Page 1 of 1
USBUPD~1.exe
Posted: Mon Oct 31, 2005 3:38 pm
by ik911
Virus?
I have 5 minutes to reply
full name: usbupdatesx.exe
OS: WinXP
EDIT: part2
This DOS-applicationwindow starts up after windows starts and when closing it, internet no longer works.
It is a DOS application window with a cursor, but I can't type anything in it. When closing the window, it seems to be busy, for windows asks me if I want to end the task now or cancel.
However, when I do not close the application, internet no longer works after 5 minutes.
Deleting the file doesn't matter for it reappears next time, always on C:\usbupdatesx.exe . Deleting also requires closing the application, which ofcourse causes the internet to no longer work...
No suspicious processes...
No usbupd* register entries.
Norman doesn't recognize a virus in the file...
I'm puzzled. Does anyone happen to know anything about this?
The only reference to the same problem is
on a french forum. (I'm not that good at french though.)
Posted: Mon Oct 31, 2005 4:16 pm
by Ravager
Here's the [url="http://translate.google.com/translate?hl=en&sl=fr&u=http://forum.telecharger.01net.com/microhebdo/windows_et_les_autres/windows_xp/enorme_probleme_-321015/messages-1.html&prev=/search%3Fq%3DUSBUPD~1.exe%26hl%3Den%26hs%3DSSM%26lr%3D%26client%3Dopera%26rls%3Den"]Google translated copy[/url] (slightly better than reading the fully French version).
It may be some kind of Windows Update procedure, but it looks unlikely. Maybe the file has been corrupted or something like that?
Posted: Mon Oct 31, 2005 4:53 pm
by ik911
The file luckily isn't on my computer. I posted the above from my friend's. Unfortunately, I couldn't fix the problem.
When we started up the computer while it was disconnected from the internet, the file didn't start. However, when connecting the wire again, it came back. This made me believe it must be some (very new) kind of firewall/internetsecurity breach exploit.
When msn tries to connect, the error is in the keyports and it suggests the firewall settings might be wrong.
The windows firewall says it's group-managed (whatever the heck that means)... I could not change it into on or off; all the text was grayed out.
EDIT: Hmm, the french forum translation suggests:
(...)
Youpi Adware was found: Win32:Adan-151 [ Adw ]
Would the proper translation be:
(...)
Yippie! Adware has found: Win32:Adan-151, which helped the problem!
Posted: Mon Oct 31, 2005 5:52 pm
by Ravager
ik911 wrote:EDIT: Hmm, the french forum translation suggests:
(...)
Youpi Adware was found: Win32:Adan-151 [ Adw ]
Would the proper translation be:
(...)
Yippie! Adware has found: Win32:Adan-151, which helped the problem!
That looks possible. This computer also has Ad-aware (I'm guessing that's that it means) and I ran a search for the file on the computer and found nothing- though this in Windows 2000, so it may be different.
This made me believe it must be some (very new) kind of firewall/internetsecurity breach exploit.
The date on that forum post was dated 2 days ago, so you may well be right.
Maybe downloading Adaware and running that would help, hopefully you should be able to transfer it to your computer without requiring Internet access. The website I found said it was 2.72MB, but I'm not sure if I should post the link, just use Google and search under Adaware.
Hope that helps.
Posted: Thu Nov 03, 2005 4:37 pm
by ik911
Really strange file it was... It 'mutated' into a lot of files, one of them being "IELOWER.EXE". There was a reference on that on an english forum and a guide how to remove it. However, it did not match exactly. Certain expected files/processes weren't present, so effectively, the guide didn't work for us, because there was nothing to be removed, except the IELOWER.EXE file, which was kind of useless because it kept coming back.
However, one of the last steps of the guide was to remove all the temp files and cookies (using a program called guide.dat IIRC). So we did that and.... The entire problem was gone.
Posted: Fri Nov 04, 2005 12:40 am
by vellu
You really should report this to some antivirus/antispyware company (Symantec, F-Secure, Norman, etc.) and give them as detailed description of the problem as possible. I'm sure their websites have email addresses for just that.