Does anyone know where this virus comes from? I have had a spate of call outs with it, and removing it was always quite easy until yesterday when my detector failed to find one file, and removal was nigh on impossible. I always seem to find it on PCs used by teenagers, and if I knew where it came from, I'd be able to stop it.
Characteristics - This is not a virus or trojan. It is an application that generates extra pop-up ads while using Internet Explorer. This kind of application generally comes bundled with another program, which usually discloses the fact that it is ad-supported. The main executable of the application is likely to be using the filename SYSUPD.EXE or WINDOWSUPD.EXE. Once installed a Registry key is typically used to hook system startup. One of the following is likely to be present: * HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Run "SysUpd" = (path/filename to adware) * HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion \Run "WindowsUpd" = (path/filename to adware) Users who would like to check for the presence of potentially unwanted programs on their system should run the command line scanner with the /PROGRAM switch.