New User? Need help? Click here to register for free! Registering removes the advertisements.

Computer Cops
image image image image image image image image
Donations
If you found this site helpful, please donate to help keep it online
Don't want to use PayPal? Try our physical address
image
Prime Choice
· Head Lines
· Advisories (All)
· Dnld of the Week!
· CCSP News Ltrs
· Find a Cure!
· Ian T's (AR 23)
· Marcia's (CO8)
· Bill G's (CO11)
· Paul's (AR 5)
· Robin's (AR 2)
· Ian T's Archive
· Marcia's Archive
· Bill G's Archive
· Paul's Archive
· Robin's Archive
image
Security Central
· Home
· Wireless
· Bookmarks
· CLSID
· Columbia
· Community
· Downloads
· Encyclopedia
· Feedback (send)
· Forums
· Gallery
· Giveaways
· HijackThis
· Journal
· Members List
· My Downloads
· PremChat
· Premium
· Private Messages
· Proxomitron
· Quizz
· RegChat
· Reviews
· Google Search
· Sections
· Software
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top
· Topics
· Web Links
· Your Account
image
CCSP Toolkit
· Email Virus Scan
· UDP Port Scanner
· TCP Port Scanner
· Trojan TCP Scan
· Reveal Your IP
· Algorithms
· Whois
· nmap port scanner
· IPs Banned [?]
image
Survey
How much can you give to keep Computer Cops online?
$10 up to $25 per year?
$25 up to $50 per year?
$10 up to $25 per month?
$25 up to $50 per month?
More than $50 per year?
More than $50 per month?
One time only?
Other (please comment)



Results
Polls

Votes: 947
Comments: 19
image
Translate
English German French
Italian Portuguese Spanish
Chinese Greek Russian
image
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Login to check your private messagesLogin to check your private messages   LoginLogin 

wsup.exe

 
Post new topic   Reply to topic       Computer Cops Forum Index -> Virus - Prevention
View previous topic :: View next topic  
Author Message
mairie

Cadet
Cadet



Joined: Jun 01, 2004
Posts: 1
Location: USA
PostPosted: Tue Jun 01, 2004 11:10 pm    Post subject: wsup.exe
Reply with quote
I did a search on wsup.exe to see what it was. I may be mistaken, but it appears that it may be a virus of some sort. I tried to go to add/remove programs, and I did 'end process' however, everytime I do that, it goes away and comes right back. I downloaded 'hijackthis' and did a scan, the results are as follows:

Logfile of HijackThis v1.97.7
Scan saved at 11:01:13 PM, on 6/1/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\installer.exe
d:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
D:\Program Files\Common files\WinTools\WToolsS.exe
d:\PROGRA~1\mcafee.com\vso\mcshield.exe
D:\WINDOWS\Explorer.EXE
D:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
D:\PROGRA~1\mcafee.com\agent\mcagent.exe
D:\PROGRA~1\mcafee.com\vso\mcvsescn.exe
D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Common files\WinTools\WToolsA.exe
D:\Program Files\WinMX\WinMX.exe
D:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\WinZip\WZQKPICK.EXE
D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
D:\Program Files\Common files\WinTools\WSup.exe
D:\DOCUME~1\Mary\LOCALS~1\Temp\wupdt.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.iquicksearch.net/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.state.me.us
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.iquicksearch.net/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.state.me.us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://server224.smartbotpro.net/7search/?hklm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://D:\PROGRA~1\Toolbar\toolbar.dll/sa
R3 - Default URLSearchHook is missing
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O1 - Hosts: 12.129.205.209 search.netscape.com12.129.205.209 sitefinder.verisign.com
O2 - BHO: IE Agent - {00000000-0000-0000-0000-000000000221} - D:\Program Files\ClearSearch\CSIE.DLL
O2 - BHO: (no name) - {000020DD-C72E-4113-AF77-DD56626C6C42} - D:\WINDOWS\twaintec.dll
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - D:\Program Files\Kontiki\bin\bh304181.dll
O2 - BHO: (no name) - {3643ABC2-21BF-46B9-B230-F247DB0C6FD6} - D:\Program Files\E2G\IeBHOs.dll
O2 - BHO: (no name) - {4CEBBC6B-5CEE-4644-80CF-38980BAE93F6} - (no file)
O2 - BHO: (no name) - {6B12DABB-0B7C-44FA-B0B3-4BAFF3790256} - (no file)
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - D:\Program Files\Copernic Agent\CopernicAgentExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - d:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [VSOCheckTask] "d:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] d:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] d:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] D:\PROGRA~1\McAfee.com\Agent\mcupdate.exe
O4 - HKLM\..\Run: [dpcproxy] D:\WINDOWS\System32\dpcproxy.exe
O4 - HKLM\..\Run: [iexplore] D:\WINDOWS\System32\iexplore.exe
O4 - HKLM\..\Run: [MSN Manager] D:\WINDOWS\System32\mscmgr.exe
O4 - HKLM\..\Run: [MPFExe] D:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [WinTools] D:\Program Files\Common files\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [Win Server Updt] D:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [cnet] "D:\Program Files\Kontiki\bin\kontiki.exe" -s cnet -q
O4 - HKCU\..\Run: [WinMX] D:\Program Files\WinMX\WinMX.exe -m
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "D:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE"
O4 - HKCU\..\Run: [Desktop Calendar] D:\Documents and Settings\Mary\Desktop\desktop calendar\Desktop Calendar.exe
O4 - HKCU\..\Run: [SpySweeper] D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [TV Media] D:\Program Files\TV Media\Tvm.exe
O4 - Startup: Virtual Bouncer.lnk = D:\Program Files\VBouncer\VirtualBouncer.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Get It With Kontiki - res://D:\Program Files\Kontiki\bin\bh304181.dll/201
O8 - Extra context menu item: Search Using Copernic Agent - D:\Program Files\Copernic Agent\Web\SearchExt.htm
O8 - Extra context menu item: Web Savings - file://D:\Program Files\WebSavingsfromEbates\System\Temp\ebateswebsavings_script0.htm
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {10000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/dow...id=1797257
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} - http://www.2nd-thought.com/files/install.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc...tor/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://imgfarm.com/images/nocache/funwe....0.0.8.cab
O16 - DPF: {20000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/dow...yload2.cab
O16 - DPF: {30000273-8230-4DD4-BE4F-6889D1E74167} - http://download.abetterinternet.com/dow...8/thin.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mci...insctl.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150/26b690317d3f3d0ab4...xIE601.cab
O16 - DPF: {5C7F15E1-F31A-44FD-AA1A-2EC63AAFFD3A} (SpeedCtrl Class) - http://www.atelys.com/src/Speedup.ocx
O16 - DPF: {965E6B07-6832-4738-BDBE-25F226BA2AB0} (Adult Links) - http://www.mainentrypoint.com/linkzz/QaBar.cab
O16 - DPF: {A16E6189-A1DD-4696-9806-0324C145D794} (KeyActivex Control) - http://www.jraun.com/activex/src/KeyActivexTest.ocx
O16 - DPF: {B10031B2-F184-4803-9A88-D239C0641D70} (180SAInstaller Class) - http://ax.180solutions.com/Installer/180SAInstaller.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcg...cgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shoc...wflash.cab
O16 - DPF: {DB893839-10F0-4AF9-92FA-B23528F530AF} - http://deposito.hostance.net/dialer/1014061.exe
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab

My computer is not running well and I don't have a clue what to do about it. Sometimes, my cdrom pops open whenever it wants to. We disconnected my computer from the internet and it still popped open once, this indicated to us that it is something other than someone else messing around inside the computer. Can you help me and tell me how to get rid of wsup.exe? ANY help I can get would be appreciated. Thanks
Back to top
View users profile Send private message
Cyber-Cop

Corporal
Corporal



Joined: May 13, 2004
Posts: 50
Location: Canada
PostPosted: Wed Jun 02, 2004 9:24 pm    Post subject:
Reply with quote
Try Trendmicro House Call. This will scan your computer for viruses. If you are in fact infected, you will be alerted.

http://housecall.trendmicro.com/
Back to top
View users profile Send private message
mairie

Cadet
Cadet



Joined: Jun 01, 2004
Posts: 1
Location: USA
PostPosted: Thu Jun 03, 2004 12:26 am    Post subject: wsup.exe
Reply with quote
Ok, I did the trendmicro housecall, it found and deleted one program, but it was not the wsup.exe. If wsup.exe is SUPPOSED to be on my computer, is there anyone who knows what it is and what it does? And thank you, cybercop, for showing me where I could get an additional scan, every little bit helps Very Happy
Back to top
View users profile Send private message
virus_guy

Trooper
Trooper



Joined: Apr 16, 2004
Posts: 31
Location: Pakistan
PostPosted: Thu Jun 03, 2004 7:56 pm    Post subject:
Reply with quote
wsup.exe...this name sounds like some virus..because mostly viruses have names like that(wsup sounds like "whats up".)Also..i searched for the file wsup.exe in my Windows 98 but didn't find any results...if you're running windows 98 then prolly this file isn't supposed to be there unless some program in your computer uses it.If you're not running win 98 then may be someone else using the same OS as you are will be able to search for this file to know if its supposed to be there or not.Also..what folder is that file in?
If you get sure that this file isn't used by any of your good programs..then try this:
Click on Start.
Click on Run.
Type Msconfig and click on the OK button.
Click on the Start Up tab or start up programs tab.
Uncheck the entry that represents wsup.exe
Restart your computer
Delete the file wsup.exe from the folder where its located.
Search for wsup.exe in your computer and delete any matches that are found.
_________________
Website=coming soon.
Back to top
View users profile Send private message MSN Messenger
Lost-in-Space

Cadet
Cadet



Joined: Jun 10, 2004
Posts: 3
Location: UK
PostPosted: Sat Jun 12, 2004 7:24 am    Post subject:
Reply with quote
The file is related to Wintools...
http://www.kephyr.com/spywarescanner/li...ndex.phtml
Back to top
View users profile Send private message
plainjane

Cadet
Cadet



Joined: Jun 15, 2004
Posts: 2
Location: Canada
PostPosted: Tue Jun 15, 2004 10:47 pm    Post subject: deleted wintools
Reply with quote
i just used spybot - stopped wintools-related processes from running at startup, then restarted + let spybot run at startup, then used secure shredder + got rid of wintools file
Back to top
View users profile Send private message
Display posts from previous:   
Post new topic   Reply to topic       Computer Cops Forum Index -> Virus - Prevention All times are GMT - 5 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB 2.0.8a © 2001 phpBB Group

Version 2.0.6 of PHP-Nuke Port by Tom Nitzschner © 2002 www.toms-home.com
Version 2.2 by Paul Laudanski © 2003-2004 Computer Cops
Home · Topics · Submit News · Top 10
This entire site, Cops Themes, and Computer Cops are © 2002 - 2004 Computer Cops, LLC. All rights reserved.
You can syndicate our news using the file RSS 0.91, ultramode.txt, or RSS 1.0.
Acceptable Use Policy. Use signifies your agreement.
Engine Copyright © 2002 by PHP-Nuke, GNU/GPL Licensed. ICRA Member.
Paul Laudanski, Member of Computer Cops, LLC
Server Load: 558 pages served in previous 5 minutes. Page Rendered: 0.360 seconds.