Login to Account Create an Account
Fixing wuauclt.exe malware problem.
Posted 04 January 2011 - 04:21 AM
It has Avast 5 on it, it's been fully scanned with that, latest Malware Bytes and Spybot S&D and Avira and AVG offline CDs. Comes up 100% clean on everything I've tried. Same story with yanking the power cord then booting with an offline scan CD, still 100% "clean". That usually works to kill critical parts of stealth malware, stopping it from launching and hiding so the rest can be cleaned after a normal boot.
I also tried booting with a CD and replacing the wuauclt.exe with a known good copy from another PC. Soon as I tried going to the Microsoft Update site it started the wuauclt.exe error popup again. Apparently the malware replaced the executable again but Windows' security functions aren't allowing the trojan to access the net.
System File Checker finds nothing wrong. The latest Windows Update Agent refuses to install because it's already installed. Is there a way to force it to reinstall?
Stopping the automatic updates service from a command prompt stops the error popup. Restarting the service gets the popup going again. Looks like this malware successfully masquerades as a valid service, until it tries to access the net.
I do not want to have to wipe and reinstall just to kill one stinking malware process.
Posted 04 January 2011 - 06:49 PM
Posted 09 February 2011 - 11:03 AM
Posted 10 February 2011 - 03:26 AM
Posted 20 February 2011 - 04:29 PM
Does this sound familiar?
And if I open Task Manager early, I can kill the malware process. The process name looked suspicious, had random characters.
Then System Restore worked and I was able to get it restored to a date in 2010.
Edited by RJARRRPCGP, 20 February 2011 - 04:29 PM.
Posted 22 February 2011 - 09:30 AM
Does this sound familiar?
Yes, wrapper worms are very old. Lucky you got past it. I first encountered one when I worked in college. It was possible to remove the virus but then nothing worked anymore!
Posted 22 February 2011 - 10:07 AM
Edited by Glenn9999, 22 February 2011 - 10:08 AM.
Posted 22 February 2011 - 11:26 PM
This is in reference to the Windows Update Automatic Update client. I would think it might help (in not reinstalling) to download the Windows Update Agent appropriate to what you are working with and run it with /WUFORCE - this would replace the files.
Yeah, I tried that but as soon as I went online the malware replaced wuauclt.exe and the error message popped up again.
Is there some sort of watchdog app that can be set to guard a file and report what process tries to run/replace/alter the file?
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users