SPUNINST.EXE malware --- a Christmas present

The friendliest place on the web for anyone with an RV or an interest in RVing!
If you have answers, please help by responding to the unanswered posts.
See posts with no answers
carson

carson

Well-known member
Joined
Sep 1, 2006
Posts
4,919
Location
Florida, USA
Probably a good poser for Ned....

  A few facts: I run XP SP3 on a Dell computer. No problems for the last 4 years.
                    I run my CCcleaner about once a week. This includes a registry clean procedure.

On Dec 11, I updated the normal IE security updates (manual-not automatic). I noticed there was one update labelled with a Windows 8 and XP label. In the past I have always rejected those entries (with 8) but this time I let it upload.
  On today's  CCCleaner run I noticed it took an extraordinary long time to finish. After the normal first clean I went to the registry step. It showed 4 entries with  SPUNINST.EXE entries. I cleaned them out.

  I don't know if there is any connection.

 

  ok, what next ?  Searched the Net for info. Quite a bit available but I did not follow any instruction on how to get rid of it. I hope CCC did the job.

  Any comments?  I did notice that after my actions I noticed a definite speed increase in computer processing.  ( I am on cable Modem - 45 down--5 up) desktop. Using Firefox 99% of the time.

  Merry Christmas all...

Carson


  1 thing I forgot to mention.... I deleted the last IE update and then checked the Update procedure again. The only thing asking to be updated was the 8/XP entry. I refused (cancelled) it and am back to normal, I hope.





 
 
carson said:
Probably a good poser for Ned....

  A few facts: I run XP SP3 on a Dell computer. No problems for the last 4 years.
                    I run my CCcleaner about once a week. This includes a registry clean procedure.

On Dec 11, I updated the normal IE security updates. I noticed there was one update labelled with a Windows 8 and XP label. In the past I have always rejected those entries (with 8) but this time I let it upload.
  On today's  CCCleaner run I noticed it took an extraordinary long time to finish. After the normal first clean I went to the registry step. It showed 4 entries with  SPUNINST.EXE entries. I cleaned them out.

  I don't know if there is any connection.
Click to expand...
Very doubtful
carson said:
  ok, what next ?  Searched the Net for info. Quite a bit available but I did not follow any instruction on how to get rid of it. I hope CCC did the job.

  Any comments?  I did notice that after my actions I noticed a definite speed increase in computer processing.  ( I am on cable Modem - 45 down--5 up) desktop. Using Firefox 99% of the time.
Click to expand...
Install microsoft security essentials, malware bytes anti-malware and dump cccleaner. 
Be careful where you go and what you do.
Make sure to keep your OS up to date.
Use a script blocker in firefox (I use noscript) and do NOT EVER run java/javascript on sites that you are not 100% sure are safe.

There are a lot more security measures that can be taken, however most people lack the ambition or knowledge to follow through on them.  The above suggestions should help, but if there was an easy 'fix' for this then 'bad stuff' wouldn't happen on the net anymore.  The fact is that for most people the hassle of the occasional problem is less than the hassle of maintaining a secure network and system.
 
SPUNINST.EXE files are the service pack uninstallers.  Not needed if you are never going to uninstall any of the service packs.  They are harmless and now that you've removed the corresponding registry entries, the uninstall options won't appear in the Add/Remove Programs screen.  As for Windows Updates, I recommend installing all Critical and Important updates and look over the optional updates and decide on each one.  If an update applies to an application or driver that you're not having any problems with, then it can be skipped.

I'm not clear on just what you want to remove?  Nothing you have described is a problem.

This has nothing to do with malware, anti-virus software, or browsers.  We've had plenty of prior discussions on those topics.
 
Interesting to note the following:

No insistances of that on my computer per process explorer

One web site I visited said the program is essential do not delete

Another said you should get rid of it, it is not essential and is a high risk program.

Isn't Windows Wonderful
 
The problem is that there are malware programs masquerading as spuninst.exe, they name them that because they are a normal part of most windows installations.  I've seen backdoors and ransomware using spuninst.exe. The trick is properly identifying them.  Right click the file and go into the properties, if it's legit it should have a signatures tab and the signatures should be valid.  Not that that's a sure thing, but it's usually good enough.

You should never need to uninstall a service pack, if you find you need to do that I'd recommend a fresh installation.
 
Ned said:
SPUNINST.EXE files are the service pack uninstallers.  Not needed if you are never going to uninstall any of the service packs.  They are harmless and now that you've removed the corresponding registry entries, the uninstall options won't appear in the Add/Remove Programs screen.  As for Windows Updates, I recommend installing all Critical and Important updates and look over the optional updates and decide on each one.  If an update applies to an application or driver that you're not having any problems with, then it can be skipped.

I'm not clear on just what you want to remove?  Nothing you have described is a problem.

This has nothing to do with malware, anti-virus software, or browsers.  We've had plenty of prior discussions on those topics.
Click to expand...

  Thanks for the info, Ned. You took the confusion out of the riddle. When I first read spuninst. My little brain read it as spun-inst. Raised a little flag...What is that ?

  The google search answers sure were confusing. Anyway, I got rid of the problem and am back to normal now. Computer sailing like speed demon. I wasn't trying to get rid of anything else except this enigma.

  Thanks also to Braindead and JFK for your inputs.

 
eliallen said:
Why dump ccleaner?
Click to expand...
I've seen ccleaner (and similar applications) break a lot of things.  It's fairly rare, however it happens enough that I recommend against it.

If you care to dig deeper, this wikipedia page has more details on the issues of registry cleaning in general: https://en.wikipedia.org/wiki/Registry_cleaner
 
Nothing is 100%. Even paid and free antivirus programs  have been known to identify good files as bad.  Referenced article is right on about "registry cleaning in general" .
 
I've run ccleaner for years and have never had it cause one problem.  I do configure it to not delete some important files, like cookies and browser history, but always let it fix all registry problems.  I can't say the same for all other registry cleaners as I don't use them.  I recommend to my friends to run it monthly to clean out the temporary files that accumulate and can cause Windows to slow down.
 
I guess I am the odd person here because I always run a backup prior to installing updates, patches, or running any registry cleaners or utilities that might create a problem.  I use Symantec System recovery so I can recover the entire computer if necessary with minimal hassle, and a full recovery typically take about an hour...  I have some buddies that use Acronis and they report similar success.

As far as Ccleaner, I have seen very few problems over the years (unlike many other third party registry cleaners).  I also recommend keeping Windows updated with all patches and updates with the primary exceptions being drivers for specific hardware.

For example, I use Intel network adapters (so they can be managed) and I do not allow an MS driver updates for them, or for any video adapters, or specific sound adapters, that may be in use.

There are commands in Win7/Vista, and XP that can be used to remove old service pack installation files manually, as well as remove temporary files.

I always backup up before doing anything that may put my system at risk, as well as have a nightly automated backup performed to my NAS and that image sent offsite to my private cloud server.
 
You must log in or register to reply here.

Latest posts

Members online

Total: 1,045 (members: 15, guests: 1,030)

Forum statistics

Threads
133,146
Posts
1,406,359
Members
138,730
Latest member
FmStars
Back
Top Bottom