Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

aupd.exe + adzgalore [RESOLVED]


  • This topic is locked This topic is locked

#31
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Ok to recap we killed it twice and then tried the hammer of Avenger which failed to find it. Then it reappeared, and now it is showing back in your temp file again

However I have now found some possible trigger files so lets kill them and see what happens. For the duration of this fix you may lose the desktop

Start OTScanit. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Files/Folders - Created Within 90 days]
NY -> 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
[Files Created - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 112 bytes -> %AllUsersProfile%\TEMP:DFC5A2B2
NY -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
NY -> Installer5332 -> %UserProfile%\AppData\Local\Installer5332
NY -> Installer5864 -> %UserProfile%\AppData\Local\Installer5864
[Files/Folders - Modified Within 90 days]
NY -> 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
NY -> 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> %SystemRoot%\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
NY -> 1 C:\Windows\*.tmp files -> C:\Windows\*.tmp
NY -> C:\Users\Drew\AppData\Local\Temp\ -> C:\Users\Drew\AppData\Local\Temp
NY -> aupd.exe -> C:\Users\Drew\AppData\Local\Temp\aupd.exe
NY -> 4 C:\Users\Drew\AppData\Local\Temp\*.tmp files -> C:\Users\Drew\AppData\Local\Temp\*.tmp
[Files Modified - Additional Folder Scans - Non-Microsoft Only]
NY -> @Alternate Data Stream - 112 bytes -> %AllUsersProfile%\TEMP:DFC5A2B2
NY -> DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> %UserProfile%\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
NY -> Installer5332 -> %UserProfile%\AppData\Local\Installer5332
NY -> Installer5864 -> %UserProfile%\AppData\Local\Installer5864
[Empty Temp Folders]

The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new Hijackthis log.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.
  • 0

Advertisements


#32
Drew Harris

Drew Harris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok, done:

Attached Files


  • 0

#33
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Dare I ask if it has gone
  • 0

#34
Drew Harris

Drew Harris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
No, it's still there.
  • 0

#35
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK going to get re-inforcements and ask the other experts - I hate being sideswiped
  • 0

#36
Drew Harris

Drew Harris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
It is okay, I appreciate the effort. You are doing a great job, this thing just seems incredibly illusive
  • 0

#37
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Aye up one of the boys has a few questions

1. Which version of Stardock IconPackager do you have ?
2. Is a trial version that has expired ?
3. Is it a cracked version ?
4. Can we have a copy of the file ?
  • 0

#38
Drew Harris

Drew Harris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
It is the newest version. It is a trial version, it did expire. But, I haven't used it for much. When you say you want a copy of the file, you mean you want a copy of the exe file that runs the program on my computer or you mean you want a link to the one that I downloaded.
  • 0

#39
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The aupd.exe file, as it might be a part of the online registratiion process for Stardock IconPackager. However, it uses the same location and name as this malware Begin2Search. In which case it is a legitimate file and will disappear if the Iconpackager is removed
  • 0

#40
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Please go to UploadMalware to upload a suspicious file for analysis.
  • Enter your username from this forum
  • Copy and paste the link to this thread ( http://www.geekstogo...d....html&st=30 )
  • Browse for this filename: C:\Users\Drew\AppData\Local\Temp\aupd.exe
  • In the comments, please mention that I asked you to upload this file
  • Click on Send File

  • 0

Advertisements


#41
Drew Harris

Drew Harris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok, submitted.
  • 0

#42
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Thank you I will need to wait for the analysis now - not too long I hope :)
  • 0

#43
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
It is a fairly innocuous file - the recommendation is to uninstall the trial icon packager and it should go away..
  • 0

#44
Drew Harris

Drew Harris

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Ok, thank you
  • 0

#45
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you let me know if it has gone now, and what is the current state of your computer ?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP