I’ve been battling this for over a week now. I can’t get rid of this osaupd.exe file. I’ve run Spy Doctor, Spy Bot, Spy Sweeper, AdAware . . . and who knows what else. It’s been quarantined, removed, and deleted and still it persists. Any help anywhere on how to get rid of this thing??? I’ve googled and everything I’ve read seems extremely complicated . . . not to mention confusing! Please tell me I don’t have to reformat.
What is your OS ?
What was the virus name, where was it found, example (C:\windows\system32\infected-file-name.xxx)?
Where does it keep coming back to ?
Which program detected it ?
and who knows what else.Only you so excuse me if I repeat an option that you have tried ;D
If you haven’t already got this software (freeware), download, install, update and run it, preferably in safe mode.
Ewido Security Suite If using winXP. or a-Squared free if using win98/ME.
It is in C:/windows/osaupd.exe and it also has a prefetch file in the prefetch folder (got me what that is). I’m running Windows XP. Spy Doctor continually tells me that it prevented winupdate.exe from running osaupd.exe. Spy Doctor seems to be the one detecting but can’t get rid of it. I’ve run Avast on system boot hoping it would catch it but nope . . . there it is again. It’s a nasty bugger . . . or just way over my head.
It could be sent to Chest.
It’s a folder that tries to ‘make applications load faster’. You can delete these files without problem.
Did you run www.ewido.net ?
Hi SueD :
Your mention of "winupdate.exe" is a serious piece of
spyware, which is not easily removed by the "usual"
settings of an antiPSYWARE program. I recommend you
seek the assistance of the Ad-Aware Experts on the
forums at www.landzdown.com .
Hi SueD,
There is a removal guide here:
http://www.bleepingcomputer.com/forums/topic43659.html
As Spiritsongs says, it is annoying and irritating spyware,
after your machine is fully cleansed of these things (check with webroots spyaudit), you should have ample anti-spyware protection: ad-aware, spybot s&d, spywareblaster installed, only one resident AV solution, one software firewall, and patch and update your OS fully. Serve with normal user’s rights only, and you’ll be a lot more secure of these pests.
polonus
As soon as I get home from work I will run Ewido and go from there.
I sure appreciate all the help. I’m starting at the top and running straight through till I nab this rascally thing. It’s extremely annoying!
Forgive my ignorance of using this forum . . .
I misquoted what Spy Doctor is saying . . . it is “wupdmgr.exe is preventing osaupd.exe from running”.
Is that the same as you’re saying.
I’m running Ewido now.
Ewido finished and here are the results:
ewido anti-malware - Scan report
-
Created on: 6:44:05 PM, 4/19/2006
-
Report-Checksum: 3E7AC040
-
Scan result:
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@adopt.specificclick[1].txt → TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfk4glc5oeq.stats.esomniture[2].txt → TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfkisgdpgdp.stats.esomniture[2].txt → TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfl4oicjkbp.stats.esomniture[2].txt → TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wfmigkc5odq.stats.esomniture[2].txt → TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wglygpazmep.stats.esomniture[2].txt → TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjk4sgd5ago.stats.esomniture[1].txt → TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkowpdjmho.stats.esomniture[2].txt → TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkycjczglq.stats.esomniture[1].txt → TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkycldpalo.stats.esomniture[2].txt → TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjkygidjglo.stats.esomniture[2].txt → TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjl4ajdzsfo.stats.esomniture[1].txt → TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjlocicjghp.stats.esomniture[2].txt → TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjmysmazicp.stats.esomniture[2].txt → TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjny-1kcjed.stats.esomniture[2].txt → TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@e-2dj6wjnyoic5kbo.stats.esomniture[2].txt → TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@hypertracker[2].txt → TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@ivwbox[1].txt → TrackingCookie.Ivwbox : Cleaned with backup
C:\RECYCLER\NPROTECT\00059819.exe → Downloader.Small.ckc : Cleaned with backup
C:\RECYCLER\NPROTECT\00061127.exe → Downloader.Small.ckc : Cleaned with backup
C:\WINDOWS\osaupd.exe → Downloader.Small.ckc : Cleaned with backup
C:\WINDOWS\system32\loader.exe → Downloader.Small.cjy : Cleaned with backup
C:\WINDOWS__delete_on_reboot__wupdmgr.exe → Downloader.Small.ckc : Cleaned with backup
::Report End
I think Ewido got it but I’m on my way to restart and see! Cross your fingers, toes, etc.!!