Remove BAIDUUPDATE.EXE malware
BAIDUUPDATE.EXE Malware Removal Guide
Manual removal instructions:
Antivirus Report of BAIDUUPDATE.EXE:
baiduupdate.exe
Full path on a computer: %LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUUPDATE.EXE
Autostart registry keys:
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES\{0586284E-5D9C-4D12-BD44-C98E5AAD63D0}: "V2.25|ACTION=ALLOW|ACTIVE=TRUE|DIR=IN|PROTOCOL=6|PROFILE=DOMAIN|APP=%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUUPDATE.EXE|NAME=??????|"
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES\{5E11B6A4-0944-4C7D-88B4-26C0E0C10618}: "V2.25|ACTION=ALLOW|ACTIVE=TRUE|DIR=IN|PROTOCOL=17|PROFILE=DOMAIN|APP=%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUUPDATE.EXE|NAME=??????|"
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES\{D2256920-B7DF-40CE-AD56-81942532119F}: "V2.25|ACTION=ALLOW|ACTIVE=TRUE|DIR=IN|PROTOCOL=6|PROFILE=PRIVATE|APP=%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUUPDATE.EXE|NAME=??????|"
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES\{B9BA0D4E-6C41-43F0-9A2C-730A0AE0B8DA}: "V2.25|ACTION=ALLOW|ACTIVE=TRUE|DIR=IN|PROTOCOL=17|PROFILE=PRIVATE|APP=%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUUPDATE.EXE|NAME=??????|"
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES\{85070BE1-6663-45B4-A860-69413DF7453F}: "V2.25|ACTION=ALLOW|ACTIVE=TRUE|DIR=IN|PROTOCOL=6|PROFILE=PUBLIC|APP=%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUUPDATE.EXE|NAME=??????|"
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES\{8812F8A2-CC07-41D1-A4BD-90D7C5E72B2B}: "V2.25|ACTION=ALLOW|ACTIVE=TRUE|DIR=IN|PROTOCOL=17|PROFILE=PUBLIC|APP=%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUUPDATE.EXE|NAME=??????|"
Related Files:
%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUCLIENTRENDER.EXE
%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUSERVICE.EXE
%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUUPDATE.EXE
%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BASE.DLL
%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BDB_SCHEME.DAT
The file BAIDUUPDATE.EXE is malware related.
You must delete the file BAIDUUPDATE.EXE immediately!
Delete the file BAIDUUPDATE.EXE without delay!
Kill the process BAIDUUPDATE.EXE and remove BAIDUUPDATE.EXE from the Windows startup.
BAIDUUPDATE.EXE is related to: Generic.7E6, BAIDUUPDATE.EXE.
Virustotal = 1/57
MD5 = 9704D2ABDA48DEBF5136FF076E0EAD48
File Size: 475128
File information:
OriginalFilename: BaiduUpdate.exe
FileDescription: ????????
InternalName: BaiduUpdate.exe
CompanyName: ????????(??)????
FileVersion: 2.5.0.1935
LegalCopyright: Copyright (C) 2016 Baidu Inc.
| BAIDUUPDATE.EXE | Malware |
| BAIDUUPDATE.EXE | Dangerous |
| BAIDUUPDATE.EXE | High Risk |
Autostart registry keys:
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES\{0586284E-5D9C-4D12-BD44-C98E5AAD63D0}: "V2.25|ACTION=ALLOW|ACTIVE=TRUE|DIR=IN|PROTOCOL=6|PROFILE=DOMAIN|APP=%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUUPDATE.EXE|NAME=??????|"
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES\{5E11B6A4-0944-4C7D-88B4-26C0E0C10618}: "V2.25|ACTION=ALLOW|ACTIVE=TRUE|DIR=IN|PROTOCOL=17|PROFILE=DOMAIN|APP=%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUUPDATE.EXE|NAME=??????|"
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES\{D2256920-B7DF-40CE-AD56-81942532119F}: "V2.25|ACTION=ALLOW|ACTIVE=TRUE|DIR=IN|PROTOCOL=6|PROFILE=PRIVATE|APP=%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUUPDATE.EXE|NAME=??????|"
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES\{B9BA0D4E-6C41-43F0-9A2C-730A0AE0B8DA}: "V2.25|ACTION=ALLOW|ACTIVE=TRUE|DIR=IN|PROTOCOL=17|PROFILE=PRIVATE|APP=%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUUPDATE.EXE|NAME=??????|"
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES\{85070BE1-6663-45B4-A860-69413DF7453F}: "V2.25|ACTION=ALLOW|ACTIVE=TRUE|DIR=IN|PROTOCOL=6|PROFILE=PUBLIC|APP=%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUUPDATE.EXE|NAME=??????|"
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES\{8812F8A2-CC07-41D1-A4BD-90D7C5E72B2B}: "V2.25|ACTION=ALLOW|ACTIVE=TRUE|DIR=IN|PROTOCOL=17|PROFILE=PUBLIC|APP=%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUUPDATE.EXE|NAME=??????|"
Related Files:
%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUCLIENTRENDER.EXE
%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUSERVICE.EXE
%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BAIDUUPDATE.EXE
%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BASE.DLL
%LOCAL APPDATA%\BAIDU\BAIDUCLIENT\2.5.0.1935\BDB_SCHEME.DAT
The file BAIDUUPDATE.EXE is malware related.
You must delete the file BAIDUUPDATE.EXE immediately!
Delete the file BAIDUUPDATE.EXE without delay!
Kill the process BAIDUUPDATE.EXE and remove BAIDUUPDATE.EXE from the Windows startup.
BAIDUUPDATE.EXE is related to: Generic.7E6, BAIDUUPDATE.EXE.
Virustotal = 1/57
MD5 = 9704D2ABDA48DEBF5136FF076E0EAD48
File Size: 475128
File information:
OriginalFilename: BaiduUpdate.exe
FileDescription: ????????
InternalName: BaiduUpdate.exe
CompanyName: ????????(??)????
FileVersion: 2.5.0.1935
LegalCopyright: Copyright (C) 2016 Baidu Inc.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.