I appreciate this isnt a forum for spybot but wanted to
help,Its annoying that MS antispy isnt deleting it but
you have to understand its beta testing at the momment
and is being improved all the time plus these trojan
definitions are a never ending battle,even spybot doesnt
remove this.Just follow this though at it will be gone
for good.
WindUpdates is a trojan downloader that by itself will
deliver popup advertisements to your system....
WindUpdates also installs a number of other
adware/spyware applications and is installed on your
system through an activex control that installs itself on
alot of IE users systems without them ever knowing it.
Also Known as: Windows AdTools WinAd by TwistedHumor
Winad.exe, WinAdTools.exe Winclt.exe, WinTaskAd.exe
One site i know that carries this is Lyricsdomain
Theres 2 ways to do this so will give both methods the
first is easier i think the second is abit over kill but
will work if you dont have luck with the first
First method:
Follow these steps:
1) Call up your task manager and identify the WinKA.exe
and WinUpdt.exe processes. Be prepared to terminate them,
but don't bother to do it yet.
2) Open the folder WindUpdate containing the three files,
WinKA.exe, WinUpdt.exe, and Comm.dll.
3) Rename WinKA.exe and WinUpdt.exe to WinKA.txt and
WinUpdt.txt
4) Using a text editor such as notepad, open WinKA.exe
Totally corrupt the file by typing random characters
throughout the file(Putting Swear's into the code are
always good for a laugh to get some revenge on the
Trojan
). Just have fun with your keyboard. You can't
save the file though yet, because its running.
5) Now you can terminate WinKA.exe in the Task Manager.
Then click on the save button on Notepad so that
WinKA.txt is corrupted.
6) And now you can delete or erase the file. Follow the
same steps to rid yourself of WinUpdt.exe. And then
Comm.dll can be erased without any trouble, as can the
folder WindUpdate.
Dont you just love destroying viruses and trojans or is
it just me
Second Method:
ALWAYS do these when trying to remove a bug.
First: Turn off Windows XP System Restore (Start,Right
click my computer,Properties,then system restore and
disable and apply)
Next: Show hidden files and folders. (Start,Search,Then
tools at the top bar,choose folder options then go to the
second page View,and tick show hidden files and folders)
Next to boot into Safe Mode
Reboot the system and tap F8, choose Safe Mode.
Next: Delete Temp Internet files :
Open a internet browser window, click Tools then Internet
Options.
Click on the Delete Cookies and the Delete Files buttons,
then click OK and close the browser window.
Next: Close all open internet browser windows.
Next: Delete Windows Temporary Files - (start,run then
type %temp% delete all files you can in this folder
The Windows temporary directory (usually located at
C:\windows\temp).
This directory should not be confused with the Internet
Explorer "Temporary Internet Files Directory".
The Windows temporary directory stores temporary files
that are used during installation of programs and at
other various times.
Cleaning this directory regularly is generally a good
idea.
Now go to your Add/Remove Programs Panel and look for the
following:
WindUpdates
InternetOptimizer
MyWay, MySearch, MyBar, My(insert any aliases)
DashBar
WebSavings
If any are not there don't worry about it.
WebRebates
Destroy Autorun:
Delete the following keys
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversi
on\run\winad client
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversi
on\run\windupdates
Reboot your system then:
Make sure you click start --> Run and type in msconfig.
Then select the startup tab. Any references to the
processes below should be deleted
End Processes (may or may not exist):
khooker.exe
winad.exe
winclt.exe
winka.exe
winupdt.exe
msbb.exe
Comm.dll
Unregister DLLs:
Each file is in several locations so you'll need to
search for them and unregister + delete them in every
location you find.
clientcom.dll
comm.dll
sisdx32.dll
Search for and delete:
C:\Program Files\WindUpdates\WinUpdt.exe
C:\Program Files\WindUpdates\WinKA.exe
C:\Program Files\WindUpdates
Regards Andy
