Results 1 to 8 of 8

Thread: Funny wuauclt.exe(s)downloading Trojan?

  1. #1
    Registered User
    Join Date
    Oct 2004
    Location
    USA
    Posts
    12
    Thanks
    0
    Thanked
    0 times in 0 posts

    Funny wuauclt.exe(s)downloading Trojan?

    I suddenly found a program in Task Manager called wuauclt.exe, whic is supposed to
    be a Windows Update program found in System 32.

    Funny, I don't have auto updates enabled.

    Also, after checking the Sys 32 folder I found 2 wuauclt.exe's The second one
    is wuauclt1.exe.

    This stuff is setting in my system tray downloading I dunno what.

    Each time I try and end the processes, they start right back up again.

    For security I have:

    ZAP (Firewall and Mobile codes on Max protection)
    Norton AV enabled fully
    SpyGuard (immune on)
    Spysweeper(immune on)
    Spyware Blaster(immune on)
    Ad-Aware SE (immune on)
    Spybot S&D (Immune on)

    Also, all the security settings in Win xP, I have all Activex controls, and all java
    apps DISABLED.

    Here is a shot from a High Jack this scan.

    See anything?



    The only software I installed recently was Giant Anti-Spyware, which has won
    PC mag and Cnet awards. I disabled it, removed it, and delted it's reg key just
    as a look see.

    Still I have these updates downloading.

    Help is aprecciated.

  2. #2
    Registered User
    Join Date
    Dec 2003
    Location
    Fort Walton Beach
    Posts
    8
    Thanks
    0
    Thanked
    0 times in 0 posts
    I'm not sure what it is but dont you think you might have trouble keeping up with all the running processes and strange executables because of all of the security software you have running?

    I run ZoneAlarm, Adaware and Spybot Search and Destroy, along with Norton Antivirus and they do a very good job keeping my computer reasonably safe. I think you're a little on the overkill side.

    With that much attention being payed to your security software I can assume that your a pretty security conscious individual. If you just stick with the necessities and follow basic security fundamentals I think it is highly unlikely you'll be compromised.

    Ironically, software bloat can often cause bigger problems than spyware and trojans, besides, wouldn't you rather free up the system resources and improve your stability rather than turning your rig into fort knox?

    Never underestimate the ability of Windows to break with even a reasonable software load. I've ruined my installation a thousand times and I know its only a matter of time before I do it again ^_^

  3. #3
    Large Member
    Join Date
    Apr 2004
    Posts
    3,720
    Thanks
    47
    Thanked
    99 times in 64 posts
    Im pretty sure that wuauclt1.exe is placed by service pack 2.

    Make certain you have disabled Automatic Updates in the System Properties dialouge.

    Run services.msc and disabled the task 'Automatic Updates' and 'Background Intelligent Transfer Service' and see if this alleviates the issue.
    To err is human. To really foul things up ... you need a computer.

  4. #4
    Raging Bull DeludedGuy's Avatar
    Join Date
    Dec 2003
    Location
    London
    Posts
    2,594
    Thanks
    112
    Thanked
    76 times in 55 posts
    • DeludedGuy's system
      • Motherboard:
      • Gigabyte H87M-HD3
      • CPU:
      • Core i5 4440
      • Memory:
      • 8GB DDR3 1800mhz
      • Storage:
      • 250GB Samsung 840 SSD
      • Graphics card(s):
      • Gigabyte R9 270 OC 2GB
      • PSU:
      • BeQuiet Pure Power L8 600w
      • Case:
      • Silverstone TJ08-E
      • Operating System:
      • Windows 7
      • Monitor(s):
      • 24" Dell U2414H
      • Internet:
      • 75Mb BT Infinity
    I also have this, dont think its a virus, but I was worried becuase it was on my tray for so long, and always said 0%, untill yesterday when it said it was completed.

    The upgrade I got was SP2, dont think i will want to install that yet.

  5. #5
    Prize winning member. rajagra's Avatar
    Join Date
    Oct 2004
    Posts
    1,023
    Thanks
    0
    Thanked
    0 times in 0 posts
    Quote Originally Posted by DeludedGuy
    I also have this, dont think its a virus, but I was worried becuase it was on my tray for so long, and always said 0%, untill yesterday when it said it was completed.

