malicious process- update.exe?

[jacob]

Hi,
i have problems in my pc for 3-4 days, which indicate a
virus presence.
* can't launch norton av/firewall. they close immediately.
* can't login my web mail(page not found).
* any web search/link that contains words like
"virus/symantec/norton/scan/fix..." causes IE to close.
* my keystrokes are watched. using the above words in
the title of this post caused an ESC effect.
* slow openning of apps.

i got some replies in yesterday's post, and run SpyBot,
which fixed 3 items, but all the above problems remain.
today, according to a computer expert, i wrote down the
list of running processes, and googled each one. i found
out that the 'update.exe' should be removed!!
by doing so, all problems are gone, except the mail problem.
running norton utility fixed problems in registry, that most
of them were caused by missing files in LiveUpdate folder
of Symantec!
the file resides in windows/system32/, and dozens of times
under /$hf_mig$, which seems to contain windows updates.
restarting the pc causes the process to appear again, with all
the problems above.
how do i handle the situation, please help

 

[Guest]

Hi Jacob,
Try to delete and turn the system restore off then reboot,and see what will
happen.
please write back if the problem n't solved with the above.
nass

 

[Malke]

Hi,
i have problems in my pc for 3-4 days, which indicate a
virus presence.
* can't launch norton av/firewall. they close immediately.
* can't login my web mail(page not found).
* any web search/link that contains words like
"virus/symantec/norton/scan/fix..." causes IE to close.
* my keystrokes are watched. using the above words in
the title of this post caused an ESC effect.
* slow openning of apps.

i got some replies in yesterday's post, and run SpyBot,
which fixed 3 items, but all the above problems remain.
today, according to a computer expert, i wrote down the
list of running processes, and googled each one. i found
out that the 'update.exe' should be removed!!
by doing so, all problems are gone, except the mail problem.
running norton utility fixed problems in registry, that most
of them were caused by missing files in LiveUpdate folder
of Symantec!
the file resides in windows/system32/, and dozens of times
under /$hf_mig$, which seems to contain windows updates.
restarting the pc causes the process to appear again, with all
the problems above.
how do i handle the situation, please help

You need to run more than Spybot; also, Spybot is not an antivirus
program. Start by scanning with either Sysclean or David Lipman's
Multi-AV:

http://www.elephantboycomputers.com/page2.html#TrendMicros_Sysclean
http://www.ik-cs.com/multi-av.htm - how to use Dave Lipman's Multi-AV
http://www.ik-cs.com/programs/virtools/Multi_AV.exe - Multi-AV download

Then update your full-featured antivirus with definitions downloaded
from a different, known-clean machine and do a thorough scan in Safe
Mode.

Then continue cleanup by following these steps:
http://www.elephantboycomputers.com/page2.html#Removing_Malware

If you don't have the ability to get the updates/tools you need from a
different, known-clean machine then take your computer to a
professional computer repair shop (not your local version of
BigStoreUSA).

Malke

 

[jacob]

hi guys,
again, with great help from my computer expert (family member),
the problems seem to be solved. and for the sake of others,
here it goes.
entered the site http://www.kaspersky.com/scanforvirus .
it has a tool to scan any file you select, and for the 'update.exe'
file it found the worm. more googling came up with a removal
tool called FixbMale.exe, that was found here:
http://www.softpedia.com/get/Antivirus/W32-Blackmal-mm-Removal-Tool.shtml .
downloaded and run, and all problems solved, except login to
my mail.
maybe i'm blocked by the server(Yahoo), because the worm sent
malicious stuff through my mail, although i did managed to login with
another pc, what do you think?
thank you for your time and support