Ari talks about security and the fight against the virus wupdate.exe

Recently, a virus file has been circulating very fast. The file name is wupdate.exe. No problem can be found in anti-virus software that uses multiple Update virus definition codes. However, there may be many strange phenomena in the file system, such as the unavailability of network sharing, the unavailability of many client software and servers, and the security of this file in multiple places on the registry, it seems to be a virus.

Wupdate.exe is part of the Wengs advertising software. This process monitors your browsing habits and transmits relevant data back to its server for analysis. This program will also pop up the advertising window. We recommend that you delete the security level of this process immediately ." I don't think this is so simple. It also has an impact on many network services.

Do some manual deletion first. First, stop the virus process in the task manager, and then search for the files in the hard disk. The result is found at 2 points. One is in the Symantec Antivirus Program folder, and the other is in system32 with read-only and hidden attributes. If you have no questions, delete it immediately. Then, search in the registry and delete all the key values found with this file name.

Next, we should consider whether there are other files that can be released? I checked several places in the registry where such a program may be hidden and there was no result. In fact, the complete method should be to find a clean system, then use the registry to compare the software for record, put the virus file, and then compare it to see the changes in the registry. These are not yet prepared. It seems that such a system and comparison software will be ready for use in the future.

I made a batch of my work and compressed it into executable files. I used it as a killing tool and added it to my network security topic. As a matter of fact, I know that this exclusive killer tool is not completely killed, and I still have a superficial understanding of this virus. We hope we can fully prepare for the next new virus.

Note: It has been proved that wupdate.exe contains the stage-famous virus w32.spybot. worm. SAV must be upgraded to 10.1.4.4000, and the virus definition must be updated to the latest version to better kill the virus.