    The upgrade I got was SP2, dont think i will want to install that yet.
    Same here, although I thought (assumed?) the file in question was something like wuaudt. Ater doing a full backup the SP2 update was uneventful. Of course if I hadn't done the backup I just know it would have messed up.
    EDIT> Ah, Windows Update Auto Update CLienT it is! http://www.sawtoothdistortion.com/Ar...auclt.exe.html
    Last edited by rajagra; 19-10-2004 at 05:55 PM.
    DFI LanParty UT NF4 SLI-D; AMD64 3500+ Winchester ;
    2x XFX 6600GT ; Corsair XMS3200XLPRO TWINX 1GB;
    Dell 2405FPW TFT.

  6. #6
    Registered User
    Join Date
    Oct 2004
    Location
    USA
    Posts
    12
    Thanks
    0
    Thanked
    0 times in 0 posts
    Thanks for the replies. I agree 100% with what everyone said here.
    (Has to be a first for me....heh)

    As far as Fort Knox goes, I only enable and disable the majority of the
    spyware programs, SG...SWB..Spysweeper, when I know I'm going to be
    surfing for awhile. When I'm offline, that means disconnected jack to the
    cable modem for playing games, apps, or doing something like actual
    work. I'm pretty astute at Performance and Protection, and what should
    and shouldn't be on for maximum PC pleasure. (Christ I'm tired...first long
    day on a new job...)

    Also, I have a personal loathe for script kiddies who crayon all this
    just stupidly malicious code, to basically make someone's day a bit
    harder than we all already have it at times.

    I plan on taking some more Comp. Sci courses pretty soon, and will be
    targeting things like Trojan and Virus writers. I have a real passion for
    screwing up some little internet punk's day. I live in the US, so seeking
    the harshest road of recourse to these plastic and silicon "gangstas"
    will be a joy.

    Your point was well taken however...Nick.

    Deluded was also correct in that I had multiple versions and downloads
    sitting in the sys tray for about 30-45 minutes. Downloads I did not
    (knowingly anyway) authorize or want.) It also tried to download
    SP2 which I recently had to do a reformat for when the Final was first
    released. I stopped that download by unplugging, safe mode, and
    rechecked my updates choices.

    Anyway, the long...and short of it, is it is not a virus or malware in
    my case.

    Thanks again for your courtesy and help you guys.


  7. #7
    Registered User
    Join Date
    Oct 2004
    Location
    USA
    Posts
    12
    Thanks
    0
    Thanked
    0 times in 0 posts
    Antivirus companies are perplexed by a spate of recent viruses that contain messages in which the writers threaten to attack them.

    Worm writers are threatening to attack antivirus companies F-Secure, Symantec, Trend Micro and McAfee.

    In the latest version of MyDoom--MyDoom.AE--the authors embedded a message ridiculing rival worm Netsky and promising to attack the antivirus companies.

    The message has left antivirus companies unsure of what to expect.
    CASE IN POINT.

    These little wannabe hacks, are basically stealing away millions of minutes, months,
    years of people's lives by forcing them to waste time in a monotonous and fruitless
    task of removing or protecting their own software.


    This is unacceptable to any sane, rational, thinking, and honest person.

    I would have no problem personally taking some of these "people's" lives away.

    Only thing is, there is no known patch for the kind of disabling and destructive
    subtraction I have in mind.

    Well, unless the re-incarnation theory were indeed true.

    I s4*t you not.

    Rest of the article is here:

    http://news.com.com/MyDoom+seeks+to+...j=news.7349.20

  8. #8
    Now with added sobriety Rave's Avatar
    Join Date
    Jul 2003
    Location
    SE London
    Posts
    9,948
    Thanks
    501
    Thanked
    399 times in 255 posts
    I was under the impression that a lot of these worms etc. are written by organised criminals like the Russian mafia? I wish you luck mate....

    Rich :¬)

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Demonize-T Trojan
    By Barry in forum Networking and Broadband
    Replies: 2
    Last Post: 12-06-2004, 12:02 AM
  2. Chris Moyles - funny or annoying?
    By Paul Adams in forum General Discussion
    Replies: 32
    Last Post: 25-05-2004, 03:40 PM
  3. Replies: 9
    Last Post: 10-05-2004, 12:04 PM
  4. A Trojan Horse I Just Can't Get Rid of...
    By pickers in forum Software
    Replies: 3
    Last Post: 12-04-2004, 12:21 PM
  5. Found this funny
    By Angus in forum Networking and Broadband
    Replies: 0
    Last Post: 03-12-2003, 08:28 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •