Funny wuauclt.exe(s)downloading Trojan?

[BMG_TARANTELLA]

I suddenly found a program in Task Manager called wuauclt.exe, whic is supposed to
be a Windows Update program found in System 32.

Funny, I don't have auto updates enabled.

Also, after checking the Sys 32 folder I found 2 wuauclt.exe's The second one
is wuauclt1.exe.

This stuff is setting in my system tray downloading I dunno what.

Each time I try and end the processes, they start right back up again.

For security I have:

ZAP (Firewall and Mobile codes on Max protection)
Norton AV enabled fully
SpyGuard (immune on)
Spysweeper(immune on)
Spyware Blaster(immune on)
Ad-Aware SE (immune on)
Spybot S&D (Immune on)

Also, all the security settings in Win xP, I have all Activex controls, and all java
apps DISABLED.

Here is a shot from a High Jack this scan.

See anything?



The only software I installed recently was Giant Anti-Spyware, which has won
PC mag and Cnet awards. I disabled it, removed it, and delted it's reg key just
as a look see.

Still I have these updates downloading.

Help is aprecciated.

[Nickthenerd]

I'm not sure what it is but dont you think you might have trouble keeping up with all the running processes and strange executables because of all of the security software you have running?

I run ZoneAlarm, Adaware and Spybot Search and Destroy, along with Norton Antivirus and they do a very good job keeping my computer reasonably safe. I think you're a little on the overkill side.

With that much attention being payed to your security software I can assume that your a pretty security conscious individual. If you just stick with the necessities and follow basic security fundamentals I think it is highly unlikely you'll be compromised.

Ironically, software bloat can often cause bigger problems than spyware and trojans, besides, wouldn't you rather free up the system resources and improve your stability rather than turning your rig into fort knox?

Never underestimate the ability of Windows to break with even a reasonable software load. I've ruined my installation a thousand times and I know its only a matter of time before I do it again ^_^

[yamangman]

Im pretty sure that wuauclt1.exe is placed by service pack 2.

Make certain you have disabled Automatic Updates in the System Properties dialouge.

Run services.msc and disabled the task 'Automatic Updates' and 'Background Intelligent Transfer Service' and see if this alleviates the issue.

[DeludedGuy]

I also have this, dont think its a virus, but I was worried becuase it was on my tray for so long, and always said 0%, untill yesterday when it said it was completed.

The upgrade I got was SP2, dont think i will want to install that yet.

[rajagra]

I also have this, dont think its a virus, but I was worried becuase it was on my tray for so long, and always said 0%, untill yesterday when it said it was completed.

The upgrade I got was SP2, dont think i will want to install that yet.

Same here, although I thought (assumed?) the file in question was something like wuaudt. Ater doing a full backup the SP2 update was uneventful. Of course if I hadn't done the backup I just know it would have messed up.
EDIT> Ah, Windows Update Auto Update CLienT it is! http://www.sawtoothdistortion.com/Ar...auclt.exe.html

[BMG_TARANTELLA]

Thanks for the replies. I agree 100% with what everyone said here.
(Has to be a first for me....heh)

As far as Fort Knox goes, I only enable and disable the majority of the
spyware programs, SG...SWB..Spysweeper, when I know I'm going to be
surfing for awhile. When I'm offline, that means disconnected jack to the
cable modem for playing games, apps, or doing something like actual
work. I'm pretty astute at Performance and Protection, and what should
and shouldn't be on for maximum PC pleasure. (Christ I'm tired...first long
day on a new job...)

Also, I have a personal loathe for script kiddies who crayon all this
just stupidly malicious code, to basically make someone's day a bit
harder than we all already have it at times.

I plan on taking some more Comp. Sci courses pretty soon, and will be
targeting things like Trojan and Virus writers. I have a real passion for
screwing up some little internet punk's day. I live in the US, so seeking
the harshest road of recourse to these plastic and silicon "gangstas"
will be a joy.

Your point was well taken however...Nick.

Deluded was also correct in that I had multiple versions and downloads
sitting in the sys tray for about 30-45 minutes. Downloads I did not
(knowingly anyway) authorize or want.) It also tried to download
SP2 which I recently had to do a reformat for when the Final was first
released. I stopped that download by unplugging, safe mode, and
rechecked my updates choices.

Anyway, the long...and short of it, is it is not a virus or malware in
my case.

Thanks again for your courtesy and help you guys.

[BMG_TARANTELLA]

Antivirus companies are perplexed by a spate of recent viruses that contain messages in which the writers threaten to attack them.

Worm writers are threatening to attack antivirus companies F-Secure, Symantec, Trend Micro and McAfee.

In the latest version of MyDoom--MyDoom.AE--the authors embedded a message ridiculing rival worm Netsky and promising to attack the antivirus companies.

The message has left antivirus companies unsure of what to expect.

CASE IN POINT.

These little wannabe hacks, are basically stealing away millions of minutes, months,
years of people's lives by forcing them to waste time in a monotonous and fruitless
task of removing or protecting their own software.

This is unacceptable to any sane, rational, thinking, and honest person.

I would have no problem personally taking some of these "people's" lives away.

Only thing is, there is no known patch for the kind of disabling and destructive
subtraction I have in mind.

Well, unless the re-incarnation theory were indeed true.

I s4*t you not.

Rest of the article is here:

http://news.com.com/MyDoom+seeks+to+...j=news.7349.20

[Rave]

I was under the impression that a lot of these worms etc. are written by organised criminals like the Russian mafia? I wish you luck mate....

Rich :¬)