winupdate.exe - Dangerous
winupdate.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
It includes distributed denial of service (DDoS) and back door capabilities.
The worm also attempts to steal confidential information from the infected computer.
Adds the value: "con.exe"
to the following registry key: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services
Deletes the following local network shares: $ipc; $admin; $c; $d
Attempts to open a backdoor by connecting to an IRC channel on latina.a.la using TCP port 6667.
The worm will listen for commands that allow the attacker to perform the following actions:
- Download and execute files.
- Scan the network for servers running backdoor Trojans.
- List, stop, and start processes.
- Launch Denial of Service (DoS) attacks.
- Steal system information and send it to the attacker.
- Perform port redirection.
- Start a socks4/5 proxy.
Remove it from startup by RegRun Startup Optimizer.