I am doing, the Dial-up networking prompt comes up in my screen and, frankly, I find this rather annoying.
Also, I assume that when I am on line, this file works in the background creating connection with the Microsoft web site, and I don’t like this to happen without me knowing it.
My PC run Windows 98. By clicking on Start > Run > and typing in the command msconfig, I have find out that this file is initialised every time I start my PC, as it appears in the Startup group of files under the name of MS Start Optimiser .
I have tried de-ticking from the Startup list, but it replicates itself every time I re-start the machine.
Does anyone knows about this file and about how to neutralize / manage it ? I have looked in the Microsoft site but I haven't found any solution.
Also, how do you actually get rid of a file that appear in your Startup list ?
Thank you.

  bvw in bristol 09:57 24 Feb 2003

This is a trojan. Run a virus scan.

  besuk 12:02 24 Feb 2003

Thanks bvw in bristol.
The virus scan is the first thing I have tried (with Norton 2000), before I have found out what the file was, but it didn't detect any virus.
When I have found out about the winupd.exe file (I have installed a firewall software that informs me every time one application is trying to connect to the net), I have even scanned the single file, but again no infection was found.

  Lozzy 12:11 24 Feb 2003

Be carefull as I cannot find any trace that winupd.exe is a virus on the Norton website..

  leo49 12:18 24 Feb 2003

I tend to agree with bvw in Bristol.

A way to check is to turn off Automatic Updating and if it still tries to connect, you've got a problem.

Then try an online check at Housecall or download one of many of the available Trojan cleansers.


  JoeC 12:18 24 Feb 2003

or winupd32.exe ( I think ). Symantec should have something about backdoor.asylum

  spikeychris 12:22 24 Feb 2003

click here


  powerless 12:22 24 Feb 2003


Do you have a firewall if so take a note of the IP address that this program is trying to connect to...

click here pop the IP address in and start a trace. See what it shows...

You could also pop the winupd.exe in the recycle bin, see if anything happens, run windows update etc...If it asks for this file just restore it.

Also Right click the file, go down to properties and have a look at the info...

  New Zealander 12:32 24 Feb 2003

You have a Trojan called 'Enterprise' click here

You could do a lot worse than give 'Tauscan' a trial from here. click here Nice program.

  New Zealander 12:35 24 Feb 2003

For reasons unknown the link I gave don't work, however the one spikeychris gave is about the same Trojan.

click here

  besuk 13:00 24 Feb 2003

Thank you lozzy, leo49, JoeC, spikeychris, powerless and New Zealander.
You are all very helpful, and now you've got me a bit scared too.
Leo49, I have turned off the Automatic Live Up-date from Norton Antivirus, but the Dial-up networking still pops up.
Powerless, the computer I am writing from at the moment is not the one affected (that is my home computer, this is my work one). When I get back home, I will try to take note of the I.P. address the file tries to connect to and I will post it.
I only hope that my firewall is working well, and that it really stops block the attempted connection as it say it does.
I have tried to cancel the file, but Windows doesn't let me: it says is a file in use so cannot be deleted. I have even tried deleting from DOS, but it is not visible. I have also had a look at the properties, but at the moment I cannot remember anything strange in it. I will have another look tonight.
Finally, thank you Spikeychris, JoeC and New Zealander: I will definitively try your suggestions when I go back home.
Once again, thanks very much to everybody. Please, keep whatching this space: I will post something again tonight or tomorrow morning.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

iMac Pro review

25 book design and illustration tips

iMac Pro review

Idées cadeaux pour geeks et tech addicts