bizzybody

Fixing wuauclt.exe malware problem.

9 posts in this topic

XP Pro SP3. Can't access Windows Update or Microsoft Update, apparently due to wuauclt.exe being replaced by some trojan or other malware.

It has Avast 5 on it, it's been fully scanned with that, latest Malware Bytes and Spybot S&D and Avira and AVG offline CDs. Comes up 100% clean on everything I've tried. Same story with yanking the power cord then booting with an offline scan CD, still 100% "clean". That usually works to kill critical parts of stealth malware, stopping it from launching and hiding so the rest can be cleaned after a normal boot.

I also tried booting with a CD and replacing the wuauclt.exe with a known good copy from another PC. Soon as I tried going to the Microsoft Update site it started the wuauclt.exe error popup again. Apparently the malware replaced the executable again but Windows' security functions aren't allowing the trojan to access the net.

System File Checker finds nothing wrong. The latest Windows Update Agent refuses to install because it's already installed. Is there a way to force it to reinstall?

Stopping the automatic updates service from a command prompt stops the error popup. Restarting the service gets the popup going again. Looks like this malware successfully masquerades as a valid service, until it tries to access the net.

I do not want to have to wipe and reinstall just to kill one stinking malware process.

0

Share this post


Link to post
Share on other sites

I would be interested to know what this pop-up says...

0

Share this post


Link to post
Share on other sites

Run a scan using the tools in my Anti-Malware Toolkit.

0

Share this post


Link to post
Share on other sites

I couldn't come up with any utility that could find where the malware replacing the wuauclt.exe file was hiding, so I wiped it and did a clean install. The box was only used for some older games so not a big deal but it is irritating that whichever a-hole created whatever the malware on it was is so bleeping good at causing trouble. :P

0

Share this post


Link to post
Share on other sites

I just encountered malware on my sister's laptop not long ago. It has Vista 64-bit. When I let it load, then I can't use new applications, because I get a pop-up saying that (filename) cannot be executed. (for every .exe file I try to run)

Does this sound familiar?

And if I open Task Manager early, I can kill the malware process. The process name looked suspicious, had random characters.

Then System Restore worked and I was able to get it restored to a date in 2010.

Edited by RJARRRPCGP
0

Share this post


Link to post
Share on other sites

Does this sound familiar?

Yes, wrapper worms are very old. Lucky you got past it. I first encountered one when I worked in college. It was possible to remove the virus but then nothing worked anymore!

0

Share this post


Link to post
Share on other sites

This is in reference to the Windows Update Automatic Update client. I would think it might help (in not reinstalling) to download the Windows Update Agent appropriate to what you are working with and run it with /WUFORCE - this would replace the files.

Yeah, I tried that but as soon as I went online the malware replaced wuauclt.exe and the error message popped up again.

Is there some sort of watchdog app that can be set to guard a file and report what process tries to run/replace/alter the file?

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.