Rootkit GOOGLEUPDATE.EXE is software that enables continued privileged access to a computer while actively hiding its presence.
Detection and removal of GOOGLEUPDATE.EXE may be a very difficult process.
You should use anti-rootkit software to fix the GOOGLEUPDATE.EXE problem.
Malware Analysis of GOOGLEUPDATE.EXE
Full path on a computer: C:\Users\test\AppData\Local\Google\Desktop\Install\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\???\???\???\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\GoogleUpdate.exe
Detected by UnHackMe:
GOOGLEUPDATE.EXE
Default location: C:\Users\test\AppData\Local\Google\Desktop\Install\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\???\???\???\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\GoogleUpdate.exe
Removal Results: Success
Number of reboot: 1
GOOGLEUPDATE.EXE is known as:
Rootkit.ZeroAccess, BackDoor.Maxplus.12842, Troj.ZAccess-OH, a variant of Win32.Kryptik.BGXH
GOOGLEUPDATE.EXE hash:
- MD5: 2912a9f7c73b7eec252792baa7344d1d
How to quickly detect GOOGLEUPDATE.EXE presence?
Registry:
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Google Update: “”C:\Users\test\AppData\Local\Google\Desktop\Install\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\???\???\???\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\GoogleUpdate.exe” >”
Folders:
- C:\Users\test\AppData\Local\Google
- C:\Users\test\AppData\Local\Google\Desktop
- C:\Users\test\AppData\Local\Google\Desktop\Install
- C:\Users\test\AppData\Local\Google\Desktop\Install\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}
- C:\Users\test\AppData\Local\Google\Desktop\Install\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\???
Files:
- C:\$Recycle.Bin\S-1-5-21-2985645770-1107016886-4249120236-1000\$IECE2D958
- C:\$Recycle.Bin\S-1-5-21-2985645770-1107016886-4249120236-1000\$RECE2D958
- C:\Users\test\AppData\Local\Google\Desktop\Install\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\???\???\???\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\GoogleUpdate.exe
- C:\Users\test\AppData\Local\Google\Desktop\Install\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\???\???\???\{e2b7ffc4-ebef-d2ee-173d-cb3acc78628d}\@