Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

wuauclt.exe file is infected


  • This topic is locked This topic is locked

#1
norsecode

norsecode

    New Member

  • Member
  • Pip
  • 4 posts
My computer has been attacked by what I can only call the wuauclt.exe virus. Basically, any program I try to run is terminated and I get a pop up that says:
__Windows Security Alert: Application cannot be executed.
__The file wuauclt.exe is infected.
__Do you want to activate your antivirus software now?"

Sometimes I get a pop uo that says this instead:
__Security Warning
__Application cannot be executed. The file wuauclt.exe is infected.
__Do you want to activate your antivirus software now?
__[Yes] [No]
If I click "No," it just keeps popping up.

Additionally, IE keeps opening up to either www.viagra.com, www.adult.com, or www.[bleep].org.

Most websites I try to visit using IE will not load (including google). Instead I get a webpage that says:
__Internet Explorer Warning - visiting this web site may harm your computer!
__Most likely causes:
____*The website contains exploits that can launch a malicious code on your computer
____*Suspicious network activity detected
____*There might be an active spyware running on your computer.
__What you can try:
____*Purchase the secure Internet surfing (Recommended)
____*Check your computer for viruses and malware
____*More information
All three options would take me to softwaretoolstore.com/shop?abc=cGdpZD03JnI9NDkuNA==

Another pop-up says:
__Antivirus software alert!
__ATTENTION ! SPYWARE ALERT
__Vulnerabilities found.
__Your computer is infected by spyware - 34 serious threats have been found while scanning your
__files and registry. It is strongly recommended that you disinfect your computer and activate
__realtime secure protection against future intrusions.
__Why do you need realtime spyware protection? <link>
__Upgrade to full version of antivirus software to clean your computer and prevent new security
__and privacy attacks. You will be able to download daily updates and get online protection
__against Internet attacks.
__[Activate your antivirus software] [Stay unprotected]

FF seems to be working fine. Microsoft programs do not. FF seems to be the ONLY thing that works.

I've been reading threads on this site for hours and have not gotten anywhere because I can't run ANY of the program that I download. I WAS able to successfully install Malwarebytes' Anti-Malware, but I am not able to run it. I've tried every option outlined in the Malware Removal Tools Won't Run Tutorial, including 3 versions of exehelper, 5 versions of rkill, VIPRE Rescue Program, and SUPERAntiSpyware Portable Scanner. I can download these programs to the computer, but I can't run them. I can't run OTH, OTL, nor ComboFix.

I'm running a Gateway laptop computer with Windows 7. AMD Turion X2 processor.
So far, I've been able to restart the computer and get into the "normal" operation without a problem.
I can get into safe mode, but I really don't know what to do once there.

Please help, thanks.
Dawn
  • 0

Advertisements


#2
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hello norsecode, and welcome to GeeksToGo! My name is Mitch8 and I will be helping you with your problem. Here are a few things I would like to point out:
  • Please post your logs, don't attach them unless stated.
  • Please read my posts carefully and if you have any questions ask.
  • Stay with this topic until I tell you that your system is clean. Malware can still be on your system even if you don't notice it.

Lets try this first, if it fails go to Plan B.

Note: If using Firefox right-click on any download links and choose Save As

Please download OTH to your desktop
Please download OTL to your desktop
Please download the attached file Scan.txt to your desktop

Double click the OTH file to run it and click Kill All Processes, your desktop will go blank.

Posted Image

Then select Start OTL. OTL will now run

  • Double-click on the Custom Scans box and a message box will popup asking if you want to load a custom scan from a file
    Select Scan.txt that you downloaded
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Click the Internet Explorer button, post these logs in your Virus Removal topic.

Plan B

Download Rkill from here: there are several flavours to choose from, if one does not work then try the next
Once it is downloaded, double-click on rkill in order to automatically attempt to stop any processes associated with Rogue programs. Please be patient while the program looks for various malware programs and ends them. When it has finished, the black window will automatically close and you can continue with the next step. If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by the malware when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate the malware. So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of my instructions.

Do not reboot your computer after running rkill as the malware programs will start again.

Then run OTL as above (without OTH).
  • 0

#3
norsecode

norsecode

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Mitch8,

I keep trying to run the rkill programs and they just never start. The popup that says that the program is infected just keeps popping up, regardless of whether I click [NO] or not. At one point I locked my computer and when I tried to log in again, that pesky pop-up just kept popping up. It made it nearly impossible to log back in. I think I had to try punching my password in at lightning speed about 20 times before I did it fast enough to beat the pop-up coming up again. I just feel like the pop-up is perpetually coming up, whether I try to run a program or not.

Dawn
  • 0

#4
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Hi,

Do you have access to a clean computer and a blank cd?

If you do follow the steps below.

Please print these instruction out so that you know what you are doing

File details OTLPENet.exe
Bytes=126,850,486
MB=120.9
MD5=8A7C5BA1C92552ADDCC5E468D0AA069A

  • Download OTLPENet.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :D

  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#5
norsecode

norsecode

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I will pick up some blank CDs tomorrow and get back to you. Thanks!
  • 0

#6
norsecode

norsecode

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Grrr... I got home today to find my husband had taken my computer to a friend of his to fix. So, I guess I won't be needing your help anymore. Sorry to have troubled you. Thanks!

Dawn
  • 0

#7
mitch8

mitch8

    Trusted Helper

  • Malware Removal
  • 1,356 posts
Thanks for letting me know.

-Mitch8
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP