|
Winpup
Overview
Winpup, also known as Comms and TROJ_WINPUP.B, open pop up windows.
Winpup is bundled with
Free History Cleaner.
Winpup renames itself each time the process is started, making it both
hard to find and remove.
Winpup seems to rename itself looking at one
the file names in %SystemDir%, moving the first character to the end
of the new file name. For example, there is a legitimate file called logon.exe in
%SystemDir%, then Winpup may rename itself as ogonl.exe.
Note: %SystemDir% is a variable (?). By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Classification
Adware
Variants
WinPup
WinPup.WinPup32
Files
pup.exe, telnat.exe, comms.exe, ogonl.exe, erflib_Perfdata_1c4P.exe, idimapm.exe, sign32i.exe, _874c.exe, fffilto.exe, axdrvf.exe, svpcntsr.exe, iprt400o.exe, ppmgmta.exe, jl11i.exe, insw.exe, p2ress.exe, tl3d32c.exe, NWISEU.exe, etshn.exe, snppagnp.exe, vicap32a.exe, _1252c.exe, ceclis.exe, dsmsexta.exe, inw.exe, skquouid.exe, skquotad.exe, erberosk.exe, ERNEL32K.exe, uaucltw.exe, sbmonu.exe, RLMONU.exe, rlu.exe, ingp.exe, etn.exe, arrhookn.exe, BTSTATN.exe, xpande.exe, axqueuef.exe, AXSVCF.exe, ingerf.exe, GI32G.exe, etc
If you have any of the files related to Winpup on your system,
please send them
for additional analysis. Generally, I have only analysed a
few versions for each software component listed at this web site. With your help I
will be able to look at both old and more recent versions of the Winpup software.
Thank you very much for your time!
Log references
Log 285
Vendor
Unknown
Privacy policy
No privacy policy available
Detection
Bazooka Adware and Spyware Scanner detects Winpup.
Bazooka is freeware and detects spyware, adware, foistware, trojan horses, viruses, worms and
other potentially unwanted applications.
Read more »
Uninstall Winpup with FreeFixer
I'm working on a general purpose tool for removing unwanted software.
The tool is called FreeFixer
and can help you remove unwanted Browser Helper Objects, Internet Explorer toolbars
and software that starts automatically when you reboot your computer, so it can offer some
assistance while uninstalling Winpup. The manual removal instructions
listed below will help you to identify what to delete with
FreeFixer.
Read more about FreeFixer.
Manual removal
Please follow the instructions below if you would like to remove Winpup manually. Please
notice that you must follow the instructions very carefully and delete everything that is mentioned. In most
cases the removal will fail if one single item is not deleted. If Winpup remains on your system
after stepping through the removal instructions, please double-check by stepping through them again.
-
Start your computer in safe mode.
-
Start the registry editor. This is done by clicking Start then Run.
(The Run dialog will appear.) Type regedit and click OK. (The registry editor will open.)
- Browse to the key:
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run'
- In the right pane, delete the values that look like the letters has been shifted around a little, for example 'ogonl',
and where the file has same name, but with the .exe extension, 'ogonl.exe'. Remember the filenames (*).
- In the right pane, delete the 'pup' values, if it exists.
- Delete
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ comms', if it exists.
- Delete
'HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Explorer \ pup', if it exists.
- Exit the registry editor.
-
Start Windows Explorer and delete:
%SystemDir%\pup.exe, if it exists.
%WinDir%\pup.exe, if it exists.
%WinDir%\telnat.exe, if it exists. Note: %WinDir%\telnet.exe is a legitimate file, do not delete it.
Delete the files mention at (*)
Note: %WinDir% is a variable (?). By default, this is C:\Windows (Windows 95/98/Me/XP) or C:\WINNT (Windows NT/2000).
Note: %SystemDir% is a variable (?). By default, this is C:\Windows\System (Windows 95/98/Me), C:\WINNT\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP).
Problems uninstalling? Click here.
I'm looking for your help!
Thank you for using my site, I hope you find it useful. I'm looking
for help from all users, please read more.
Contact information for Winpup's vendor
In order to provide correct, accurate and updated information about Winpup
I encourage the vendor to contact me if any part of this write-up
needs a revision.
Related links |
|
Bazooka - Free scan for spyware, adware, trojan horses, keyloggers, etc. Detects more than 500 potentially unwanted applications. Freeware!
The File Database - Search the file database for more information. Free!
PopUp Blocker Test - Find out if your pop-up killer can handle all pop-ups. Free!
Kephyr Labs - Find out what is going on at Kephyr. Try products in an early stage of development.
|
|
|