NEW HijackThis automated log analyzer! Get your logs analyzed INSTANTLY!
Overview:
WindUpdates is a trojan downloader that by itself will deliver popup
advertisements to your system. This is NOT the part thats so bad... It also
installs a number of other adware/spyware applications and is installed on your
system through an activex control that installs itself on alot of IE users
systems without them ever knowing it. All they hav do do is visit the wrong
site! Use FireFox NOW!
Destroy Autorun:
Delete the following keys
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\winad client
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\windupdates
Reboot
your system then:
p>
Make sure
you click start --> Run and type in msconfig. Then select the startup tab. Any
references to the processes below should be deleted
End
Processes (may or may not exist):
khooker.exe
winad.exe
winclt.exe
winka.exe
winupdt.exe
Unregister DLLs:
Tip: this is only a list of known files/locations. You will want to do a
search by the name of the file to see if they're on your system.
A while back I wrote a guide to
Register/remove DLL or AX
files which you will need if you don't know how to unregister these files.
Each file
is in several locations so you'll need to search for them and unregister +
delete them in every location you find.
clientcom.dll
comm.dll
sisdx32.dll
Remove Directories:
program files\windupdates
Clean your Registry:
You should
be back to normal IF this was your only problem. I suggest you post in our HJT
forum since its not likely that this is your only bug.
Read this first
