Got the same problem after installing some stupid screensavers yesterday. On my system, the wupdater.exe file was located in "Program Files\Common Files\Keenware". First, I uninstalled the screensavers. The program is run at the Windows startup so, second, I deleted the corresponding registry entry (using RegCleaner by Jouni Vuorio, downloadable for example from here: http://www.downseek.com/download/21692.asp ), then deleted other registry entries for "Updater", deleted the Keenware directory itself and everything is running fine now.

The lesson is: don't fool around with useless rubbish like screensavers. :cool:

I have had that problem several times. I believe mine was related to some version of Norton AntiVirus since it was looking for the link in the Symantic directory. I first ram c:\windows\msconfig.exe amd unchecked the appropriate box and it fixed the problem, so I deleted registry entries to both wupdater and updater and everything is fine now. I also had similar problems with two programs called VirtualBouncer.exe and AdDestroyer.exe, both of which set up housekeeping in my root directory. I can't kill 'em as fast as they come in the door. ShieldsUp says I am Completely Stealth, but . . . .I finally switched from Win98 back to Linux and that fixed the problem. I think Microsoft must write these things themselves (Grin).

Delete the wupdater.exe in safe mode and then in recycle bin. THE END!

Delete the wupdater.exe in safe mode and then in recycle bin. THE END!

please tell me how i can delete wupdater

Hi

C:\Program Files\Common files\Updater\wupdater.exe <<< del Updater folder

But you will need to stop the exe file running first.....

You can remove the run key from the registry with regedit (backup the registry first)...then reboot....then delete the folder

Or try try to end task with Ctrl-Alt-Del.....then delete the folder

You could delete the folder in safemode

Or you could post a HJT log and we'll stop it running that way...

steam

I have the same problem with wupdater.exe when im shutting down my pc. Any help will be much appreciated...

Logfile of HijackThis v1.97.7
Scan saved at 4:17:27 PM, on 1/9/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Virtual CD v4\System\vcdsecs.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\WINDOWS\System32\00THotkey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\System32\TPWRTRAY.EXE
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\PROGRA~1\VIRTUA~2\System\VCDPlay.exe
C:\Program Files\McAfee\QuickClean\PlgUni.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
C:\Program Files\Common files\updater\wupdater.exe
C:\Program Files\Common Files\CMEII\CMESys.exe
C:\WINDOWS\mtask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Common Files\GMT\GMT.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Virtual CD v4\System\VCDTray.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Program Files\McAfee\McAfee Internet Security\GUARDDOG.EXE
C:\Program Files\McAfee\McAfee Internet Security\guarddog.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yehey.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.kotse.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R3 - URLSearchHook: PerfectNavBHO Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_1_5_0.dll
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL
O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_1_5_0.dll
O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [Drag'n Drop CD] C:\Program Files\Drag'n Drop CD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe /Type 20
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Nokia\Nokia PC Suite 5\DataLayer\Application\DataLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [VCDPlayer] C:\PROGRA~1\VIRTUA~2\System\VCDPlay.exe
O4 - HKLM\..\Run: [Oil Change] C:\PROGRA~1\McAfee\OILCHA~1\OCTray32.exe Start
O4 - HKLM\..\Run: [Imonitor] "C:\Program Files\McAfee\QuickClean\PlgUni.exe" /START
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [Winmgr] C:\WINDOWS\mtask.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} - http://activex.microsoft.com/objects/ocget.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{43AA8B00-BA91-43C2-A990-EE460E67620D}: NameServer = 210.23.235.34 210.23.234.33

HI

Uninstall P2P Networking from add/remove programs in the control panel.

This is usualy installed with Kazaa....if you have had kazaa on your computer in the past, I suggest you run this program :-

After uninstalling kazaa...many files are left behind.
Download "kazaabegone"......the link to it is on this page :-

http://www.spywareinfo.com/~merijn/
------

If you don't want these ....include them in the list below :-

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yehey.com

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.kotse.com

Close all browser windows - run hijackthis and tick to fix :-

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about_:blank

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about_:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about_:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about_:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about_:blank
R3 - URLSearchHook: PerfectNavBHO Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL

O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O2 - BHO: NavErrRedir Class - {A045DC85-FC44-45be-8A50-E4F9C62C9A84} - C:\PROGRA~1\PERFEC~1\BHO\PERFEC~1.DLL

O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART

O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe

O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"

O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -

Reboot then find and delete these folders :-

C:\Program Files\Common files\updater\wupdater.exe
C:\WINDOWS\System32\P2P Networking\P2P Networking.exe
"C:\Program Files\Common Files\CMEII\CMESys.exe
C:\Program Files\Common Files\GMT\GMT.exe

steam

a lot of nastylooking things in that log but im really not fimular with spykiller logs .
check my signature and get ad-aware and spybot ,update them and then scan you computer and fix any thing they find ,download and run run Hijackthis ,and scan don't fix anything in hijackthis yet , save log file and post it back here .

I tried and failed to post the long log file form hijiackThis. Who can tell me how can I post the log file? Thanks!

Sam
a lot of nastylooking things in that log but im really not fimular with spykiller logs .
check my signature and get ad-aware and spybot ,update them and then scan you computer and fix any thing they find ,download and run run Hijackthis ,and scan don't fix anything in hijackthis yet , save log file and post it back here .

so do you have a comment with you Quote ??:)

I don't know why I can not post the log file here. Is there any restriction of the message size?

Sam

I am having problems with wupdater.exe. And understand how to delete, but before I do, I'd liketo know what it is used for? :-|

Thanks.

Hi

C:\Program Files\Common files\Updater\wupdater.exe <<< del Updater folder

But you will need to stop the exe file running first.....

You can remove the run key from the registry with regedit (backup the registry first)...then reboot....then delete the folder

Or try try to end task with Ctrl-Alt-Del.....then delete the folder

You could delete the folder in safemode

Or you could post a HJT log and we'll stop it running that way...

steam

I am having problems with wupdater.exe. And understand how to delete, but before I do, I'd like to know what it is used for?

Google it. There are plenty of references out there. That should always be your first step -- knowledge is power!

I am struggling with posting the log file. I wish I can do it today. thanks.

sam

Part 2:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.hotmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://qus7.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://srch-qus7.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://qus7.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://my.netzero.net/s/search?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext =
http://qus7.hpwis.com/
N3 - Netscape 7: user_pref("browser.search.defaultengine",
"engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src");
(C:\Documents and Settings\Owner\Application
Data\Mozilla\Profiles\default\c2wfmazq.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program
Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} -
C:\PROGRA~1\INCRED~1\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {644B0CAD-E523-4E29-928E-75A72091163F} -
C:\WINDOWS\System32\docptrop2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program
Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program
Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} -
C:\WINDOWS\System32\msdxm.ocx

This is part 1:

Logfile of HijackThis v1.97.7
Scan saved at 10:31:33 PM, on 2/2/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\msCMTSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTHELPER.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\myPrograms\SthVCD\SysExplr.EXE
C:\Program Files\Common files\updater\wupdater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ATI Multimedia\RemCtrl\ATIX10.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\LnuQDC65.exe
C:\WINDOWS\System32\HzwV.exe
C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe
c:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Owner\Desktop\hijackThis\HijackThis.exe

I don't know why I can not post the log file here. Is there any restriction of the message size? Sam

save the log in note pad ,open it in note pad and go to view /select all /back to view and click copy ,open this thread and past it into the Quick reply

Hi, is there any restriction on the size of the message? I tried many times and could not post my log file! Can the owner help me? Thanks!

Sam
so do you have a comment with you Quote ??:)

others have posted long logs in here so it must be something you are doing