PDA

View Full Version : a computer issue: fishy requests for updates



dehro
2014-01-08, 06:01 PM
my computer runs windows 7 and has today started asking me permission to run a software called "update.exe".. it's kinda out of the blue and doesn't seem to give any further details as to what software is actually affected by this "update".
when I ask for details all I get is that the software is lodged in the directory with the following path

c:\user\user\appdata\local\temp (followed by another name that is composed of a mix of letters and numbers.. each time a different folder name)
when I search the "temp" directory for the software update.exe, I am currently listing 5 iterations of the programme, each in different sub folders to the temp one.

I have so far denied any autorisation to run that software. I have scanned them and found no viruses

On a probably unrelated note, apparently skype is malfunctioning and crashing as soon as I run it. I don't have any reason to think the two events are related if not for coinkydink timing.

I am very tempted to just delete all temp files. whilst I know this to be possible in the windows temp folder, I'm not sure about this other temp folder

am I right in being suspicious of this? should I just allow the software to run and see what happens?
advice would be appreciated.

TuggyNE
2014-01-08, 06:33 PM
Delete all temporary files and use some other malware scanner along with your current one.

Antonok
2014-01-08, 09:58 PM
CCleaner and Malware Anti-malware are your friends. 2 good programs for cleaning your comp of unwanted clutter/suspicious programs. After that, just run a virus scan

dehro
2014-01-09, 12:04 PM
pretty much what would have been my course of action.
I deleted my windows temp folder and my local/temp folder, then installed ccleaner, ran it and restarted the machine.

and now it's doing it again.
not too frequently, but today the machine has already created 2 random temp directories with the programme update.exe in it and tried to run it

TuggyNE
2014-01-09, 07:45 PM
pretty much what would have been my course of action.
I deleted my windows temp folder and my local/temp folder, then installed ccleaner, ran it and restarted the machine.

and now it's doing it again.
not too frequently, but today the machine has already created 2 random temp directories with the programme update.exe in it and tried to run it

CCleaner is not designed for antimalware as such, so I'd suggest using Eset, AVG, Panda, Avast, or some other dedicated program. (Most of those have trial versions that should be good to wipe out the initial infestation.)

If those find nothing, something like Rootkit Revealer may be necessary, although that's non-trivial to use properly.

dehro
2014-01-10, 04:31 AM
I installed malwarebytes anti-malware and have apparently rooted out the problem.
I'm not sure though, the popup asking me to run the suspicious software doesn't turn up anymore. on the negative side, however, google chrome does a few silly things that it didn't do previously.. but I haven't yet established a pattern... and skype continues to crash at least a few times after I turn the 'puter on, prior to stabilizing. And it doesn't tell me why or what error is occurring so I'm not sure how to fix that.
I tried uninstalling it and reinstalling it. didn't help

Xzeno
2014-01-10, 06:15 AM
Yeah, I would just uh, go ahead and clean install the OS. Of course, I'm the type to clean install the OS if someone looks at me funny.

The tension is that I want to just reinstall the OS because I can't be bothered with specific little problems, but replacing the OS is a brother unto itself.

...I've heard good things about programs like MalwareBytes (as was mentioned) and Spybot if you prefer a less extreme approach.

bluewind95
2014-01-11, 01:43 PM
The thing with those types of malware is that they like to put themselves in your computer's recovery data, so you'll erase it, yes. But soon as you restart the computer, it installs itself again. About the only way I've found to manually get rid of those is to temporarily disable the computer's recovery. Only after a restart doesn't reinstall the infection do I re-enable it.