Exterminate It! Antimalware

malpedia

Known threats:698,172 Last Update:April 28, 11:39

Testimonials

Matt,

Thanks so much for your help. For now, this seemed to have solved the problem and found all the infected files. I'll keep you updated, as I know this virus can be very hard to kill.

Thanks a million.

Jason

File: WinThruster_UPDATES

Location of WinThruster_UPDATES and Associated Malware

Check whether WinThruster_UPDATES is present in the following locations:

WinThruster_UPDATES file locations that are Windows version independent:

  • C:\Windows\System32\TASKS\WinThruster_UPDATES

If you find WinThruster_UPDATES file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The WinThruster_UPDATES file is associated with malware only if found in the locations listed above.

Notes:

Different Variations of WinThruster_UPDATES File^

File SizeFile Md5Last Seen
3112EB08D3DA000A12D837D2B0C7D6BE541AMay 10, 2016
301240C8287AF7D4577A094ACCB8FF1CC5F8May 13, 2016
3074154B977A6E74FA298C2EE02577ABC1A5May 18, 2016
3014FCC6991FDD5A00D2C5DF70307513FFC2May 23, 2016
3084554DFCE645317E39B8B6E85B7605A803May 24, 2016
30064FDE6EA29B8506482AFB790E39322162May 31, 2016
305886CDD54FF6AEF47070F4891DD6E72EBDJun 12, 2016
3018494B776C2C2054BAACEF3AE8B45CFD1DJun 29, 2016
299465DE7E25CD0F6124FF8909AC8177FF7FJul 15, 2016
3012F32B57A912ABBF54BBBB71346A2E2889Jul 15, 2016
31009025A7ED45198F230E6417090337F291Aug 2, 2016
3006243C45E15B8EBB70AD66291B9169FC2FAug 17, 2016
3018769135D328FB0086628AC6953897B266Sep 16, 2016
3108F89768AA8C0E961DA51423B8FFA39371Sep 18, 2016
29865CAE0DC033E2483EFFAA65BA11CBB007Sep 18, 2016
3028FC4DFB8A5F314C58D1A71A55C19C7B1DSep 25, 2016
2994E3394108F6796E273DAC0CC3BECE8BCDSep 28, 2016
3012DFA909DE0F8D99A6CBDF6B6CF3CD61B4Sep 29, 2016
30369E73BF3719812CE95DE3D4D5719226F5Mar 2, 2017
30603277E5B5F519C6E6E090F98442D5C558Mar 16, 2017
3030D77B2FBA927525FE4E1E9DC1CBE408B7May 2, 2017
3160AC6EA433B9BB5A253E8CD972314AFE3DMay 26, 2017

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove WinThruster_UPDATES^

  1. To enable deleting the WinThruster_UPDATES file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select WinThruster_UPDATES and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of WinThruster_UPDATES and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of WinThruster_UPDATES and Associated Malware.
  6. Notes:

    • The deletion of WinThruster_UPDATES will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of WinThruster_UPDATES will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a WinThruster_UPDATES malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type WinThruster_UPDATES. The name of the first found registry value referencing WinThruster_UPDATES is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to WinThruster_UPDATES, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of WinThruster_UPDATES and Associated Malware.