stretch

wuauclt.exe trojan

Recommended Posts

I installed your Emsisoft trojan finder to remove a trojan on my computer.

It did not find it with three runs.

I really need to remove the trojan.

The next step will be to do a re-install of the OS.

This trojan runs all the time and uses much memory.

The name is

wuauclt.exe

I has the same name as the Windows update searcher.

I think this is why the Emsisoft trojan finder will not recognize it.

Shutting down the Windows update does no good.

Removing wuauclt by searching the hard drive or the registry does no good.

It it buried somewhere I can not find it.

Neither can your trojan finder !!

Any help appreciated.

If Emsisoft make an update to remove wuauclt, please let me know

Share this post


Link to post
Share on other sites

Hi stretch, welcome to the forum

Please read and follow the instruction referred below

The name, which is a name of an important system file is not a reason for "not recognizing" the infection by EAM

In addition to the logs required please state what security is flagging the said file as a malware

=======

Read the following instructions

START HERE, if you don't we are just going to send you back to this thread <--click

Prepare and post (attach) the required log files into this thread

Wait for reply from ShadowPuterDude, Katana, or JeanInMontana

for assistance and further instructions.

=======

Translation Links for Forum Instructions

My regards

P.S. Posting just the file name or the alleged infection name does not provide any information

The location of the files / precise names of files and/or Registry Entries ; processes, etc. are required. The same applies to the detections names. All that info should be in the saved report produced by EAM. That will be one of the steps in the instruction

Share this post


Link to post
Share on other sites

There are no logs of malware found. That is the problem. The trojan wuauclt is not found. In fact, I have had to go to Windows Task Manager and "end process" the wuauclt twice to be able to type this message. This is the same name as for the Windows updater.

Share this post


Link to post
Share on other sites

Please follow the procedure as described above

and attach all required log files

That all will give necessary information to the malware fighter in order to lead you through the process and advise regarding the matter

My regards

p.s. The wuauclt.exe misbehaviour (especially if it resides in \system32\) may not be related to the infection, at the same time please provide the info about the "Trojan flagging" as you initially posted... if you can

Share this post


Link to post
Share on other sites

Please follow the procedure as described above

and attach all required log files

That all will give necessary information to the malware fighter in order to lead you through the process and advise regarding the matter

My regards

p.s. The wuauclt.exe misbehaviour (especially if it resides in \system32\) may not be related to the infection, at the same time please provide the info about the "Trojan flagging" as you initially posted... if you can

Share this post


Link to post
Share on other sites

Hi stretch,

What was the point posting several EAM reports (especially the old ones from August)?

Please follow the instruction and attach all required log files

Manually update EAM prior to attaching the latest report

My regards

Share this post


Link to post
Share on other sites

Dear Geek

I did send you all the log files I have in my documents Anti-Malware\reports.

All the files had updates prior to running the scan.

Emsisoft is still not finding the problem trojan wuauclt.exe

Thanks for you help in finding the solution to our wuauclt trojan problem

Stretch

Share this post


Link to post
Share on other sites

No, as it was pointed above you did not provide required log files

You've sent only several EAM reports

Please download / install/ run suggested Utilities as per instruction /produce and attach needed log files

In addition, if

Emsisoft is still not finding the problem trojan wuauclt.exe
please state which security does flag it "as a trojan".

If so - submit the file to the vendor that is flagging it in the 1st place.

Irrespectively - the point of attaching the requested log files, since you posted into this Forum is to provide necessary information about you system , so the malware fighter can investigate the matter and give advices

My regards

Share this post


Link to post
Share on other sites

Thanks for your prompt reply

I do not know of any log files other than the ones I have sent to you.

They are from my documents\anti-malware\reports

Let me know where to find on my computer the other files you need.

I just ran a "Quick" file per the instructions, but it is much the same as the prior ones.

Stretch

Share this post


Link to post
Share on other sites
...I do not know of any log files other than the ones I have sent to you...

Let me know where to find on my computer the other files you need...

Stretch,

Please be more attentive; read the instruction referred from word 1 until the very last word. That is important

Have you got to the point where it's written:

Download to your Desktop:
?

From that point do whatever is necessary in that specific order stated step-by-step

If any questions, and it you cannot for some reason perform the "next" step, just stop and ask

My regards

Share this post


Link to post
Share on other sites

Lynx

Thanks for your help

I downloaded WIN32KDIAG.exebyAD

Ran Emsisoft in Quick mode as said in the instruction

Did not see any lines

Nothing found in the log

So I ran again in Deep scan mode

Did not see any lines

Nothing found in the log

The WIN32Kdiag.exebyAD both time went to a black screen.

I could not get it to do anything

Here is what was on the screen:

Running from: C:\Documents and Settings\Olen S\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\Olen S\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Cannot access: C:\WINDOWS\temp\tmp00004b51\tmp00000000

[1] 2010-09-09 10:33:52 0 C:\WINDOWS\temp\tmp00004b51\tmp00000000 ()

Finished!

Share this post


Link to post
Share on other sites

As it was established earlier EAM does not see the file/process in question as a thread

So, according to the instruction most likely (if not for sure) you did not meet the conditions for running Win32kDiag

Do you have lines like

[908] \\?\globalroot\Device\__max++>\7DE87252.x86.dll detected: Gen.Trojan!IK
?

If not - you should not run the Tool

Once again - be more attentive , do not rush things

Run all needed Tools in stated order

Attach EAM report (after the latest update)even if it is clean

Attach HiJackFree and ISeeYouXP log files

That's for a start

And ...again... please answer the question: What Security is flagging the file in question as a Trojan?

My regards

Share this post


Link to post
Share on other sites

Thread Closed

Reason: UNRESOLVED - Posters inability or refusal to follow instructions and provide required logs.

PM either ShadowPuterDude or Lynx to have this thread reopened.

All posters requesting Malware Removal assistance are required to follow all procedures in the thread titled START HERE, if you don't we are just going to send you back to this thread

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.