Exterminate It! Antimalware

malpedia

Known threats:661,734 Last Update:November 22, 21:37

Testimonials

Hello, I wanted to say thanks for the time you guys spent on getting that Vundo trojan off my computer.

Thanks again, I am highly recommending your software to friends and partners because of the extra effort I know you went to.

Michael M.

File: RunAtStartup

Location of RunAtStartup and Associated Malware

Check whether RunAtStartup is present in the following locations:

RunAtStartup file locations that are Windows version independent:

  • C:\Windows\System32\Tasks\RunAtStartup

If you find RunAtStartup file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The RunAtStartup file is associated with malware only if found in the locations listed above.

Notes:

Different Variations of RunAtStartup File^

File SizeFile Md5Last Seen
3010ADDFB5A511D5121AA02DC72B4A6F2FF2Dec 18, 2016
3000C9136E5CD190B6A04364A6B6C0B2B37DDec 27, 2016
3108FE36532D42FA2F2D57D60614A514C838Jan 2, 2017
3010816C56D8E4B7B0B17FCCA4124ACD3F93Jan 14, 2017
30065D3375FC1FBDE997E1E5DE06C084C8EBJan 25, 2017
3002DBB8B1706DD7D97975CF34F6BA5C3BFCJan 30, 2017
3002DDC1CFD69E60423341072DD9E85C08A1Jan 30, 2017
3004B2404EBC19E3D4A863165FE347021BA8Feb 1, 2017
3018B5994AD713B23D079981C98B2039A554Feb 2, 2017
3004FA2A6A104C9B0B6457C2A608CE2332E4Feb 5, 2017
3000B8BB4C6113B336811F79083B529D97C4Feb 6, 2017
3026400138E0078A00EB25CCD55E9BA3C79FFeb 12, 2017
300288D7EF2A6A77ACD2B231E1C605B1A68CFeb 12, 2017
3006883EBF9309FFA88414653D6757467EFEFeb 17, 2017
300833ED451B7A2E8017325559A76AC59B56Feb 19, 2017
3004C34AC9B89340F5C7D8E85FE209513084Feb 22, 2017
3002AFCF12887CAFE939C93A5545E6CF4763Feb 24, 2017
30049004C2B3C727DAA23B669DEFD9531E6BMar 3, 2017
30260F5CE4FD94EAB338B103E870D616231CMar 6, 2017
30089B65126C9E73D46024C258775F9DD856Mar 14, 2017
30183838719E814774E798307C2349CF1AB4Mar 17, 2017
30103921B033E6C1895B213F09FC65E0A57BMar 25, 2017
3008532C4FD4B5C74E239156374D4D60BE4EMar 27, 2017
300640317128A99A90DD2E1057A655D01DB3Mar 28, 2017
3004C1F37D2A75818688BC078849544E0431Mar 30, 2017
3000CD3678AB7122226E23392FA3BB1214EDApr 1, 2017
3010B9EFAD4AEF601ACD8943887C5CD77E9BApr 2, 2017
30046DCF198587784AC10922739E9D1E21EAApr 3, 2017
3002070B01688EBB297F3B3C3EA80B081CBCApr 11, 2017
30041DCF90500B428E91336DE6E807B5326CApr 12, 2017
30047327960A700292EA60C342AA19F2251CApr 18, 2017
30205ADC53A136E6F3A9968A0F4705C299DCApr 25, 2017
3018FD13C78B10C6E3B5A2B92A7A98B2D475Apr 27, 2017
3002EC56C8BD875F319A208F77B0B5588AE4May 2, 2017
30060BCE1B40593CBA3D0BD306DE5B31E0E6May 16, 2017
30025B7A7DBDB1A7F8C22C637C8710B4BAF2May 19, 2017
3014CEF6EE8A47A5086CFA9BC861BD85A6FDMay 30, 2017
31223B3B72BE449D2142C2452AA5BE0CFEF0Jun 7, 2017
3008989040F312E1B290F65DBCBF810D0321Jun 11, 2017
29986E60E53BF4C5D2A59EFA7F9D81E26B71Jun 12, 2017
30103DE425FD4FC7CB672BBB06F1F8D7F5E4Jun 15, 2017
300604D25F50CF0892AAA451FE40E3BEA0B8Jun 15, 2017
3022CF9E4D14BD073F509ADDCE2F3A54AD4CJun 19, 2017

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove RunAtStartup^

  1. To enable deleting the RunAtStartup file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select RunAtStartup and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of RunAtStartup and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of RunAtStartup and Associated Malware.
  6. Notes:

    • The deletion of RunAtStartup will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of RunAtStartup will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a RunAtStartup malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type RunAtStartup. The name of the first found registry value referencing RunAtStartup is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to RunAtStartup, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of RunAtStartup and Associated Malware.