Fixing wuauclt.exe malware problem. What malware is hiding so dang well?
Posted 04 January 2011 - 04:21 AM
It has Avast 5 on it, it's been fully scanned with that, latest Malware Bytes and Spybot S&D and Avira and AVG offline CDs. Comes up 100% clean on everything I've tried. Same story with yanking the power cord then booting with an offline scan CD, still 100% "clean". That usually works to kill critical parts of stealth malware, stopping it from launching and hiding so the rest can be cleaned after a normal boot.
I also tried booting with a CD and replacing the wuauclt.exe with a known good copy from another PC. Soon as I tried going to the Microsoft Update site it started the wuauclt.exe error popup again. Apparently the malware replaced the executable again but Windows' security functions aren't allowing the trojan to access the net.
System File Checker finds nothing wrong. The latest Windows Update Agent refuses to install because it's already installed. Is there a way to force it to reinstall?
Stopping the automatic updates service from a command prompt stops the error popup. Restarting the service gets the popup going again. Looks like this malware successfully masquerades as a valid service, until it tries to access the net.
I do not want to have to wipe and reinstall just to kill one stinking malware process.
Posted 10 February 2011 - 03:26 AM
Posted 20 February 2011 - 04:29 PM
Does this sound familiar?
And if I open Task Manager early, I can kill the malware process. The process name looked suspicious, had random characters.
Then System Restore worked and I was able to get it restored to a date in 2010.
This post has been edited by RJARRRPCGP: 20 February 2011 - 04:29 PM
Posted 22 February 2011 - 09:30 AM
Posted 22 February 2011 - 10:07 AM
This post has been edited by Glenn9999: 22 February 2011 - 10:08 AM
Posted 22 February 2011 - 11:26 PM
Yeah, I tried that but as soon as I went online the malware replaced wuauclt.exe and the error message popped up again.
Is there some sort of watchdog app that can be set to guard a file and report what process tries to run/replace/alter the file?
- ← Firefox redirection and new tab popups adware sites
- Malware Prevention and Security
- How to close Windows 7 listening ports (TCP 49xxx)? →