Thursday 19 January 2012

Temp:winupd.exe (Uninstall Guide)

Temp:winupd.exe is a variant of a backdoor Trojan that enables a remote attacker to have access to or send commands to your computer. Typical backdoor Trojan horse allows cyber criminals to collect information, run and terminate processes, download additional files, etc. It may in some cases cause CPU usage to go to 100%. Temp:winupd.exe *32 points to a file in the %Temp% directory, at least at first glance. However, if you look in the %Temp% folder you won't find the file. Some people say it's a hidden file and you can't see it even if you make hidden files visible. That's not quite true.



C:\Documents and Settings\Michael\Local Settings\Temp:winupd.exe means a stream named "winupd.exe" attached to the directory "C:\Documents and Settings\Michael\Local Settings\Temp".

The NTFS file system provides applications the ability to create alternate data streams of information. You can view and delete streams manually. Boot to a PE environment and delete the %Temp% directory and then create a new one. Make sure to delete the registry entry associated with Temp:winupd.exe (see files and registrations keys listed below). To learn more, please read What is Windows PE?

However, it's a lot better idea to remove Temp:winupd.exe using anti-virus software. Besides, in some cases the Trojan makes a task that automatically re-adds it to Startup. It also damages certain programs shortcuts, usually notepad, Internet Explorer, CMD and others. To remove Temp:winupd.exe Trojan from your computer, please follow the removal instructions below. If you need extra help, please leave a comment below. Good luck and be safe online!


Quick Temp:winupd.exe removal instructions:

Download recommended anti-malware software (direct download) and run a full system scan to remove this Trojan horse from your computer.


Manual Temp:winupd.exe removal instructions:

1. Reboot your computer is "Safe Mode". As the computer is booting tap the "F8 key" continuously which should bring up the "Windows Advanced Options Menu" as shown below. Use your arrow keys to move to "Safe Mode" and press Enter key. Login as the same user you were previously logged in with in the normal Windows mode.



2. Copy the entire "Application Data" or "AppData" folder and paste in on Desktop.
3. Delete Temp folder inside "Local Settings" "or "Local" folder.
4. Make a new Temp folder.
6. Paste back your Application Data folder.
7. Open up Windows Registry Editor and delete the following registry key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run winupd = "%UserProfile%\LOCALS~1\Temp:winupd.exe"


Associated Temp:winupd.exe files and registry values:

Files:
  • %Temp%\winupd.exe
%Temp% is a variable that refers to the temporary folder in the short path form.
C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows 2000/NT/XP)
C:\Users\[UserName]\AppData\Local\Temp\ (Windows 7)

Registry values:
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run winupd = "%UserProfile%\LOCALS~1\Temp:winupd.exe"
Tell your friends:

No comments:

Post a Comment